Which MetaDefender Endpoint should I use?

This article applies to all MetaDefender Endpoint releases deployed on Windows, macOS, Linux, iOS and Android systems.

The MetaDefender Endpoint is available in two unique flavors:

The Persistent MetaDefender Endpoint:
- Designed to run perpetually, following installation on the user’s device.
- Starts running whenever the user’s system is booted up and stops only when the user shuts down.
The On-Demand MetaDefender Endpoint:
- Designed to run only when needed.
- Must be switched on after the system boots up and switches off as soon as the Client is exited or the user shuts down/restarts the system.

Typical uses for the On-Demand MetaDefender Endpoint include:

Bundling with a secure access control solution, such as VMWare UAG, NAC or SSL-VPN Host Checker for on-demand compliance checks.
On demand compliance and security checks on devices on which software installation is prohibited.
Bring your own device (BYOD) access, such as on a guest, contractor, student or employee’s personal laptop, tablet, or mobile phone.

There are two versions of the On-Demand MetaDefender Endpoint available for Windows devices. When selecting the appropriate option, there are certain permissions concerns to keep in mind, namely:

One version requires user account control (UAC), while the other does not.
Running the non-UAC client without admin rights as, such as in the BYOD use case above, will offer a slightly degraded experience.
The malware deep scanning option will be limited.
Some applications detections will be less accurate, and BitLocker disk encryption state cannot be checked for the non-admin On-Demand Client.

In selecting the right flavor and version of the MetaDefender Endpoint for your enterprise needs, and for use through your range of managed devices, please make the most of the following feature guide, which compares the On-Demand and Persistent MetaDefender Endpoint across all platforms.

Windows, macOS, Linux

Features	Windows		macOS		Linux
Features	Persistent	On-Demand	Persistent	On-Demand	Persistent
Vulnerability and Patch Management	✅	✅	✅	✅	✅
Device Compliance	✅	✅	✅	✅	✅
Advanced Endpoint Protection
Advanced Malware Detection (3)	✅	✅	✅
Anti-Key Logger	✅
Screen Capture Protection	✅
Removable Media Protection	✅
Secure Access
Via SDP Gateway	✅		✅		✅
Via SAML IdP	✅	✅	✅	✅	✅
AppRemoval	✅
Installation	Required		Required		Required
Package Format	MSI	EXE	DMG PKG	ZIP	RPM DEB
Integrations: allow 3rd party to read device compliance status or device ID
Registry or .plist	✅	✅	✅	✅
Cookie	✅	✅	✅	✅
Client Certificate	✅	✅	✅	✅
Cross-domain API	✅	✅	✅	✅	✅
User Interface
Main UI	✅
Command Line (4)	✅	✅		✅	✅
Tray Icon	✅	✅	✅	✅	✅
On-Demand re-check compliance status	✅	✅	✅	✅
Detailed custom guide to remediate issues	✅	✅	✅	✅	✅
Automatic Update	✅		✅		✅
Application Context	System	User	System	User	System
Remote Fetch Log	✅		✅
On-Demand Actions	✅	✅	✅		✅
Custom UI (5)	✅	✅	✅	✅

Vulnerability and Patch Management

Features	Windows		Macintosh		Linux v4
Features	Persistent	On-Demand (1)	Persistent	On-Demand	Persistent
Vulnerabilities And Exposures	✅	✅	✅	✅	✅
Patch Management	✅	✅	✅	✅

Device Compliance

Features	Windows		Macintosh		Linux
Features	Persistent	On-Demand (1)	Persistent	On-Demand	Persistent
Anti-Malware	✅	✅	✅	✅	✅
Encryption	✅	✅	✅	✅	✅
User Authentication	✅	✅	✅	✅	✅
Antiphishing	✅	✅	✅	✅
Backup	✅	✅	✅	✅
Firewall	✅	✅	✅	✅	✅
Hard Drive	✅	✅
Operating System	✅	✅	✅	✅
Custom Check	✅	✅	✅	✅

AppRemoval

MetaDefender Endpoint can detect unwanted applications and remove/stop applications without user intervention – including password-protected or corrupted/incomplete installations. Currently, we also support many categories such as: Peer-to-Peer, Data Loss Prevention and many categories under Deep compliance.

Features	Windows Persistent	Windows On-Demand (1)
Cloud Storage	✅	✅
Developer Tool	✅	✅
Media Player	✅	✅
Uninstaller	✅	✅
Toolbar	✅	✅
Chat/IM	✅	✅
Cleaner / Optimizer	✅	✅
VPN Client	✅	✅
Remote Control	✅	✅
Unclassified PUA	✅	✅

(1) The Windows On-Demand MetaDefender Endpoint cannot perform certain compliance checks due to admin-permission requirements when the Client is running.

(2) The MetaDefender Endpoint is no longer supports these checks on macOS. If an administrator enables these checks in a Security Policy, the checks will fail on the following OS versions:

Detect lock screen timeout on macOS 10.13+
Detect hard disk free space on macOS 10.14+

(3) If the MetaDefender Endpoint runs without admin rights, it cannot scan processes that run only with admin/system rights, or files that are protected by admin permission.

(4) MetaDefender Endpoint supports some CLI (command line interface) input, to allow administrators to customize how the Client runs or performs on-demand actions:

By default, once the On-Demand MetaDefender Endpoint is running, it will keep running until it is closed or the system is restarted. However, this can be customized via command line options. For more information, Read This.
The Persistent MetaDefender Endpoint offers a utility too that allows users to scan folders/files with a MetaDefender server. To learn more, Read This.

(5) The MetaDefender Endpoint offers the option for a customized tray icon and text on the client UI (including the tray-icon menu, notifications, and more):

This feature is only available for Enterprise customers.
To receive a user interface rebranding package, and for the steps necessary to enable this feature, please contact OPSWAT Support, and Read This.

Mobile

Features	iOS	Android	Chrome OS
Screen lock and passcode	✅	✅
Device is rooted or jailbroken		✅	✅
Internal storage encryption state	✅	✅	✅
Operating System detection	✅	✅	✅
Threat Detection (Installed Apps)		✅

For further queries or concerns regarding the MetaDefender Endpoint and Its Suitability for Your Enterprise, please open a Support Case with the OPSWAT team via phone, online chat or form, or feel free to ask the community on our OPSWAT Expert Forum.

Last updated on

Was this page helpful?