OPSWAT's Endpoint Security Engine is a light management interface that enhances network management and security solutions by actively enforcing configurable security policies.

Powered by the OESIS® Framework, ESE verifies that each endpoint conforms to policy requirements for antivirus, antispyware, browser security, and patch management for Microsoft Windows and enables a COM-based development interface to access the state of these security applications.

ESE can be configured to automatically fix the user application settings, prompt users to patch their system or trigger a call back.

• Available to OESIS® Local customers.


• Assessment Capabilities - ESE can be configured to require that antivirus, antispyware and personal firewall applications plus other services running on endpoint devices are up-to-date and free of worms, viruses, trojans, P2P systems, and other “greyware” applications.


• Remediation Capabilities - ESE can be configured to actively check for and install the latest antivirus/antispyware definition files and product updates for most antivirus/antispyware applications.


• Broad Application Support - ESE supports over 1000 antivirus, antispyware and personal firewall applications plus multiple browser, P2P and other endpoint applications that bear on security.


• Easy configurability - Configuration files are written in readily understandable XML, and can easily support foreign languages.


• Easy Programmability - Simple COM-based interface.


• Light management client - ~1 megabyte, runs efficiently, and can be configured to alert users only when essential.

Antivirus Enforcement
The ESE Antivirus Enforcement module verifies that endpoints have fully operational and updated antivirus software.  If users are not up-to-date, ESE can be configured to actively perform fixes and change antivirus configuration, alert the user or trigger a call back.

Antispyware Enforcement
The ESE Antispyware Enforcement module verifies that endpoints have fully operational and updated antispyware.  If users are not up-to-date, ESE can be configured to actively perform fixes and change antispyware configuration, alert the user or trigger a call back.

Personal Firewall Enforcement
The ESE Personal Firewall Enforcement module verifies that endpoints have fully operational and updated personal firewall software.  If users are not up-to-date, ESE can be configured to actively perform fixes and change personal firewall configuration, alert the user or trigger a call back.

Patch Management
The ESE Patch Management module ensures that endpoints running Microsoft Windows and Microsoft Office are securely patched.  ESE can be configured to actively patch endpoints, alert the user or trigger a call back.

Browser Security
The ESE Browser Security module can, for endpoints running Internet Explorer, clear Internet Explorer caches and cookies.  ESE can also be configured to erase URL histories, favorites, temporary Internet files, cookies, auto-complete features, and other insecure features on a regular basis, or by a function call.

Process Monitoring
The ESE Process Monitoring module can check what programs are running on endpoints and can be configured to kill or force a process.

Peer to Peer Monitoring
The ESE Process Monitoring module checks for well known P2P applications. and can be configured to kill peer to peer applications.

Hardware Identity
The ESE  Hardware Identity module creates a unique digital identifier to the endpoint hashing and encrypting the hardware and software information into a unique digital key

VPN Support
Available integration projects for Microsoft and Check Point VPN products.

• Windows 2000
• Windows XP
• Windows 2003

• Contact us for more information or a quote