Network Performance Test. Business Security Software. Language: English August Last Revision: 11 th October

Similar documents
Anti-Virus Comparative

Single Product Review - Bitdefender Security for Virtualized Environments - November 2012

How To Test For Performance On A 64 Bit Computer (64 Bit)

Anti-Virus Comparative

1. Server Microsoft FEP Instalation

Firewall Test. Firewall protection in public networks. Commissioned by CHIP. Language: English. Last Revision: 11 th April 2014

Anti-Virus Comparative

Symantec Endpoint Protection 11.0 Architecture, Sizing, and Performance Recommendations

System Requirements and Server Configuration

Small Business Endpoint Protection Performance Benchmarks

AV-Comparatives. Support-Test (UK) Test of English-Language Telephone Support Services for Windows Consumer Security Software 2016

Oracle Applications Release 10.7 NCA Network Performance for the Enterprise. An Oracle White Paper January 1998

Endpoint Security Solutions Comparative Analysis Report

Symantec Protection for SharePoint Servers Getting Started Guide

Endpoint Protection Performance Benchmarks

Anti-Virus Comparative - Performance Test (AV Products) May 2014

By the Citrix Publications Department. Citrix Systems, Inc.

Performance Optimization Guide

Symantec Endpoint Protection Integration Component 7.5 Release Notes

Table of Contents. FleetSoft Installation Guide

System Requirements Table of contents

Goliath Performance Monitor Prerequisites v11.6

Minimum Hardware Configurations for EMC Documentum Archive Services for SAP Practical Sizing Guide

Virtual Desktops Security Test Report

The Evolved Office APPLICATION PLATFORM REQUIREMENTS. Release: 16.0

OBSERVEIT DEPLOYMENT SIZING GUIDE

Symantec Database Security and Audit 3100 Series Appliance. Getting Started Guide

CORPORATE AV / EPP COMPARATIVE ANALYSIS

Symantec Endpoint Protection 11.0 Securing Virtual Environments Best Practices White Paper. Updated 7/20/2010

Endpoint Security Solutions (Physical & VDI Environment) Comparative Testing Analysis

QuickStart Guide vcenter Server Heartbeat 5.5 Update 2

Step-by-Step Guide to Setup Instant Messaging (IM) Workspace Datasheet

Synergis Software 18 South 5 TH Street, Suite 100 Quakertown, PA , version

Performance test November 2014 / 1 INTRODUCTION... 1 TESTED PROGRAM VERSIONS..2 WHAT AND HOW WE TESTED. 3 OTHER PRINCIPLES...

Windows Imaging and Deployment Software Comparison

Network device management solution

Fast and Effective Endpoint Security for Business

System Requirements and Platform Support Guide

Dragon Medical Enterprise Network Edition Technical Note: Requirements for DMENE Networks with virtual servers

McAfee Enterprise Mobility Management Performance and Scalability Guide

ELECTRONIC QUALITY MANAGEMENT SOFTWARE

Molecular Devices High Content Data Management Solution Database Schema

VMWare Workstation 11 Installation MICROSOFT WINDOWS SERVER 2008 R2 STANDARD ENTERPRISE ED.

REDCENTRIC INFRASTRUCTURE AS A SERVICE SERVICE DEFINITION

Use QNAP NAS for Backup

Using Data Domain Storage with Symantec Enterprise Vault 8. White Paper. Michael McLaughlin Data Domain Technical Marketing

VMware vcloud Automation Center 6.0

11.1. Performance Monitoring

HP Client Automation Standard Fast Track guide

NETWRIX EVENT LOG MANAGER

Security Industry Market Share Analysis

Table 1. Requirements for Domain Controller. You will need a Microsoft Active Directory domain. Microsoft SQL Server. SQL Server Reporting Services

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

ESAP Release Notes. SDK Version: Mac and Windows (V2 Unified + V3).

Printer Maestro. True Enterprise Print Management for Windows WHITE PAPER

formerly Help Desk Authority Upgrade Guide

ARIS Education Package Process Design & Analysis Installation Guide. Version 7.2. Installation Guide

Impact+OCR 1.1 Readme

Pearl Echo Installation Checklist

W H I T E P A P E R : T E C H N I C A L. Understanding and Configuring Symantec Endpoint Protection Group Update Providers

SuperGIS Server 3 High Availability Test Report

What s New in Ghost Solution Suite 3.0

ManageEngine EventLog Analyzer. Best Practices Document

Virtual Appliance Setup Guide

SC-T35/SC-T45/SC-T46/SC-T47 ViewSonic Device Manager User Guide

simplify monitoring Environment Prerequisites for Installation Simplify Monitoring 11.4 (v11.4) Document Date: January

