Select Page


We just released CounterSpy Enterprise 2.0. This is our “enterprise” version of CounterSpy which allows system administrators to control spyware and other malware threats throughout their organization.

This new version incorporates our new “hybrid” antispyware engine, which merges classic spyware detection and remediation with our new VIPRE technology (VIPRE incorporates both traditional antivirus and cutting-edge antimalware techniques). This combination of technologies provides faster scanning with less system resources than the previous version.

Lots of new stuff in this release.

I did a webinar yesterday on the product, as well as a discussion of our philosophy with regard to malware (as well as current trends, etc.). I highly recommend viewing it. You can see it here (unfortunately, the few websites I visited during the presentation weren’t recorded due to some glitch in the recording system, but the rest is fine).

This is a hot release and I’m really proud of our team here.

Corporate propaganda here.

Below is more information for current customers who are upgrading:

Licensing: If you’re currently under maintenance this is a free upgrade and your existing license key will work fine in CSE 2.0

System requirements: The system requirements are here and should be reviewed prior to deployment.

Upgrading to the CSE 2.0 Server and agent: The direct download link to the CSE 2.0.2171 installer is here. Upgrading the CSE server to version 2.0 is supported for versions 1.5 and higher. The upgrade process for the server is extremely simple, just download the release and run it on the server. All existing information will be upgraded and migrated to the 2.0 installation. Remember to upgrade to .NET 2.0 on the server first and reboot if prompted.

After upgrading the server all your existing agents will continue to function as normal with the exception of Active Protection. Since the Active Protection component is significantly different the 1.8 agents will cease to offer Active Protection until upgraded to version 2.0. All other functions such as definition updates, scheduled scans and reporting will operate as normal. Additionally you will see that in the CSE 2.0 console that the “Last Scan Complete” column will show “Never Scanned” until a scan is completed by the agent after the server upgrade was completed.

Upgrading the CSE agents to 2.0 is supported for versions 1.5 and higher. Once the CSE server has been upgraded the simplest way to update the agents is by setting them in the policy(s) to automatically check for software updates. This setting is located under the “Advanced” button on “Agent” tab of the policy. If you have more than a 100 agents on a single policy you may want to create a copy of the policy, set it to automatically upgrade the agents and then move a 100 agents at a time to the new policy so as to not overload your network with upgrading agents.

New Features Overview:

New Engine – The agents are now using a new scanning and removal engine which now includes Sunbelt’s new VIPRE technology. This new engine is faster and requires less system resources while at the same time has improved detection for more sophisticated threats such as rootkits. Additionally, the engine includes FirstScan, which is our new scan and remove on-boot technology designed specifically to detect and remove the most deeply embedded malware before it can run or install. Triggered through a CounterSpy system scan, FirstScan will run at the system’s boot time, bypassing the Windows operating system, to directly scan certain locations of the hard drive for malware, removing infections where found.

New Active Protection – The active protection system had been completely replaced with a new kernel-level component. The new system offers real-time blocking of threats from being executed while also being able to prompt the user to take action if suspicious behavior is detected. Additionally the administrator can create their own custom defined list of allowed and denied applications.

Automated Deployment Service – It is now possible to have CSE automatically deploy agents to the network. At a policy level this feature can be enabled and the admin can specify any combination of machine lists, IP addresses, IP ranges, IP subnets, and AD queries to be resolved and deployed to without admin interaction. The traditional methods of deployment such as console push and MSI packages are still included.

New User Features – The new agent now has many more options that can be exposed to the user at the discretion of the admin. The features include the ability to pause a scan that is in progress or disable active protection. As well, the end user can now be allowed to view the scan results and manage his own quarantine using a new end-user UI. Agents can still be run in a completely silent mode with no end-user interaction.

Incremental updates – This new engine fully support incremental updates so definitions can be released more often with less bandwidth impact and shorter download times for end-users that use CounterSpy at their home office.

New Agent Features – The new agent includes all of the above features as well as several other technologies. The agents can now go over the Internet to obtain definition updates if their CSE server is unreachable. They can also be set to throttle the rate that they download definition files and updates from CSE server so as to not saturate slower network connections. Advanced scheduling options now allow the agent to start scans at randomized times and make up for missed scheduled scans.

New Console Features – The administrative console for CSE has been redesigned to include more information. The admin can now tell at a glance when an agent last scanned and print from any of the customizable agent grids. The console to server communication has been reworked and optimized to respond quickly even under heavy usage. Advanced features, such as the Agent Recovery Mode which allows agents removed from the CSE server to automatically attach back to the server, are exposed to the admin.

New Server Features – The services for CSE have all been consolidated into a single process which increase the performance while at the same time decreasing the memory and CPU requirements. Additionally the new service has been ported over to .NET 2.0 which also increases the efficiency. The new CSE server component is not only compatible with the new agents but backwards compatible with the older 1.5 and 1.8 agents so upgrading can be done in stages.

Alex Eckelberry