Which OPSWAT Client should I use?
OPSWAT Client offers 2 flavors: persistent agent and on-demand agent. (The phrase 'on-demand' may be used interchangeably with 'portable' or 'dissolvable').
The persistent OPSWAT Client is designed to remain running on the users' device after installation and starts along with the system.
By comparison, the on-demand client is only run when needed. If exited, or if the device is restarted, the client will not automatically start.
Typical uses for the portable agent are:
-
Bundling with an secure access control solution, such as VMWare UAG, NAC or SSL-VPN host checker for on-demand compliance checks
-
A device where software installation is not allowed
-
BYOD access, like a guest, contractor, student or employee's personal laptop
Permissions concerns
There are two versions of the on-demand OPSWAT Client for Windows devices. One requires UAC, the other does not. Running the non-UAC client without admin rights will have a degraded experience. Namely the malware deep scanning option will be limited and some application detection will be less accurate. For example, BitLocker disk encryption state cannot be checked from a portable non-admin instance.
Below is a table highlighting what features OPSWAT Client supports on each platform.
Windows, macOS, and Linux
Features |
Windows |
Macintosh2 |
Linux v4 |
||
Persistent |
On-demand1 |
Persistent |
On-demand |
Persistent |
|
Vulnerability and Patch Management |
|
|
|
|
|
Device Compliance |
|
|
|
|
|
Advanced Endpoint Protection |
|
|
|
|
|
- Advanced Malware Detection3 |
|
|
|
|
|
- Anti-keylogger |
|
|
|
|
|
- Screen Capture Protection |
|
|
|
|
|
- Removable Media Protection |
|
|
|
|
|
Secure Access |
|
|
|
|
|
- Via SDP Gateway |
|
|
|
|
|
- Via SAML IdP |
|
|
|
|
|
AppRemoval |
|
|
|
|
|
Installation |
Required |
|
Required |
|
Required |
Package Format |
MSI |
EXE |
DMG PKG |
ZIP |
RPM DEB |
Integrations: allow 3rd party to read device compliance status or device ID |
|||||
- Registry or .plist |
|
|
|
|
|
- Cookie |
|
|
|
|
|
- Client certificate |
|
|
|
|
|
- Cross-domain API |
|
|
|
|
|
User Interface |
|||||
- Command Line4 |
|
|
|
|
|
- Tray Icon |
|
|
|
|
|
- On-demand re-check compliance status |
|
|
|
|
|
- Detailed custom guideline to remediate issues |
|
|
|
|
|
Automatic Update |
|
|
|
|
|
Application Context |
System |
User |
System |
User |
System |
Default Behavior |
Persistent |
Semi-Persistent |
Persistent |
Semi-Persistent |
Persistent |
Remote Fetch Log |
|
|
|
|
|
|
|
|
|
|
|
Custom UI5 |
|
|
|
|
|
Features |
Windows |
Macintosh |
Linux v4 |
||
Persistent |
On-demand1 |
Persistent |
On-demand |
Persistent |
|
Vulnerabilities And Exposures |
|
|
|
|
|
Patch Management |
|
|
|
|
|
Features |
Windows |
Macintosh2 |
Linux v4 |
||
Persistent |
On-demand1 |
Persistent |
On-demand |
Persistent |
|
Anti-Malware |
|
|
|
|
|
Encryption |
|
|
|
|
|
User Authentication |
|
|
|
|
|
Antiphishing |
|
|
|
|
|
Backup |
|
|
|
|
|
Firewall |
|
|
|
|
|
Hard Drive |
|
|
|
|
|
Operating System |
|
|
|
|
|
Custom Check |
|
|
|
|
|
OPSWAT Client can detect unwanted applications and remove/stop applications without user intervention – including password-protected or corrupted / incomplete installations.
Features |
Windows |
|
Persistent |
On-demand1 |
|
Cloud Storage |
|
|
Developer Tool |
|
|
Media Player |
|
|
Uninstaller |
|
|
Toolbar |
|
|
Chat/IM |
|
|
Cleaner / Optimizer |
|
|
VPN Client |
|
|
Remote Control |
|
|
Unclassified PUA |
|
|
Android and iOS
Features |
iOS |
Android |
Screen lock and passcode |
|
|
Device is rooted or jailbroken |
|
|
Internal storage encryption state |
|
|
Operating System detection |
|
|
Threat Detection
|
|
|
1 OPSWAT On-demand Client couldn't perform some compliance check due to permission when the agent runs on a device. See 147125085 above
2 OPSWAT Client has no longer supported the below checks for macOS. With that said, if an admin enables those checks on a policy, those checks will be failed on devices.
-
detect lock screen timeout on macOS 10.13+
-
detect hard disk free space on macOS 10.14+
3 If OPSWAT Client runs without admin right, it couldn't scan processes which runs with admin/system right and files which protected by admin permission.
4 OPSWAT Client supports some CLI to allow admins customize how they want to run the client or perform on-demand action
-
By default, once the on-demand client runs, it will keep running until closed. However, it can be customized with command line options. Learn More.
-
OPSWAT persistent Client offers a utility tool to allow administrators to scan files/folders with a MetaDefender server. Learn More.
5 OPSWAT Client can be customized the trayicon and text on the client UI (tray icon menu, notifications,..). This feature is only available for enterprise customers. Please contact OPSWAT Support to receive a rebranding package and steps to enable this feature. We are planning to add ability to allow administrators to enable this feature on the MetaAccess/OPSWAT Central Management v7+ console soon.
This article was last updated on 2021-03-24.
TT