Avast for Business Premium Endpoint Security, provides good endpoint protection and is a solid value at $39.99 per seat per year. However, I’m uncomfortable with the lack of business features, in particular the lack of role-based account management, audit capability, reporting, and customized email notifications found in more complete security products such as Editors’ Choice Webroot SecureAnywhere Business Endpoint Protection.
[Editor’s Note: This review has been updated since its original publication. As part of that update, the product name has been changed to reflect Avast’s current naming: Avast for Business Premium Endpoint Security.]
Avast also offers a free version for basic anti-malware protection, though it lacks proactive controls, a firewall, anti-spam protections, a safe virtual environment for web browsing, and a data shredder. Avast for Business Premium Endpoint Security protects Windows desktops and servers, Exchange servers and Mac desktops with the same protections as the free version, plus SafeZone to protect financial information online, Sandbox (an isolated browser), firewall, anti-spam, and a data shredder. Business accounts can be upgraded or downgraded between free and premium with a single mouse click. Avast SecureLine VPN, a service that encrypts traffic for Windows laptops when they’re outside the office, can be added for $5 per device per month.
Getting Started With Avast for Business Premium Endpoint Security
Avast for Business Premium Endpoint Security simplifies the process of getting started by placing a flashing bold link at the top of the management console when you first sign in. I could download the installer directly onto my device or email a link to others. Client installation took 10 minutes and was followed by a quick scan. The client machine immediately appeared in the management console dashboard.
The dashboard is a disappointment. There is room at the top for a big banner to alert me of at-risk devices, then a row of general information about my environment including an upsell to add services to my account, which I really don’t like because it’s like Avast is saying that one of the top four things I can do with the management console is subscribe to more services. Then there are two charts, one showing protected devices grouped by OS and another showing threat detection statistics over time. Avast’s dashboard has a very good look and feel, but lacks the true utility found in a breadth of customizable information like that provided by Bitdefender GravityZone Business Security.
It’s very easy to create additional administrative accounts. Simply enter an email address and the new administrator is sent a link to register for management console access. However, unlike Bitdefender, there is only one setting that allows for complete control. There’s also no audit trail of what each administrator has done, as compared to the full audit logs you’ll find in solutions such as Trend Micro Worry-Free Business Security Services or McAfee Endpoint Protection Essential for SMBs. Multiple admins with full privileges and no way to audit their activities is a recipe for disaster.
Working With Avast for Business Premium Endpoint Security
The Network screen of the management console is where I found myself spending the most time. From here I could see a sortable, filter-able list of protected devices. The ability to create custom device groups is missing; a management feature standard across most of the other endpoint security solutions I tested, including Editors’ Choice Webroot SecureAnywhere Business Endpoint Protection and Sophos Cloud Endpoint Protection. Devices also have a color-coded status next to them. Clicking on a device drills down to more information about the device, a screen to change settings, a list of tasks run on that device, and a list of threats detected on that device.
Policy is found under the Network tab, and Avast manages these settings very well. Policy settings are grouped by operating system (OS), including Windows Workstation, Windows Server, and Mac OS X. They’re then grouped within tabs as Active Protections, General Settings, and Antivirus Settings. There are two modes to the policy editor—basic and advanced. In basic mode protections, such as File System Shield and Web Shield, can be turned on or off. In advanced, deeper settings, such as the ability to exclude files from the File System Shield scans and set actions to be taken on malware discovery, are present.
I found it very confusing to configure policies on individual devices and configure policy across my organization. For example, under Settings, I turned the firewall on for all Windows workstations, and then under Devices I opened a specific device and turned off the firewall. For the sake of consistency, policy should be managed in a single location. Offering a management console policy comparison tool like those found in Webroot SecureAnywhere Business Endpoint Protection and McAfee Endpoint Protection Essential for SMBs would serve as another useful way to normalize these policies.
Reporting, Notifications, and Help
There is no reporting. The best I could do to share my test organization’s security status organization with someone else was take a screenshot of the dashboard. This also means Avast lacks any forensic capabilities. In fact, Avast lacks the capacity to go beyond daily endpoint security operations in any way.
Despite those reporting limitations, help features are very good…although a bit quirky. For the most part, information about each setting or task is shown on each page. Then little question marks appear next to most important settings or actions, which is great, but the help that pops up when I hover over that question mark is little more than a single sentence definition. Clicking the support icon on the left-hand side of each screen opens a new browser window where I could search the knowledgebase, community, or submit a trouble ticket. Avast’s help functionality would be more practical if it were context-sensitive.
