Agentless vs. Agent-based Solutions

Shavlik Protect provides both agentless and agent-based solutions. This section describes, in general terms, the benefits of each solution. The sections that follow explain in more detail how to use an agent.

Agentless Solution

Agentless systems are based on push technology and on a centralized design.  A central authority is responsible for scanning the machines in the enterprise and for initiating all actions on those machines. Agentless systems have a number of advantages over agent-based systems.  Strict agent-based systems can only report on machines that have the agent actively running. If the agent has been disabled the machine will appear to not exist. In addition, new machines can be introduced to a network and these rogue machines will not only be agentless, they may well be invisible.  Agentless systems, on the other hand, can scan ranges of IP addresses and report on machines it finds. Even if it cannot access the system, the agentless scanner will at least report that a new IP address is present on the network. In many cases agentless systems lower the cost of ownership, reduce management overhead, and provide for quick and easy deployment.  This is especially true in large enterprises managing 10,000 or more machines.  An administrator can be scanning and fixing their network within minutes using an agentless system.

In Shavlik Protect, all patch, asset, and power management tasks can be performed without agents. Threat management tasks, however, are best suited for an agent-based approach and therefore cannot be performed in an agentless manner. This is explained in more detail below.

Agent-based Solution

Patch management and asset management

Certain types of users or systems can pose problems for agentless solutions. Machines that must reside in a ”de-militarized zone” (DMZ), roaming users, and disconnected or inactive machines can all prove problematic. In these cases an agent-based solution is often the best answer. Agent-based solutions consist of proprietary client-side communications software that resides on a computer and facilitates communications with server-based administrative software. The agent scans the client machine for information and then provides the information directly to the server console.

An agent-based solution is a useful complement to an agentless patch management and/or asset management solution. Outfitting your troublesome systems with agents provides the best of both worlds--agentless solutions to protect machines permanently or newly introduced to the network, and agent-based solutions for the hard-to-reach machines.

Antivirus and antispyware

Note: Antivirus and antispyware are separately licensable add-ons to Shavlik Protect.

Threat management tasks are best suited for an agent-based solution. This is because it is best to perform these time-critical tasks directly on each target machine rather than remotely from a console. For this reason all threat management tasks within Shavlik Protect are implemented using an agent-based solution.

Important! When performing threat management tasks on agent machines, it is strongly recommended that you remove all other antivirus and antispyware programs that may be running on the agent machines. Using multiple threat programs on the same machine may cause serious performance issues.

Power management

Note: Power management (including Wake-on-LAN) is a separately licensable add-on to Shavlik Protect.

An agent-based solution is also well suited for performing power management tasks. For example, if you want to be sure your portable machines are not left powered on late at night or over the weekend, an agent can be used to automatically shut down those machines. In addition to saving power and avoiding unnecessary wear, shutting down your disconnected machines during those times they are likely to be left unattended is also a smart security precaution.