This content is retired but we have related up-to-date content below.
Trial lock

This Research is for Members Only

Not a member? Unlock a free sample of our research now!

Already a member?

Sign in now

Three vendor solutions achieved top spots in the evaluation of Endpoint Anti-Malware products, but competitors offer compelling alternatives, especially where business requirements and/or existing IT security solutions dictate a different priority on specific product features.

Use this research to:

  • Understand current capabilities of Endpoint Anti-Malware vendors and evaluate offerings for best fit.
  • Use scenario analysis and case studies to shortlist vendors.
  • Assess implementation recommendations and pitfalls.

Focus first on business requirements so that current and future Endpoint Anti-Malware objectives can be achieved through the vendor and product chosen – whether the objective is complying with regulatory standards or further securing sensitive data, particularly mobile data and offline devices.

Related Content

Hide Details

Search Code: 28050
Published: October 5, 2010
Last Revised: September 18, 2012


  • Missing comment
    Tom Walker | 08-19-2011

    would have been nice to hear more about the vendor capabilities/strategy in mobile devices/tablets/etc and platforms. I see only one reference to this under total defense.

    • 9eb6a2810126f534ebf65557616f34d1 comment
      Info-Tech Research Group | 08-19-2011

      Thanks for your comment. Mobile device protection was not given particular consideration in this report since we are still seeing very little in the way of active in-the-wild threats being leveraged at mobile devices, despite media reports that indicate that growth rates are exponential. The key thing to remember with those significant growth rates is that they are starting from very low numbers – if one threat exists in month A and 4 threats exist in month B there has been a 400% growth in threats, but the actual threat landscape itself is still very small. Google’s Android (widely regarded as the most at risk platform) has a low chance of infection (1-5% depending on country) and only a few hundred pieces of malware are known to exist. Contrast this with Windows endpoints, where infection rates are as high as 70% in some parts of the world, and new (not just total) malware counts can be in the millions per month, and I think it becomes obvious why the focus of our report is desktop and laptop devices.

      That being said, ensuring that mobile devices are protected is good practice and the following are the platforms protected by the reviewed vendors. You’ll note that in general coverage is available for lesser deployed platforms, and for older OS versions:

      • ESET--WinMo 5.0-6.5; Symbian S60 (Nokia only)

      • Kaspersky--Android 1.5-2.3, BlackBerry 4.5-5.0, WinMo 5.0-6.5, Symbian S60 (Nokia only)

      • McAfee--WinMo 5.0-6.0

      • Sophos--None

      • Symantec--WinMo 5.0-6.1, Symbian S60

      • Total Defense--None

      • Trend Micro--WinMo 5.0-6.0, Symbian S60

  • Missing comment
    Jan Borkowski | 08-19-2011

    I am surprised with that your research team has recommended CA’s Total Defense R12 so highly. Our company has been a customer of CA for many years. With its latest release, we were eager to implement Total Defense due to the myriad of functionality it proposes to have. However, to put it mildly, our endeavor turned into a total disaster. After working with CA engineers for over a month, almost none of their modules worked correctly. Their interface, while flashy, is anything but intuitive as it, in basic terms, does not function properly with none of its data refreshing correctly. Endpoint discovery simply does not work. Endpoint installation is troublesome, whereby it is unable to uninstall prior system versions and register itself properly. The products licensing services are highly unreliable. Exchange integration is erratic, whereby installation of the product results in constant system instability. In a word the product is buggy at best.

    The only positive word I can say about CA’s new product is with regard to their support and sales team—despite the overwhelming sense of frustration they showed with their own product—they attempted to make it work—albeit without success in the end—for several weeks. From our experience it is blatantly apparent that CA’s product currently is useless and incredible unstable. Even CA’s own support staff was very apologetic at how terrible their product is, indicated that ultimately the company had limited control over the stability of the product since its development had been outsourced. Eventually their staff recommend holding off on the implementation of the product until a future, more stable release. I also learned from CA’s staff that the company had tried to pull out of their agreement with the development company they outsourced with due to the products poorly written coding; however they were unable to do so and were simply waiting it out. From other companies I have corresponded with which had also attempted to implement the new system results seems to be quite consistent.

    • 9eb6a2810126f534ebf65557616f34d1 comment
      Info-Tech Research Group | 08-23-2011

      We appreciate your concerns, but your experience is not one we have shared (first or second hand). This is the first time we’ve included the CA product in our review, and we included it at the urging of a number of clients who liked the product and wanted to see it included. We went through a pretty thorough demonstration of the product and found the admin console to be excellent – it was clean, attractive, intuitive, and functional (though I acknowledge that demo systems can be “cooked” to a certain degree to appear better than they do in real-life – of course the same can be said for every vendor reviewed).

  • Missing comment
    Bart O'Connor | 09-25-2012

    Kaspersky AV rated at the top and Checkpoint rated at the bottom, but Checkpoint uses Kaspersky as it's AV; curious as to why that is?

    • Missing comment
      Bart O'Connor | 09-25-2012

      Or more accurately, can you explain the disparity between the two ratings when they both use "the same AV engine"?

  • Missing comment
    Darrell Bateman | 09-25-2012

    I've seen several similar comparisons of Endpoint protection. The problem I see is that the basis for evaluation seems to be largely the completeness of the product, rather than efficacy against malware. I have found Microsoft Forefront/Security Essentials to be very effective and efficient for Windows machines. However, comparisons like yours give Microsoft low ratings because it does not have many irrelevant features. Microsoft lets its partners handle these other features. It would be helpful if you could actually evaluate Anti-Malware independent of other features such as Firewall, Encryption, NAC, etc.

    • 9eb6a2810126f534ebf65557616f34d1 comment
      Info-Tech Research Group | 09-27-2012

      Thank you for your comment. As noted in response to another comment on this same solution set, though the relative effectiveness of core scanning capabilities is an important aspect of any anti-malware solution, such analyses are available from a variety of free sources. With that in mind, Info-Tech’s evaluation of the product space has focused on additional advanced features that address broader requirements as expressed by our diverse client base. That said, your request for a greater focus on the core aspects of anti-malware solutions will be considered thoroughly during our regular agenda planning activities.


1 Download

Endpoint Anti-Malware VL Storyboard-Sample
Get Instant Access
To unlock the full content, please fill out our simple form and receive instant access.