Comodo Endpoint Security Manager Software Version 1.6

Size: px

Start display at page:

Download "Comodo Endpoint Security Manager Software Version 1.6"

Tamsyn Kelly
6 years ago
Views:

1 Comodo Endpoint Security Manager Software Version 1.6 Administrator Guide Guide Version Comodo Security Solutions 525 Washington Blvd. Jersey City, NJ United States

2 Table of Contents 1 Introduction to Comodo Endpoint Security Manager Guide Structure Overview of Modules Administrative Console Central Service Remote Agents Installing Comodo Endpoint Security Manager System Installation Requirements Central Service Computer Administrative Console CESM Agent Computer(s) Installation and Licensing Installing CESM Central Service and CESM Administrative Console Upgrading to Comodo Endpoint Security Manager Version Upgrading CESM version to CESM version Upgrading CESM version 1.5 to CESM version Upgrading CESM version 1.4 to CESM version Upgrading CESM version 1.3 to CESM version Installing Comodo Offline Updater Utility Upgrading Comodo Offline Updater Local Installation of CIS and the Agent Licensing The Administrative Console Logging in to the Administrative Console Administrative Console Overview Persistent Navigational Elements -The File Menu and Shortcut Toolbar The Start Page The 'Add Computers' Wizard The 'Install Agents' Wizard The 'New Task' Wizard New Computers Group The 'Install Packages' Wizard The 'Computers' Area The 'Tasks' Area The 'System Status' Area The 'Overall Endpoint Security' Area How to Upgrade How to Install CIS How to Configure CIS How to Install CDE How to Buy Licenses for More Endpoints New Release Features FAQs Forums

3 The 'Support' Area Importing Network Structure Initiating the import Importing from Active Directory Importing from a Workgroup Importing Computers by IP Addresses The 'Computers' and 'Group Manager' Windows The 'Computers' Window - Functionality and Purpose The 'Group Manager' Window - Functionality and Purpose The Package Management Window Opening the Package Manager window Adding a Package to Comodo Endpoint Security Manager The Discovery Profiles Window Opening the Discovery Profiles Window 'OS Version' Profile 'System Information' Profile 'Windows Services' Profile 'Installed Products' Profile 'File System Items List' Profile 'Windows Command' Profile 'Power Policy' Profile 'Windows Process List' Profile 'Screenshot' Profile 'System Statistics' Profile 'Users List' Profile 'CIS Config' Profile Example: Using 'CIS Config' Discovery Profile to roll out an existing CIS Configuration onto other machines 'CIS - Quarantined Items' Profile 'CIS - Firewall Log' Profile 'CIS - Defense+ Log' Profile 'CIS - AntiVirus Log' Profile 'CIS - Infected Items' Profile 'CIS - Trusted Vendors' Profile 'CIS - Safe Files' List CIS - Update Hosts List 'CDE - Con fig' Profile The Sequence Manager Window Opening the Sequence Manager Window Creating a Sequence and Adding Actions to that Sequence The 'Task Manager' Window Opening the Task Manager Window Creating and Executing a Task The Task Result Manager Window Opening the Task Result Window The Notification Monitor Window

4 Opening the Notification Monitor The Notification History Window The Request Monitor Opening the Request Monitor Window The Request History Window Reports 'Computer Details' report Malware Statistics Antivirus Database Updates The 'Tools' Options Create Agent Installation Package Opening the Import and Export Settings Wizard The 'Help' Options The 'Help' Window Support Live PC Support The 'About' Window The CESM Upgrade License Wizard How to Load a New License How to Purchase a New License Purchasing Additional Licenses Workstation / Workgroup Management Managing Computer tree items Context Management Menu - Table of Parameters Managing groups of computers Creating groups Preparing Imported Computers For Remote Management Assigning Managed Status to Imported Computers Installing CESM Remote Agent Installation through CESM Console Manual Installation of a Remote Agent Updating CESM Remote Agents Uninstalling CESM Remote Agents Managing Computers Using the CESM Administrative Console Prerequisites Step 1. Run a set of Discovery Profiles on the Managed Computers Step 2. Upload the Comodo Internet Security Installation Package to the CESM Console Step 3. Create a Sequence of Actions to install the Comodo Internet Security Package on Managed computers Step 4. Add the Sequence to a Task and execute that Task on Managed Computers Step 5. Managing Requests (Alerts) from Comodo Internet Security on Managed Computers FAQs Appendix 1 - Setting Up a Local Update Server Comodo Offline Updater Utility - Interface Basics Persistent Navigational Elements -The File Menu and Shortcut Toolbar Overview of Download Log and Request Log Windows Configuration of the Comodo Offline Updater Utility

