Kaspersky Endpoint Security for Business Select review

On-premises endpoint protection that’s top value and packed with features but complex to deploy

  • Well-priced; Excellent malware protection
  • Limited web policy controls; Deployment is tedious

SMBs that want their endpoint security solution right where they can see it will like Kaspersky's Endpoint Security for Business (ESB) as it runs on an on-premises host. The entry-point ESB Select on review offers anti-malware for Windows servers and workstations, OS X and Linux, adds web, device and application controls and tops it off with mobile security.

Advertisement - Article continues below

Installation starts with the ESB Security Center, which installed all prerequisites for us and was completed inside 40 minutes. This provides the central point of contact for all ESB functions and although the main console hasn't changed much over the years, it is easy to use and very informative.

For client deployment, the console scanned the lab network and displayed all Active Directory domains, workgroups and IP subnets. Each client requires the Network Agent and Endpoint Security components, which we deployed manually by selecting all our Windows 7, 10 and Server 2012 R2 test hosts from the unassigned devices view and pushing both of them out with a single job.

Agent deployment took 15 minutes per system, after which they were dropped into the default managed computer group. When the System Center is installed, it creates base security policies for this group so all our hosts were protected immediately.

Advertisement - Article continues below

Custom groups can be created for specific sets of clients and their settings are applied the moment a computer joins or is moved from another group. We could have groups with their own policies and create sub-groups which inherited settings from the top level.

Advertisement - Article continues below

ESB's policies control the client real-time virus scanner and provides separate options for scanning files, emails, IM and web traffic, where we could choose from three scan levels using a slider. Kaspersky includes a client firewall with customized access rules, a network attack blocker and a system watcher that monitors suspicious application behavior.

Endpoint controls are equally good as the same policies can be used to apply application usage rules. We needed to define application categories first and then we added these to our policies to allow or deny their use.

Policy web controls are very unimpressive as Kaspersky only provides 15 URL categories to block or allow. Even so, they worked fine during testing and rebuffed all our attempts to access games and gambling sites.

No user interaction is required in the event of a malware detection. When we introduced our test malware samples, the agent quietly went about its job in the background by cleaning, deleting or quarantining them.

Advertisement - Article continues below

Mobiles can be managed by loading the ActiveSync plug-in on your Exchange server or using Kaspersky's iOS MDM server module. Weak documentation made the latter complex to setup and it also relies on the iPhone Configuration Utility to set iOS profiles which, although still available for download, is no longer supported by Apple.

The System Center console provides views of all clients with coloured status icons and detailed statistics graphs for protection and vulnerability levels, virus activity and updates. Reporting is very detailed, with predefined ones included for viewing anything from users on infected computers to web browsing behavior, plus options to create custom reports.

Kaspersky includes a web console which provides remote browser access to the Security Center but its interface is very sparse. Running on the Apache web server, it provides basic views of managed computers and alerts as well as options to apply tasks and configure policies.

Advertisement - Article continues below

Kaspersky's ESB is worth considering for SMBs wary of extending their endpoint security management into the cloud. The range of features and copious documentation does complicate deployment but the Select version offers powerful on-site security and is also surprisingly good value.

This review originally appeared in PC Pro issue 273


Kaspersky's ESB is worth considering for SMBs wary of extending their endpoint security management into the cloud. The range of features and copious documentation does complicate deployment but the Select version offers powerful on-site security and is also surprisingly good value.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now



University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Careers & training

IBM job ad calls for 12-years of experience with six-year-old Kubernetes

13 Jul 2020
Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020
cyber attacks

Trump confirms US cyber attack on Russia election trolls

13 Jul 2020