Installation Guide For Exchange Reporter Plus

Automation Engine 14. Troubleshooting

ESAP Release Notes. Version Published

Quest vworkspace Virtual Desktop Extensions for Linux

Transcription:

Network Performance Test Business Security Software Language: English August 2016 Last Revision: 11 th October 2016 Test commissioned by the vendor - 1 -

Introduction This report, commissioned by ESET, considers six major business anti-virus solutions with regard to resource management. In total, four individual tests were carried out. The first two tests measure the amount of network traffic caused by the products. Test One was a long-term test conducted without any user interaction, while Test Two was a shorter-term test with simulated user operations. Test Three considers the size of the client-side virus definitions. The last test, Test Four, looks at the machine load (CPU, RAM) during a single update of the client. Tested Products The test included the following security products: ESET Endpoint Security 6.4 Kaspersky Endpoint Security 10.2 McAfee Endpoint Security 10.2 Sophos Endpoint Security and Control 10.6 Symantec Endpoint Protection 12.1 Trend Micro OfficeScan 11.0 Commissioned by ESET - 2 -

Machine Setup A total of seven server-client test systems were set up for the test: one for each product, plus an additional server-client system with no antivirus installed as a control. For each server-client test system, we use one Windows Server machine and one Windows client machine. A domain is created on the Windows Server, and the client machine is joined to this domain. An appropriate server configuration is used for all seven servers, and an appropriate client configuration is used for all seven clients. The respective configurations are as follows: Server: Standard installation of Windows Server 2012 R2 64 Bit with 4GB of RAM. The following changes were made: Disabled the Windows Update service Installed the Windows Assessment and Deployment Toolkit 8.59.25584 Installed WinPCAP 4.1.3 Client: Standard installation of Windows 7 Professional 64 Bit with 3GB of RAM. The following changes were made: Disabled the Windows Update service Installed the Windows Assessment and Deployment Toolkit 8.59.25584 Installed WinPCAP 4.1.3 Installed Java 8 Update 66 For each of the six server-client test systems with AV products installed, the product s management console is installed on the server using default settings. Some products require the installation of additional Microsoft Software, such as.net Framework or SQL Server, so we install the respective components on those machines where it is required; we regard the additional software as being part of the product itself for the purposes of this test. The relevant endpoint security product is then installed on the client, also using default settings. We check that the client software is registered in the management console, that communication between AV client and console is working as expected, and that the AV client can update virus definitions successfully. No antivirus software is installed on the server itself. Each server-client system is assigned an independent VLAN, which is completely isolated from network traffic in the other VLANs. The machines are configured to keep the basic network load as low as possible, e.g. by disabling Windows Updates. It has to be pointed out that those measures cannot prevent the machine from sending any data on the network, however. The server and the client in each test system are allowed to connect the Internet at any time. Commissioned by ESET - 3 -

Settings Used All products (except ESET) were tested using default settings. By default, the ESET client connects to the server once every minute. This shorter update interval is only recommended for setup purposes, because adding computers, pushing policies, and checking the status of protected computers is easier for the administrator using nearly real-time updates. As shown in the screenshot below, the ESET Administration Console recommends setting the update interval to 20 minutes or more for productive use. In accordance to this recommendation, we changed the default settings to let clients only connect to the server once every 20 minutes. ESET informed us that they are working on an improvement for this situation. In the future their product will provide a setup policy with a limited time validity automatically changing the initial update interval after a predefined amount of time. Until these limited time validity policies are implemented, ESET is sticking with the recommendation shown in the screenshot. Commissioned by ESET - 4 -

Test One: Long-Term Network Load Test (Idle) Methodology The goal of this test is to compare the participating products in terms of the network load they generate during the course of one week. The test does not involve any user input, therefore all the machines simply idle for one week (7 days from 1 st to 7 th October). The network traffic is captured using WinPCAP. The resulting *.pcap files are analysed after the test is completed. The analysis distinguishes between three major components: network load between server and client; network load between server and Internet; network load between client and Internet. All values are treated independently. Each machine is restarted before the test runs. After the restart, each machine is allowed to idle for at least three hours before the test starts. This allows triggered actions (such as Update after restart ) to be performed without being captured. The network traffic is captured for both machines, i.e. server and client, for each server-client test system. Results All values in the following table are given in Megabytes (MB). Traffic LAN (Server <> Client) Traffic WAN (Server) Traffic WAN (Client) No AV 0 0 0.1 ESET 38 19 1.0 Symantec 63 89 1.2 Trend Micro 22 370 0.6 Kaspersky Lab 441 152 2.1 McAfee 78 898 1.2 Sophos 18 2,514 1.2 3000 2500 Idle Traffic Traffic in MB 2000 1500 1000 500 0 No AV Eset Symantec Trend Micro Kaspersky McAfee Sophos Traffic Server Client Internet Server Internet Client Commissioned by ESET - 5 -