5 Synchronization Settings Proxy Settings Pointing Managed Installations of CIS to the Local Update Server Appendix 2 - The Service Configuration Tool Start and Stop the CESM Service Change the Language of the Configuration Tool Settings Edit the Connection Settings of the server Edit Server Connection Port and Agent Connection Port Settings Viewing Database Event Log Appendix 3 - Behavior of Actions When No User is Logged in About Comodo

6 1 Introduction to Comodo Endpoint Security Manager Comodo Endpoint Security Manager (CESM) solution is designed to help administrators of corporate networks deploy, manage and monitor Comodo endpoint security software on managed networked computers. Total Protection for networked computers CESM allows administrators to leverage and maximize the protection offered by Comodo's endpoint security solutions. These products can now be centrally managed and administered to ensure a workforce that is protected by best-of-breed solutions such as Comodo Internet Security (including Firewall and Anti-virus) and Comodo Disk Encryption with planned integrations including Comodo Secure . If installed individually, each product delivers superior protection against its specific threat vector. If installed as a full suite of packages, they provide a level of total endpoint security that is unrivaled in the industry. More efficient, effective and easier management This ability to roll out and centrally manage security policies to a network that is protected with a proven and fully integrated security suite can save thousands of man-hours per year. Administrator time that would otherwise be lost to repetitive configuration and vendor interoperability problems can be re-directed towards more productive and profitable core business interests. Furthermore, because CESM policies can be deployed immediately across all protected nodes, administrators can respond more quickly to protect an entire network against the latest, zero hour threats. Furthermore, CESM's 'Start Page' dashboard provides fingertip access to tasks wizards, important network and task related data and support resources. The Administrator can Add Computers, Install Agents, create New Tasks and do much more quickly by using the wizards in the Start Page. Huge Cost Savings Apart from the operational and support cost savings that are inherent in centrally managing a single-vendor suite of client security software, CESM's low cost pricing structure also makes sound economic and managerial sense. Instead of hard-tomanage individual license fees for each security application, Comodo has instituted a flat, per workstation charging system whereby organizations pay for the number of computer's they manage irrespective of the number of Comodo applications that are installed on any one computer. Note: CESM will notify the administrator of a potential breach of license if it detects that more machines have made connection attempts than is allowed by the license. As soon as new CESM controlled applications are launched they will be provided to your administrator as free-of-charge packages ready for seamless deployment across your entire network. 1.1 Guide Structure This guide is intended to take you through the step-by-step process of organization, configuration and use of Comodo Endpoint Security Manager. Section 1 Introduction to Comodo Endpoint Security Manager, is a high level overview of the solution and serves as an introduction to the main themes and concepts that are discussed in more detail later in the guide - including main navigational elements, network structure import, the package, sequence and task managers and a summary of the main areas of the interface. Section 2 Installing Comodo Endpoint Security Manager, contains the following sections: Installing CESM Central Service and CESM Administrative Console - describes the installation and licensing of CESM Central Service and Administrative Console; Updgrading CESM, - contains detailed information for existing customers that wish to upgrade their installation of CESM to the latest version; Installation of Comodo Offline Updater - how to install the offline update utility. Full details on configuration after installation can be found in Appendix 1 Setting up a Local Update Server; Local Installation of CIS and the Agent - explains how administrators can establish control over an endpoint by 6

7 installing CIS and the Agent locally rather than through the CESM remote console; Licensing -brief overview of licensing options Section 3 The Administrative Console, forms the main body of the guide and contains detailed explanations of the functionality and usage of the Administrative Console. This section is subdivided into the following sub-sections: The Administrative Console (Overview, logging in and basic navigation) The Start Page The 'Add Computers' Wizard The 'Install Agents' Wizard The 'New Task' Wizard New Computers Group The 'Install Package' Wizard The 'Computers' Area The 'Tasks' Area The 'System Status' Area The 'Overall Endpoint Security' Area How to Upgrade How to Install CIS How to Configure CIS How to Install CDE How to Buy Licenses for More Endpoints New Release Features FAQ's Forums The 'Support' Area Importing Network Structure The 'Computers' and 'Group Manager' Windows The 'Package Management' Window The 'Discovery Profiles' Window The 'Sequence Manager' Window The 'Task Manager' Window The Task Result Manager Window The 'Notification Monitor' Window The 'Notification History' Window The 'Request Monitor' Window The 'Request History' Window The 'Report' Options The 'Tools' Options The 'Help' Options Section 4 Workstation/Workgroup Management, covers the management of Computer tree items, the creation and management of groups of computers, the assignment of Managed status to imported computers and installation of CESM Remote Agent on managed computers. Section 5 Managing Computers Using the CESM Administrative Console, is a tutorial that guides the user through the steps needed to complete a typical deployment of Comodo Internet Security on networked end-point computers. Section 6 FAQ, is a list of frequently asked questions on deployment and usage of Comodo Endpoint Security Manager. Section 7 Appendix 1 Setting up a Local Update Server covers installation, configuration and usage of the Comodo Offline Updater Utility. 7

