Start planning for your migration by assessing the state of your current environment and the scope of the transition.
Typical VIPRE deployments
VIPRE Endpoint Security is primarily deployed for the following use cases:
- Protect endpoints from threats related to malware
- Help prevent users from deliberately or accidentally visiting malicious websites or executing malicious code
- Protect servers and workstations from network exploits
- Prevent even zero-day, file-less, and evasive malware that is undetectable with classic signature-based detection alone
- Reduce spam and phishing emails
- Ensure that endpoint applications are kept up to date with the latest security patches (VIPRE Server only as of November 2017)
- Help protect against infections on removable media (VIPRE Server only as of November 2017)
VIPRE Endpoint Security provides a comprehensive set of technology designed to protect endpoints from compromise using multiple redundant layers. The use cases listed here are representative only.
Typical Deployments
VIPRE customers range in size from very small to very large organizations. The software itself is lightweight and easy to deploy, with few issues caused by implementation of the solution. Most deployments follow a fairly simple pattern as follows:
- Site is set up
- Agents are deployed to a couple test endpoints
- After some testing, agents are deployed more broadly within the organization
- After the solution has been implemented for some time, minor tweaking of the policies and exclusions are performed to adjust for the local environment
Most deployments that follow this general pattern can go from nothing to fully installed and functional within a short time period - a day to a few days depending on environment size and other factors.
Deployment Challenges
In a small percentage of cases, deployments face some challenges. Here we have listed some of the more common challenges along with suggestions for mitigation.
- Pre-existing AV software proves difficult to remove, causing conflicts with VIPRE
- VIPRE includes a feature, which you enable through a policy setting, that will invoke our competitive agent removal tool (CART) during agent installation
- Local endpoint configuration settings can cause agent deployments to fail on some systems
- Select a variety of representative systems to test with prior to embarking on a full migration
- Certain actions performed by local custom applications on some endpoints cause VIPRE to incorrectly report that application as malware - a false positive
- Through testing, once those custom applications are identified, add them to you exclusion definitions in Endpoint Cloud
- Some USB devices and printers may stop working correctly due to driver conflicts
- A new driver may be able that could resolve the conflict. If device control is involved, an exclusion could be set for the resource in question.
Migration Overview
A recommended list of steps for end-to-end VIPRE implementation in your business.
When planning a VIPRE implementation, there are many paths to success: the methodology you use for one project may be very different than you use for another. Generally speaking, most VIPRE implementation issues are easily resolved with a little troubleshooting, but planning and testing in advance can prevent that troubleshooting from interrupting normal business operations. VIPRE advises a risk-based approach to determining how much planning and testing should go into each project; make sure that you carefully test any mission-critical systems and apps before you fully deploy VIPRE, but in many cases you can probably defer testing for helpful-but-not-critical utilities until after general deployment.
To help ensure the success of a given VIPRE project:
- Evaluate the current environment:
- Which devices—server, desktops, servers, etc—you wish to be protected by VIPRE. Generally speaking, we recommend that pretty much anything that's on the network should have some form of anti-malware protection
- Determine whether existing endpoints currently have any form of existing anti-virus, anti-malware, or anti-spam software installed on them and active
- Perform a software inventory of important business applications that are in use on endpoints
- Develop a plan to deploy agents to the endpoints
- How will you deliver the agent to the endpoint? Who will do the installation?
- Will any manual uninstall of existing AV solutions be required?
- How will you verify that the agent is installed and working correctly for all targeted endpoints?
- Perform additional testing to ensure that VIPRE is not conflicting with existing apps
- Determine up front if you'll test in a pre-production environment, or whether you'll roll VIPRE out broadly and then perform testing
- Check that business critical apps work, that printing works, that any important USB devices still work
- Document the full deployment process and any customized settings
The following sections of this Migration Guide will provide additional detail on how to complete each of these steps.
Plan the migration
After you have performed an inspection of your current environment, this article provides items to consider before beginning the migration.
Agent Deployment
You have a number of options on how to deploy agents to your endpoints with some variation between VIPRE Cloud and VIPRE Server:
Select the appropriate deployment method for each group of devices that will work best for a particular environment. Sending emailed agent download links, for example, will not work in environments where Administrator access is restricted for end users.
Competitive Agent Removal Tool (CART)
VIPRE includes a special tool that is designed to remove any potentially incompatible endpoint security products that might already be in place prior to installation of the VIPRE agent. This tool is a great time saver, reducing manual software de-installation on each individual endpoint. The tool however includes removal definitions only for recognized software; if your legacy endpoint security solution is not on the list, then software removal may need to proceed manually. You may also choose to disable the CART tool (this is done in Policy) for particularly sensitive systems or if you determine via testing that there is some incompatibility in your environment.
Agent Deployment Testing
Depending on the perceived level of risk in a given environment, you may choose to do some level of agent deployment testing on a select set of systems prior to deploying VIPRE agents more broadly across the organization. This is particularly useful if you have many systems with very similar hardware and software configurations, e.g. a "Gold Master" image that you use for most employee's systems. You may choose to do this testing only for critical server configurations or for a subset of desktops. The goal is to minimize the risk of service disruptions due to incompatibilities between VIPRE and target systems.
A typical test process might look like this:
- Identify a set of devices that is representative of other target devices in the environment
- Deploy the VIPRE agent to those systems
- Verify on the test systems that:
- The VIPRE agent installed correctly and properly cleaned up legacy security tools
- Anti-malware scans run on the target system and properly report results back to VIPRE
- Any important applications and utilities work as before on the target systems
- Printing and other basic features are unaffected
- Tune or disable any device configurations or policy settings that may cause conflicts on the tested devices (and report any discovered issues to VIPRE Support)
- Once finished, approve the VIPRE agent for widespread deployment
There are several circumstances where conflicts occur, what follows are several examples and some remediation options:
| Possible Conflict | Typical Cause | Remediation Options |
| Business applications are placed into quarantine | VIPRE may identify a business application as a threat if it matches an existing malware signature or if it performs a suspicious action. In some cases such apps are generally considered spyware, but maybe in use locally for a specific purpose. In other, very rare, cases these are true false positives. |
|
| CART cannot completely remove legacy antivirus products | Definitions for removing that specific product and version may not exist |
|
| USB devices, particularly printers, stop working | Conflicts between our Device Control capability, which protects endpoints from USB-based threats, and outdated operating system drivers |
|
Document Deployment Plan
As you deploy VIPRE into a target environment, it is important to document your deployment plan and write down any specific customizations that you make as you go. VIPRE ships with good default policies that should serve the needs of most customers, but if and when you make customizations it's a good idea to write down what you changed and why you changed it.
As a simple example, if you decide to add a particular application to Exclusions, you should note why that app was added; if the organization in the future stops using that application, you could then remove the associated Exclusions.
Important Links
Click the appropriate button below to start, continue, or complete your migration.
Guide to VIPRE Cloud Migration
Step 2: Preparing for your Migration
Step 3: Executing your MIgration