Which OPSWAT Client should I use?

OPSWAT Client offers 2 flavors: persistent agent and on-demand agent. (The phrase 'on-demand' may be used interchangeably with 'portable' or 'dissolvable').

The persistent OPSWAT Client is designed to remain running on the users' device after installation and starts along with the system.

By comparison, the on-demand client is only run when needed. If exited, or if the device is restarted, the client will not automatically start.

Typical uses for the portable agent are:

  • Bundling with a NAC or SSL-VPN host checker for on-demand compliance checks

  • A device where software installation is not allowed

  • BYOD access, like a guest, contractor, student or employee's personal laptop

Permissions concerns

There are two versions of the on-demand OPSWAT Client for Windows devices. One requires UAC, the other does not. Running the non-UAC client without admin rights will have a degraded experience. Namely the malware deep scanning option will be limited and some application detection will be less accurate. For example, BitLocker disk encryption state cannot be checked from a portable non-admin instance.

Additional notes:

There are technical differences to take into consideration when deciding which agent to use. Below is a table highlighting the primary differences between the various OPSWAT Client that are available:

OPSWAT Client Comparison (Windows, macOS, Linux)

Features

Windows

Macintosh

Linux

Persistent

On Demand

Persistent

On Demand

Linux V3

(14.4.x.y)

Linux V4

(15.4.x.y)

Vulnerabilities Check

Yes

Yes

Yes

Yes

No

Yes

Compliance Check

Yes

Limited1

Yes2

Yes2

Yes

Yes

Application Removal

Yes

Roadmap

 

Roadmap

No

No

Active Malware Detection

Yes

Yes

Yes

Yes

Yes

No

Custom Check

Yes

Yes

Yes

Yes

No

No

Installation

Required

No

Required

No

Yes

Yes

Package Format

MSI

EXE

DMG

ZIP

RPM

DEB

RPM

DEB

Integrations

 

 

 

 

 

 

- COM (C++/C#/VBScript)

Yes

No

No

No

No

No

- Registry or .plist

Yes

Yes

Yes

Yes

No

No

- Cookie

Yes

Yes

No

No

No

No

- Client certificate

Yes

Yes

Yes

Yes

No

No

- Cross-domain API

Yes

Yes

Yes

No

No

Yes

User Interface

 

 

 

 

 

 

- Command Line

No

Yes

No

Yes

No

Yes

- Tray Icon

Yes

Yes

Yes

Yes

No

No

Automatic Updates

Yes

No

Yes

No

Yes

Yes

Application Context

System

User

System

User

System

System

Default Behavior

Persistent

Semi-Persistent3

Persistent

Semi-Persistent3

Persistent

Persistent

Run-Once Option

No

Yes

No

Yes

No

No

OPSWAT Mobile App (iOS and Android)

Features

iOS

Android

Screen lock and passcode

Yes

Yes

Device is rooted or jailbroken

Yes

Yes

Internal storage encryption state

Yes

Yes

Operating System detection

Yes

Yes

Threat Detection

  • Installed applications

  • Connected connections

No

Yes

1 OPSWAT On-demand Client couldn't perform some compliance check due to permission when the agent runs on a device. See Permission Concern above

2 OPSWAT Client has no longer supported

  • detect lock screen timeout on macOS 10.13+

  • detect hard disk free space on macOS 10.14+

3 By default, once executed, it will keep running until closed

This article was last updated on 2019-08-06.
TT