8 Section 8 Appendix 2 The Service Configuration Tool, provides guidance on using the Service Configuration Tool to quickly start, stop and configure the CESM Central Service and to manage its connection to the database. Section 9 Appendix 3 - Behavior of Actions When No User is Logged in, provides explanations on behavior of certain actions, executed when the user has not logged in to the endpoint. Section 10 About Comodo, contains company and contact information. 1.2 Overview of Modules The CESM solution is a complex but easy to use multi-tier application consisting of three inter-dependent modules: The Administrative Console module; The Central Service module and the Remote Agent module Administrative Console The Administrative Console provides a access to all functionality of Comodo Endpoint Security Manager through a friendly and highly configurable interface. Administrators can use the console to deploy, manage and monitor Comodo Endpoint security software on networked computers Central Service The Central Service is the main functional module responsible for performance of all CESM system tasks. Central Service also keeps and updates information on all current and past system's activities. The Central Service requires a local installation of Microsoft SQL Express for building its databases Remote Agents Remote Agents are intermediaries between remotely managed PC's and CESM Central Service and must be installed on every managed PC. CESM Remote Agents are responsible for receiving tasks and requests from the Central Service and executing those tasks on the Managed Computers. ('Tasks' from Central Service include operations such as installing or uninstalling MSI packages, configuring and re-configuring security products, managing Windows' Local Services and applying power control on managed computers). The endpoints imported into a CESM service and installed with the remote agent can be managed only by the same CESM service - meaning the agent cannot be reconfigured to connect to any other CESM service, increasing the security. 2 Installing Comodo Endpoint Security Manager This section explains how to install or upgrade Comodo Endpoint Security Manager. Please use the links below to jump to the appropriate section: System Installation Requirements; Installation and Licensing. 2.1 System Installation Requirements The Central Service computer (or Server PC) requires Microsoft Windows 2003/2008 Server with.net Framework 2.0 and local Microsoft SQL Server 2005/2008 Express. The Administrative Console can, if desired, be installed on the same machine as the Central Service running under the same installation of Windows 2003/2008. Alternatively, the console can be installed on a separate computer (Console PC). If installed on a separate machine, the Console PC must have Microsoft Windows 7, XP SP2 or Vista SP1 with.net Framework 2.0. The installation of the Administrative console and/or the Central service is done from a single, unified installer. Administrators are given the choice of installing either or both components during the setup process. See section 2.2 Installation for more details. The Comodo Remote Agent is installed onto Managed PC's directly from the Administrative console or locally by creating an agent installation folder at the console and copying it to the Managed PC (See the section Tools > Create Agent Installation 8

9 Package for more details). Managed PC's must be running either Windows 7, Windows XP SP2 (and above) or Windows Vista. The exact computing power of Managed PCs (usually network workstations) should, of course, be determined by the general needs of the users within that organization but should also meet the minimum specifications of the Comodo Packages that are installed on them (e.g. Comodo Internet Security etc). The remainder of this section contains detailed system installation requirements for each of the three components listed above Central Service Computer The following table lists the minimum requirements for the machine upon which CESM Central Service will be installed. CENTRAL SERVICE COMPUTER - SYSTEM REQUIREMENTS Hardware Component 32 bit 64-Bit Processor 1 GHz Intel Pentium III or equivalent 1 GHz Intel Pentium IV 64 bit processor or equivalent Memory 1 GB RAM minimum (2-4 GB recommended) 1 GB RAM minimum (2-4 GB recommended) Hard Disk 4 GB (This incorporates the space required for the 4 GB (This incorporates the space required for the SQL SQL server) server) Display Super VGA (1024x768) or higher resolution video adapter and monitor Super VGA (1024x768) or higher resolution video adapter and monitor Software Operating System The following operating systems are supported: The following operating systems are supported: Windows Server 2008 Standard Edition / Enterprise Edition / Data center Edition / Storage Edition / Web Edition / Small Business Server Windows Server 2008 x64 Standard Edition / Enterprise x64 Edition / Data center x64 Edition with Service Pack 1 or later Windows Server 2003 SP 1 or later Standard Edition / Enterprise Edition / Data center Edition / Storage Edition / Web Edition / Small Business Server Windows Server 2003 SP 1 or later x64 Standard Edition / Enterprise x64 Edition / Data center x64 Edition with Service Pack 1 or later Windows Server 2008 R2 Windows Server 2008 R2 Software Environment Microsoft.NET Framework 2.0 Microsoft.NET Framework 2.0 Database Microsoft SQL Server 2005 Express - SP2 or higher Microsoft SQL Server 2005 Express - SP2 or higher or Microsoft SQL Server 2008 Express or Microsoft SQL Server 2008 Express 9

