A host-based intrusion prevention system uses proactive threat scanning to prevent zero-day attacks, and at the same time it locks down the desktop so that only authorized apps can run. Device control regulates the copying of fi les to USB memory devices. Antivirus and antispyware features (along with an anti-rootkit component) guard against malware. A network intrusion-protection system along with a firewall that provides low-level protection from network threats rounds out the product.

        Client policy is almost infi nitely tweakable from a central console. The management interface provides an extremely granular level of control. That’s no mean feat, and for the most part, the developers did a great job. Admins can install the suite in an unmanaged fashion—directly on workstations, in other words—or use a managed approach, putting the software on a server and then packaging and pushing it to workstations.

        Different administrators can assign varying policies based on departmental guidelines andthen apply a modifi ed version of a particular policy if a computer moves. For instance, for a laptop you could create a policy that is more restrictive when the machine remains in the office than when the user takes the PC on the road. This type of fl exibility is ideal for large enterprises but can be overkill for the average small business.

      The product did well against malware, blocking all six attempted virus downloads via HTTP and six of eight keyloggers. And although two keyloggers installed, EP 11 later detected and removed them during a routine scan. None of the seven Trojans got through, but two of ten spyware programs slipped by. By comparison, F-Secure Client Security fell victim to eight keyloggers, four rogues, and four adware apps.
       With a protection product that gives this much fl exibility and control over policies, you’ll have to spend some time to understand the ins and outs. But Symantec Endpoint Protection 11 is a strong defender, and learning a good security system is far better than learning that your business has been compromised. This is an outstanding product for businesses with about 25 to 50 users, and it wins our Editors’ Choice.—Matthew D. Sarrel