Comparisons are a little tough, being that the product architecture and available features are fairly distinct.
MOVE, whether Agentless or Multi-platform, was designed to optimize the performance hit in a virtual environment, when implemeting any product that performs real-time scanning. For MOVE, that design was to reduce overall load from a host/hypervisor perspective. In reducing that overall load, it doesn't necessarily mean that a we will see better performance from an individual system level, if we say compare ENS performance on the same system that is offloading scanning to a MOVE SVM. Why? Because, ENS has built-in scan avoidance, and MOVE does not.
The scan avoidance that ENS provides, may or may not equate to better system performance, with the ultimate determining factor being the applications that are used on the system. When it comes to Citrix, both products will most likely have a need to perform custom scan configuration. For example, excluding UserProfileManager.exe as a process exclusion would most likely be necessary for both products.
We then get into the details of the architecture of MOVE, where with Multi-platform the MOVE Client is essentially a light-weight filter driver, and that is pretty much it, so very little resource overhead on the protected endpoints. The systems are managed, so they will contain a McAfee Agent to perform policy retrieval, whereas with MOVE Agentless and VMware environments, it does not require any McAfee software installed on the endpoint in order for scanning to occur (even more lightweight). That being said, these aspects alone can probably used for a general comparison, but how the scanning is achieved is completely different.
Personally, I have worked with customers that tested both, and some decide to stick with MOVE over ENS, and others take the traditional "thick client" install of ENS over MOVE. With ENS, you will have the ability to make use of other technologies, such as:
Access Protection
Exploit Prevention
Script scanning (browser plugin)
ATP (Adaptive Threat Protection)
With MOVE, we do have the ability to leverage TIE-enabled lookups, as we do when using the ATP module, or blade, for ENS.
The additional features that ENS Threat Prevention and ATP can provide, are most likely the best defining determination as to whether or not a customer prefers one over the other. If the intention is to just have the disk activity checked by a scanner using standard DAT information (and possible TIE-enabled lookups), perhaps MOVE is the better choice. If the environment is such that a feature such as Access Protection is required, then MOVE is not an option.
Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
You Deserve an Award