10 CENTRAL SERVICE COMPUTER - SYSTEM REQUIREMENTS Other Requirements The CESM program modules (Console, Service and Agent) may require Windows Firewall and/or personal firewall configuration changes in order to operate successfully. By default, the CESM Central Service is assigned: TCP Port 9901 for connections with the CESM Agent TCP Port 9001 for connections with CESM Administrative Console These ports can be opened in Windows Firewall by opening the control panel, selecting 'Windows Firewall > Exceptions > Add Port...' then specifying each of the ports above in turn. The CESM console receives callbacks on a random, ephemeral port. Therefore, the machine on which the Administrative Console is installed needs to be able to accept incoming connections to the console. This can be done in Windows Firewall by adding the Administrative Console to the list of trusted applications. To do this - open the control panel, select 'Windows Firewall > Exceptions > Add Program... then choose 'CESM Console' from the list of programs.' Administrative Console The following table lists the minimum requirements for the machine upon which CESM Administrative Console will be installed. ADMINISTRATIVE CONSOLE COMPUTER - SYSTEM REQUIREMENTS Hardware Component 32 bit 64-Bit Processor 1 GHz Intel Pentium III or equivalent 1 GHz Intel Pentium IV 64 bit processor or equivalent Memory 128 MB RAM minimum 128 MB RAM minimum Hard Disk 10 MB 10 MB Display Super VGA (1024x768) or higher resolution video adapter and monitor Super VGA (1024x768) or higher resolution video adapter and monitor Software Operating System The following operating systems are supported: The following operating systems are supported: Windows XP - SP2 or later Windows XP x64 Edition Windows Vista - SP1 or later Windows Vista x64 Edition Windows 7 Windows Server 2008 Windows Server 2003 SP1 or later Windows 7 x64 Edition Windows Server 2008 x64 Edition Windows Server 2003 x64 Edition SP1 or later (Note - If desired, both the Administrative console and the Central Service can be installed on the same operating system on the same machine) (Note - If desired, both the Administrative console and the Central Service can be installed on the same operating system on the same machine) Software Environment Microsoft.NET Framework 2.0 Microsoft.NET Framework 2.0 Other Requirements The CESM program modules (Console, Service and Agent) may require Windows Firewall and/or personal firewall configuration changes in order to operate successfully. 10

11 ADMINISTRATIVE CONSOLE COMPUTER - SYSTEM REQUIREMENTS By default, the CESM Central Service is assigned: TCP Port 9901 for connections with the CESM Agent TCP Port 9001 for connections with CESM Administrative Console These ports can be opened in Windows Firewall by opening the control panel, selecting 'Windows Firewall > Exceptions > Add Port...' then specifying each of the ports above in turn. The CESM console receives callbacks on a random, ephemeral port. Therefore, the machine on which the Administrative Console is installed needs to be able to accept incoming connections to the console. This can be done in Windows Firewall by adding the Administrative Console to the list of trusted applications. To do this - open the control panel, select 'Windows Firewall > Exceptions > Add Program... then choose 'CESM Console' from the list of programs.' CESM Agent Computer(s) The following table lists the minimum requirements for the machine upon which CESM Remote Agent will be installed. AGENT / MANAGED PC - SYSTEM REQUIREMENTS Hardware Component 32 bit 64-Bit Processor recommended 1 GHz Intel Pentium III or equivalent 1 GHz Intel Pentium IV 64 bit processor or equivalent Memory recommended 64 MB RAM 64 MB RAM Software Operating System required Other Requirements The following operating systems are supported: The following operating systems are supported: Windows XP Professional - SP2 or later Windows XP Professional x64 Edition Windows Vista - SP1 or later Windows Vista x64 Edition Windows 7 Windows Server 2008 Windows Server 2003 SP1 or later Windows 7 x64 Edition Windows Server 2008 x64 Edition Windows Server 2003 x64 Edition SP1 or later The CESM program modules (Console, Service and Agent) may require Windows Firewall and/or personal firewall configuration changes in order to operate successfully. By default, the CESM Central Service is assigned: TCP Port 9901 for connections with the CESM Agent TCP Port 9001 for connections with CESM Administrative Console These ports can be opened in Windows Firewall by opening the control panel, selecting 'Windows Firewall > Exceptions > Add Port...' then specifying each of the ports above in turn. The CESM console receives callbacks on a random, ephemeral port. Therefore, the machine on which the Administrative Console is installed needs to be able to accept incoming connections to the console. This can be done in Windows Firewall by adding the Administrative Console to the list of trusted applications. To do this - open the control panel, select 'Windows Firewall > Exceptions > Add Program... then choose 'CESM Console' from the list of programs.' 11