Test Two: Network Load Test (User Action) Methodology This test is similar to the long-term network load test. The machine setup and the testing methodology are the same. Whilst in the previous test no user action was simulated, in this test we perform automated actions using the Windows Assessment and Deployment Toolkit (ADK). The actions include: Archiving files on local disk: o MS Office, 297 MB, 335 files o PDF, 440 MB, 289 files o PE, 930 MB, 2,328 files Copying Files on local disk o MS Office, 297 MB, 335 files o PDF, 440 MB, 289 files o PE, 930 MB, 2,328 files o ZIP, 353 MB, 4 files Installation of four well-known applications The test files are copied to the machine in Safe Mode without any antivirus software present. Therefore none of the performed actions and included files can be whitelisted before the actual test starts. The analysis of the network traffic starts before the ADK operations start, and ends after the ADK operations are completed. Results The results table contains the overall network load (LAN and WAN) on the client side. All values are in Megabytes (MB). Product No AV ESET Symantec Kaspersky Lab Sophos McAfee Trend Micro Total Client-Side Network Load 0.0 MB 0.2 MB 0.4 MB 0.4 MB 0.8 MB 2.6 MB 23.8 MB Commissioned by ESET - 6 -

Test Three: Size of Client-Side Definitions Methodology The goal of this test is to compare the size of the virus definitions on the client side. Finding exact values for the virus definitions (and only the virus definitions) is a challenging task and only the vendors themselves can provide exact information. The measurement was taken after Test One, therefore all definitions were up to date. In this test we examine the client-side installation of each product and look out for virus definition files, selecting them as precisely as possible. As we do not know any details of the exact implementation of each product, we concede the possible existence of noise in our investigation. Results All values are in MB (rounded). Product ESET Trend Micro McAfee Sophos Kaspersky Lab Symantec Size of client-side virus definitions 75 MB 75 MB 100 MB 130 MB 250 MB 700 MB Definition Size 800 700 600 500 Size in MB 400 300 200 100 0 Eset Trend Micro McAfee Sophos Kaspersky Lab Symantec Commissioned by ESET - 7 -

Test Four: Machine Load during Update Methodology In this test we compare the machine load during updates on the client side. This analysis includes a comparison of CPU loads and RAM usage. For analysis we use the Microsoft Performance Toolkit, included in the Windows Assessment and Deployment Toolkit (ADK), as well as the Windows internal tool Perfmon.exe. We were not able to trigger updates manually for each and every product in a standardized way. Therefore we decided to use a more generic method to trigger an update. We disconnect the client for 72 hours from the network. This will lead to outdated databases, which will be updated as soon as the network is available. Furthermore we assume that these results are more realistic in a typical configuration, as the definitions are updated in the background without any graphical representation (which consumes hardware resources as well). The measurement of the machine resources starts before the network connection is available, and ends after two hours. The results are then analysed manually and cropped to include only the actual update process. Results The results include the runtime of the update. This is manually determined by measuring the time from the point where the machine load exceeds the idle load to the point where the machine load falls back to the idle load. The results include the average CPU load during the update, and the average additional memory usage during the update in comparison to the memory consumption during idle before the update started. It is up to the reader to interpret these results. We notice two different approaches of the vendors. One approach is to complete the update in the shortest possible time, such as in the case of ESET. This results in high average CPU loads during a short time period. The other approach is to keep the CPU load low, such as in the case of Symantec. This results in a longer overall update time. Time [sec] CPU, average [%] Additional memory usage, average [MB] ESET 19 46 64 Kaspersky Lab 58 50 46 McAfee 98 15 9 Sophos 118 13 13 Symantec 353 17 88 Trend Micro 18 8 7 Commissioned by ESET - 8 -

Copyright and Disclaimer This publication is Copyright 2016 by AV-Comparatives. Any use of the results, etc. in whole or in part, is ONLY permitted after the explicit written agreement of the management board of AV- Comparatives, prior to any publication. AV-Comparatives and its testers cannot be held liable for any damage or loss, which might occur as result of, or in connection with, the use of the information provided in this paper. We take every possible care to ensure the correctness of the basic data, but a liability for the correctness of the test results cannot be taken by any representative of AV- Comparatives. We do not give any guarantee of the correctness, completeness, or suitability for a specific purpose of any of the information/content provided at any given time. No one else involved in creating, producing or delivering test results shall be liable for any indirect, special or consequential damage, or loss of profits, arising out of, or related to, the use or inability to use, the services provided by the website, test documents or any related data. For more information about AV-Comparatives and the testing methodologies, please visit our website. AV-Comparatives (October 2016) Commissioned by ESET - 9 -

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information