The most helpful feature of Avast for Business Premium Endpoint Security is notifications. Notifications, accessible from the dashboard or by clicking the bell on the upper right hand corner of each page, provide a running list of the threats and error conditions encountered. The notification list is color-coded by event severity and in date order. Clicking an event brings up additional information. Some notifications also include links to take action to remediate the error condition. Notifications are a very useful workflow tool—log in, check the list of notifications, and click to remediate the error condition. I’d love to see the choice of receiving notifications in an RSS feed like F-Secure Protection Service for Business. Each notification is also emailed to all administrators. However, the email notification can’t be customized.
To test Avast for Business Premium Endpoint Security’s ability to block web-based attacks, I used a feed of newly-discovered malicious URLs supplied by efficacy assessment service MRG-Effitas. These links come and go extremely quickly; many are gone within hours.
For each still-functioning URL, I recorded whether Avast blocked access in the browser, wiped out the download, or failed to identify and block the download at all. I tested 50 valid URLs. Avast’s performance was excellent, blocking 72 percent of the malicious URLs and the malware they attempted to download. These results are comparable to Panda Security Endpoint Protection, Bitdefender GravityZone Business Security, and F-Secure Protection Service for Businesses, and ahead of Kaspersky Small Office Security.
To measure Avast’s ability to protect against fraudulent websites, I used a set of recently reported phishing URLs. I fed the same set of URLs simultaneously to four test systems, each with a different form of protection. The first was my Avast test machine. The remaining three used the protection built into Google Chrome, Internet Explorer, and Mozilla Firefox.
Avast’s anti-phishing performance was excellent, outperforming the built-in protections of Chrome by 18 percent, Internet Explorer by 34 percent, and Firefox by 12 percent. Avast’s anti-phishing protections put it towards the top of the pack, ahead of Panda Security Endpoint Protection, and F-Secure Protection Service for Businesses, but lagging behind Bitdefender GravityZone Business Security and Kaspersky Small Office Security.
To assess Avast’s active protections, in particular the ability of the active protections to avoid blocking legitimate applications, I installed a group of 20 PCMag.com utilities. No surprises here, Avast allowed me to install and execute them all with no false positives.
To test the firewall, I attacked my test systems using 30 exploits generated by the Core Impact Pro penetration testing tool and none of them breached security. Avast actively detected and blocked the attacks, as did F-Secure Protection Service for Businesses and Bitdefender GravityZone Business Security.
All of the independent test labs have evaluated Avast and the results are favorable, although not perfect. The product received 16 out of a possible 18 points in AV-Test Institute‘s three-part protection, performance, and usability evaluation. AV-Comparatives has rated Avast either Advanced or Advanced+ in the last few years of testing, while Dennis Technology Labs rated it AA (the second highest rating). ICSA Labs and West Coast Labs certify Avast for virus detection and Virus Bulletin awarded it VB100 certification.
Avast in 2017
As is the case with AVG CloudCare, the biggest update to Avast Software Premium Business Security doesn’t carry a version number: On September 30, 2016, Avast acquired AVG. As of this writing, the combined company hasn’t figured out precisely how all of their different competing products will be folded into a single, rational product line, so everything could change any time now. The integration has begun with several AVG consumer products announced in January but it’s definitely a work in progress. Stay tuned for further developments.
Now, regarding Avast for Business Premium Endpoint Security: Perhaps because of the complications of the AVG acquisition, there have not been substantial changes to this product since our original review. However, one addition has been enhanced: the behavioral analysis feature that can help protect endpoints against the dreaded “zero day” attack that hasn’t yet been written into the signatures and codified into the collection of rules that make up most anti-malware protection.
Avast for Business Premium Endpoint Security provides MSI installation to ease small business deployment and protection for both file and Microsoft SharePoint servers. But, in many ways, this is a product that still feels rather like very good individual workstation protection that happens to have been installed on a lot of computers in an organization. The cloud-based management interface provides both management and reporting but the functions lean much more heavily to the management side of the scale. Deploying and enrolling endpoint agents is simple and straightforward, but figuring out what sort of threats are trying to get into those endpoints and being caught (or not) is not really an option.
Avast remains a product that seems best suited for simpler environments that don’t require complex role-based administration or detailed reporting. As mentioned earlier, pricing begins at $39.99 per seat per year, with quantity discounts available.