2.2 Installation and Licensing Before installation, please make sure the target machine meets the hardware and software prerequisites for the particular component you are installing.

12 2.2 Installation and Licensing Before installation, please make sure the target machine meets the hardware and software prerequisites for the particular component you are installing. Full details regarding system requirements can be found in the preceding section, System Installation Requirements. If you already have a previous version of Comodo Endpoint Security Manager installed, click here for detailed explanations on upgrading CESM to version Installing CESM Central Service and CESM Administrative Console Firstly, decide which computers you will use as Central Service and Administrative Console hosts. If you intend to run the Service and Console applications on the same machine you should opt to install both components at iii. Choosing Installation Preferences stage of the installation wizard. If you choose to install only the Central Service application on the Server PC then the Administrative Console should be installed on a separate machine (aka the 'Console PC' ). Administrators can re-run the installer should they wish to install components on a particular machine that they omitted first time round. I. Downloading and running the installer Download and save the CESM setup file from the Comodo website. This unified installer can be used to setup both the Central Service and Administrative Console. By default, CESM is installed from a.exe file. This.exe contains an embedded.msi. If your company wishes to install CESM from the.msi file then you need to run the.exe with a /x parameter. For example: Download the CESM.exe to your local drive On the Windows 'Start Menu', click 'Run...', browse to the.exe file then run the file with the /x parameter. For example: <path> CESM_Setup_ XP_Vista.exe /x This will extract the.msi to the same location as the.exe. II. Language Selection, Preliminaries and License Agreement After downloading the set up file, the installation wizard should start automatically. If it does not, double click on the downloaded file to begin. The language selection dialog is displayed first. Use the drop down to change this to the language of your choice (currently available languages are 'English and 'Chinese'. Default = 'English'). The language you choose here determines the language used during the setup procedure and by the Administrative Console. Note: The language selection drop down is not available if you are installing from the setup file that has a.msi extension although you can switch language via the console after installation is complete. If you want to view the installation dialogs in a different language too then please install using the.exe setup file. Next, the welcome screen is displayed. At this time, you may cancel the installation process or continue with the Comodo Endpoint Security Manager Setup program. 12

13 Click 'Next' to continue. To complete the initialization phase you must read and accept the License Agreement. After you have read the End-User License Agreement, check the 'I accept the terms in the License Agreement' box and click 'Next' to continue installation. If you decline, you cannot continue with the installation. After assenting to the license agreement, carefully read the release notes. Apart from displaying a reminder of system installation requirements the release notes can also contain the very latest information regarding new product features, developments, known issues and installation advice to help you to avoid possible installation and configuration problems. 13

installation of only the Administrative Console on the target computer.

14 III. Choosing Installation Preferences The next stage of the installation process is to specify which components of CESM to install: By default, the installer will offer installation of only the Administrative Console on the target computer. Administrators should modify the relevant controls according to their installation preferences (More details). 14

Installation Options - Table of Parameters Control Description Icons with the symbol to the right are the currently selected installation option.

15 Installation Options - Table of Parameters Control Description Icons with the symbol to the right are the currently selected installation option. Clicking this icon will open a menu allowing the user to select alternative installation options. These alternative installation options are explained in the next four rows of this table. Indicates that the component named to the right of the icon will be installed on the local drive Indicates that the component named to the right of the icon and all of its associated sub-components will be installed on the local drive. Indicates that the component named to the right of the icon will be installed as and when the user requires. Choosing this option will create a shortcut to the Comodo folder on the Windows start menu - allowing the feature to be installed when the shortcut is selected. Indicates that the component named to the right of the icon will not be installed. Browse... The 'Browse...' button allows to select another location folder for CESM to be installed. Reset The 'Reset' button allows to roll back to default installation options. Disk Usage The combined disk space that will be taken up if the currently selected components are installed. Back The 'Back' button allows to roll back to 'Release Notes' dialog. Next The 'Next' button confirms your choices and continues onto the next stage of the installation process. Cancel The 'Cancel' button annuls the installation and quits the installation wizard. The default installation location is 'C:\Program Files\COMODO\EndpointSecurityManager\' Administrators can specify an alternative installation location by clicking the 'Browse...' button (More details). IV. Specify Database and CESM Administrator Parameters for Central Service If you elected to install the CESM Central Service when Choosing Installation Preferences then you now need to provide configuration details so that this service can (i) Connect to the SQL Express Database (ii) Connect to the CESM Administrative Console. Both of these tasks are carried out at the 'Service Parameters' dialog box: 15

'Service Parameters' dialog - Table of Parameters Field Name Description SQL Server computer Administrators should enter Server computer's name.

