If you have PCI considerations, as I'm sure you do, get solid, written verifiable confirmation from your "agentless" vSafe anti-virus vendor that their solution has been found by the PCI Council as acceptable to meet PCI DSS 2.0 5.1.1:
5.1.1 Ensure that all anti-virus programs are capable of detecting, removing, and protecting against all known types of malicious software.
Testing procedure:
5.1.1 For a sample of system components, verify that all anti-virus programs detect, remove, and protect against all known types of malicious software (for example, viruses, Trojans, worms, spyware, adware, and rootkits).
The key requirement that vSafe fails at is the "remove" requirement. If it's not running on the server it can't remove malware from the server. It also can't protect against an in-scope server from geting infected by any way other than the network channel. It can't protect from USB or CD-borne infections. If the malware gets on the server from a USB drive it can encrypt the card data and exfiltrate it without vSafe products even seeing it.
Trend reps told us over and over that PCI QSA's have accepted their vSafe solution but they have been absolutely unable to unwilling to provide documentation or even a reference. I just asked them again last week after they initiated a contact to us again and they have ignored by request.
Make it part of the purchase contract if you decide to switch vendors for this. If t's not part of the contract it's not part of the deal. If their solution meets PCI-DSS, and they're willing to put in a contract requirement to that effect, go for it. I'm betting they won't do it.
Buyer beware.
Ray