Kaspersky Endpoint Security for Business Select review

On-premises endpoint protection that’s top value and packed with features but complex to deploy

  • Well-priced; Excellent malware protection
  • Limited web policy controls; Deployment is tedious

SMBs that want their endpoint security solution right where they can see it will like Kaspersky's Endpoint Security for Business (ESB) as it runs on an on-premises host. The entry-point ESB Select on review offers anti-malware for Windows servers and workstations, OS X and Linux, adds web, device and application controls and tops it off with mobile security.

Installation starts with the ESB Security Center, which installed all prerequisites for us and was completed inside 40 minutes. This provides the central point of contact for all ESB functions and although the main console hasn't changed much over the years, it is easy to use and very informative.

For client deployment, the console scanned the lab network and displayed all Active Directory domains, workgroups and IP subnets. Each client requires the Network Agent and Endpoint Security components, which we deployed manually by selecting all our Windows 7, 10 and Server 2012 R2 test hosts from the unassigned devices view and pushing both of them out with a single job.

Agent deployment took 15 minutes per system, after which they were dropped into the default managed computer group. When the System Center is installed, it creates base security policies for this group so all our hosts were protected immediately.

Advertisement - Article continues below
Advertisement - Article continues below

Custom groups can be created for specific sets of clients and their settings are applied the moment a computer joins or is moved from another group. We could have groups with their own policies and create sub-groups which inherited settings from the top level.

ESB's policies control the client real-time virus scanner and provides separate options for scanning files, emails, IM and web traffic, where we could choose from three scan levels using a slider. Kaspersky includes a client firewall with customized access rules, a network attack blocker and a system watcher that monitors suspicious application behavior.

Endpoint controls are equally good as the same policies can be used to apply application usage rules. We needed to define application categories first and then we added these to our policies to allow or deny their use.

Policy web controls are very unimpressive as Kaspersky only provides 15 URL categories to block or allow. Even so, they worked fine during testing and rebuffed all our attempts to access games and gambling sites.

No user interaction is required in the event of a malware detection. When we introduced our test malware samples, the agent quietly went about its job in the background by cleaning, deleting or quarantining them.

Mobiles can be managed by loading the ActiveSync plug-in on your Exchange server or using Kaspersky's iOS MDM server module. Weak documentation made the latter complex to setup and it also relies on the iPhone Configuration Utility to set iOS profiles which, although still available for download, is no longer supported by Apple.

Advertisement - Article continues below

The System Center console provides views of all clients with coloured status icons and detailed statistics graphs for protection and vulnerability levels, virus activity and updates. Reporting is very detailed, with predefined ones included for viewing anything from users on infected computers to web browsing behavior, plus options to create custom reports.

Kaspersky includes a web console which provides remote browser access to the Security Center but its interface is very sparse. Running on the Apache web server, it provides basic views of managed computers and alerts as well as options to apply tasks and configure policies.

Kaspersky's ESB is worth considering for SMBs wary of extending their endpoint security management into the cloud. The range of features and copious documentation does complicate deployment but the Select version offers powerful on-site security and is also surprisingly good value.

This review originally appeared in PC Pro issue 273


Kaspersky's ESB is worth considering for SMBs wary of extending their endpoint security management into the cloud. The range of features and copious documentation does complicate deployment but the Select version offers powerful on-site security and is also surprisingly good value.

Featured Resources

Digital Risk Report 2020

A global view into the impact of digital transformation on risk and security management

Download now

6 ways your business could suffer if you don’t backup Office 365

Office 365 makes it easy to lose valuable data regularly, unpredictably, unintentionally, and for good

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now

8 digital best practices for IT professionals

Don't leave anything to chance when going digital

Download now


internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular


How to use Chromecast without Wi-Fi

5 Feb 2020
artificial intelligence (AI)

AI identifies 11 earth-bound asteroids

18 Feb 2020
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020

The top ten password-cracking techniques used by hackers

10 Feb 2020