16 'Service Parameters' dialog - Table of Parameters Field Name Description SQL Server computer Administrators should enter Server computer's name. SQL Server instance Administrators should specify SQL Server instance. Database name Administrators should enter database name. Listening port to agent connections Administrators should specify port for agent connections. Default: Listening port to console connections Administrators should specify port for console connections. Default: V. If you are also installing (or have already installed) the Central Service on the same machine that you are now installing the Administrative Console, then you can leave the 'Service Computer' field at the default setting of 'localhost'. If you have installed the Central Service on a different machine to one that the Administrative Console is (or is to be) installed on, then you must specify the host name of that machine in the 'Service Computer' field. Port 9001 is the default port number that the Central Service will listen to for connections from the Administrative Console. If you wish to change this port number, then remember to also make the corresponding alteration to the Central Service Listening Port Number. Product Activation In the following step you will be prompted to activate your CESM license. Please ensure you are connected to the Internet. 16

would like to register now' I have a valid license - simply browse to location of your license file, click 'Open' then 'Next'.

17 If you have an activation code and would like to use it to activate your license then select 'I have an activation code' If you are already a customer with a valid license file you should select 'I have a valid license file' If you would like to register a new account then select 'I would like to register now' I have a valid license - simply browse to location of your license file, click 'Open' then 'Next'. After your license has been validated, the setup process will move onto Warranty Activation. I have an activation code - enter your activation key in the field provided. 17

18 Click the 'Next' button when done. The setup process will move onto Warranty Activation. I would like to register now - If you do not have a Comodo Accounts Manager (CAM) account then the setup wizard provides you with an opportunity to enroll. Your CAM account allows you to manage items such as purchase history and is essential for successfully activating your license and warranty. Once you have an account you can log in at All fields are mandatory so please take care to fill out the form completely. Click 'Next' to submit your request. After successful enrollment, CAM will send the activation code to the address you specified during sign up. VI. Warranty Activation The Comodo warranty is available to all contracted customers - offering compensation if endpoints are damaged as a result of malware and Comodo support services cannot return them to a working condition. See End User License Agreement for full details. Using information from your CAM account, the CESM installer will now determine whether or your license qualifies for the Comodo Warranty. All paying customers automatically qualify for the warranty for all licensed endpoints - the only choice is whether or not you wish to activate it now. 18

Customers that select 'I'm Interested in the ESM Warranty' will be presented with the End User License Agreement (with warranty); Trialists are not eligible for warranty coverage and will skip this

19 Customers that select 'I'm Interested in the ESM Warranty' will be presented with the End User License Agreement (with warranty); Trialists are not eligible for warranty coverage and will skip this stage entirely, moving straight onto the Standard End User License Agreement. EULA (with warranty) If you are interested in activating the warranty choose 'I'm interested in the ESM warranty' and click 'Next.' You will then be asked to agree to the 'End User License Agreement (with warranty)': After checking 'I accept the terms...' click 'Finish'. This will activate your license and your warranty and move you onto step vii Specify CESM Administrator Console Connection Parameters. Standard Eula If you do not wish to activate the warranty then select 'I'm not interested in the ESM warranty'. You will then need to accept the 'Standard' End User License agreement. 19

After checking 'I accept the terms...' click 'Finish'. This will activate your license and your warranty and move you onto step vii Specify CESM Administrator Console Connection Parameters. VII.

20 After checking 'I accept the terms...' click 'Finish'. This will activate your license and your warranty and move you onto step vii Specify CESM Administrator Console Connection Parameters. VII. Specify CESM Administrator Console Connection Parameters If you elected to install the CESM Administrative Console when Choosing Installation Preferences then you now need to provide configuration settings so the Console can connect to the Central Service. Please specify the host name and port number of the computer upon which CESM Central Service is installed: VIII. Finalizing the Installation After completing the configuration options to your satisfaction in the preceding steps, a confirmation dialog box will be displayed. 20

21 Click the 'Back' button to review and/or modify any of settings you have previously specified. To confirm your choices and begin the installation of the selected CESM components, click 'Install'. A setup status dialog box is displayed. You will see a progress bar indicating that files are being installed. Click 'Finish' to complete installation and exit the wizard. 21

22 2.2.2 Upgrading to Comodo Endpoint Security Manager Version 1.6 If you already have a previous version of Comodo Endpoint Security Manager installed in your network, you can upgrade it to Comodo Endpoint Security Manager version 1.6 by following the instructions given below. Before installation, please make sure the target machine meets the hardware and software prerequisites for the particular component you are installing. Full details regarding system requirements can be found in the preceding section, System Installation Requirements. Please click the links below to go to the section that is relevant to your deployment. Upgrading CESM version to CESM version 1.6; Upgrading CESM version 1.5 to CESM version 1.6; Upgrading CESM version 1.4 to CESM version 1.6; Upgrading CESM version 1.3 to CESM version Upgrading CESM version to CESM version 1.6 Introduction To upgrade CESM to the new version, CESM 1.6 you need to do the following. Upgrade the ESM Administrative Console and/or Central Service computer (ESM Server) by installing ESM 1.6 server components. Refer section 'CESM Server Upgrade' below for detailed steps. Upgrade endpoint installations of the ESM Remote agent by installing CESM 1.6 Agents on the managed computers. Refer section 'CESM Agent upgrade' for steps. Upgrade endpoint installations of CIS. Refer section CIS Upgrade below for steps. No upgrade of CDE is required. Limitations Please read this section carefully and follow given advices to ensure the upgrade goes smoothly and leads to further trouble-free use of the application. Version of CESM Console is not supported by CESM 1.6 and therefore it has to be replaced with the new 1.6 version wherever it is installed. If versions of CESM Console are installed on standalone machines, they have to be uninstalled before installation of CESM Console 1.6. In order to uninstall the CESM Console from a standalone machine you should go to: Start > Control Panel > Programs > Uninstall a program Chose 'COMODO Endpoint Security Manager' from the list and click the 'Uninstall' button. Follow the steps in the uninstall wizard to make sure the uninstallation is completed successfully. 22

23 Instructions Please perform the upgrade strictly as described in this section to ensure that the CESM and managed computers do not malfunction because above Limitations have been ignored or omitted. If you are not sure how to properly apply the changes in your particular environment, please contact our Customer Support service. CESM Server upgrade 1. Download the CESM 1.6 installation file and store it on your CESM server machine. 2. Stop Comodo ESM Server service. 3. Backup CESM database using any MSSQL RDBMS management tool such as Microsoft SQL Server Management Studio Express. Please note: default name of CESM database is CrmData. Caution! Please perform database backup using RDBMS management tool (do not simply copy the database files) this will eliminate possible integrity violation. 4. Run CESM 1.6 installation file and follow installation program's instructions. 5. Make sure installation is completed successfully. 6. Make sure Comodo ESM Server service is started. 7. Run CESM Console and get connected to CESM server. Make sure that The managed computers are in the same (online or offline) state as before the upgrade; The CESM data (tasks definitions, discovery results, packages, history data) are correct; The scheduled tasks are running as usual, the alerts and requests you expect from managed products appear in corresponding CESM Console managers. 8. Please check if the About dialog or Start Page shows correct version number and make sure your license information is correct. Note: If you experience problems during CESM server upgrade, please double check if you have followed all upgrade steps properly. If the problems persist, please contact Customer Support service. Note: After your CESM server has been successfully upgraded: 1. You will be able to manage "new" computers in your tree and install CESM Agent 1.6 and CIS on them. By "new" computers we mean those that currently have no previously installed CESM Agent and CIS. 2. At the same time (without taking any preparatory actions) you will be able to continue managing computers that were made "managed" before. Optionally, you can leave and use previously installed CIS on these computers. Please follow below instructions if you decide to replace the old CIS version with new one. Caution! You need to upgrade both CESM Agent and CIS on managed computers which will apply all the latest fixes in full, please carefully follow described upgrade steps to avoid any unpredictable consequences. CESM Agent upgrade Caution! CESM Agent must be upgraded before you upgrade the product. Doing so you will ensure the managed computer's software is not damaged. 1. Open CESM Console. 2. Select target computers in the Computers tree (group-select using Shift or Ctrl buttons). 3. Right-click on the selected and chose Control - Update Agent. 4. Make sure notifications about successful CESM Agent upgrade were received and computers which you have just installed CESM Agent on are online according to their status in the computers tree. Note: If you have several different users each of them having own administrative privileges on their managed computers, you have to divide your computers' pool in which you need to upgrade CESM Agent into corresponding groups and perform above 23

24 CESM Agent upgrade step 3 separately for every such administrator/group. Comodo Internet Security 3.x to 4.x upgrade Caution! Please do not perform upgrade of the product before you upgrade the CESM Agent, it may inflict damage on the managed computer's software. 1. Open CESM Console. 2. Run the task containing Discover data action (having CIS - Config profile) to be run on managed computers on which you need to perform upgrade. Create such a task if it does not yet exist. 3. Create a task containing Uninstall package action to be run on computers on which you need to upgrade CIS. Choose corresponding CIS package to be uninstalled by this action. 4. Run this task. 5. Make sure the task is completed successfully checking Task Results history. If you see an error message, fix the problem accordingly and run the task again. Make sure that after reboot the target computers in the tree turned online. 6. Open Package Manager and add new CIS version as a new package. 7. Create a task containing Install package action to be run on target computers on which you need to upgrade CIS. Choose CIS package you have just added on the previous step. (You also can right click on a target computer in a Computers tree and select Install and choose a new CIS package.) 8. Run this task. 9. Make sure the task is completed successfully by checking the Task Results History. If you see an error message, fix the problem accordingly and run the task again. Make sure that after reboot the target computers in the tree appear as online. 10. Using the data discovered by the task ran at the step 2 create a new task containing 'CIS set Config' action to be run on the target computers on which you have just installed new CIS package. 11. Run this task. 12. Make sure the task is completed successfully by checking Task Results history. If you see an error message, fix the problem accordingly and run the task again. Note: If you have different managed product configurations on target computers on which you need to upgrade CIS, you have to divide target computers' pool into corresponding groups (by CIS configurations) and perform above CIS upgrade steps 1012 separately for every such configuration/group. Comodo Internet Security 4.x upgrade If you do not use Comodo Offline Updater for CIS anti-virus databases and executables updates please proceed directly to step Add CIS RM folder cis_rm/download/updates/release/inis_600 for binary download to Comodo Offline Updater as shown on the picture below (an alternative way to configure Comodo Offline Updater to get CIS updates is to set Automatically detect remote folder from client requests checkbox). 24

25 2. Run the task on target machines containing CIS - Set Update Hosts list action with Comodo Offline Updater server details in order to configure CIS to update from your Comodo Offline Updater server. 3. Open the CESM Administrative console. 4. Start the 'New Task' Wizard ('Start Up Tasks' section of the Start page). 5. Select the target computers for the CIS upgrade. 6. Select 'Create New Sequence'. 7. Choose 'CIS - Update (Virus Database/Programs)' as the Task Action. 8. Press Next. 9. Configure a Task schedule if required. 10. Press 'Next' then 'Finish'. 11. Make sure the Task has completed successfully by checking the Task Results window (History > Task Result). If you see an error message, fix the problem accordingly and run the task again. 12. The target endpoints will need to be restarted in order to complete the updates. The CESM console will notify you when it is time to do this. When this notification arrives, please restart the endpoint. 13. After reboot, make sure the target computers appear as online in the 'Computers' window. Note: If you carefully followed all above upgrade steps, now you have the latest versions of CESM Server, CESM Agent and CIS, the latter has the same configuration as it had before the upgrade Upgrading CESM version 1.5 to CESM version 1.6 Introduction To upgrade CESM 1.5 to the new version, CESM 1.6 you need to do the following. Upgrade the ESM Administrative Console and/or Central Service computer (ESM Server) by installing ESM 1.6 server components. Refer section 'CESM Server Upgrade' below for detailed steps. Upgrade endpoint installations of the ESM Remote agent by installing CESM 1.6 Agents on the managed computers. Refer section 'CESM Agent upgrade' for steps. 25

26 Upgrade endpoint installations of CIS. Refer section CIS Upgrade below for steps. No upgrade of CDE is required. Limitations Please read this section carefully and follow given advices to ensure the upgrade goes smoothly and leads to further troublefree use of the application. Version 1.5 of CESM Console is not supported by CESM 1.6 and therefore it has to be replaced with the new 1.6 version wherever it is installed. If 1.5 versions of CESM Console are installed on standalone machines, they have to be uninstalled before installation of CESM Console 1.6. In order to uninstall the CESM Console from a standalone machine you should go to: Start > Control Panel > Programs > Uninstall a program Chose 'COMODO Endpoint Security Manager' from the list and click the 'Uninstall' button. Follow the steps in the uninstall wizard to make sure the uninstallation is completed successfully. Instructions Please perform the upgrade strictly as described in this section to ensure that the CESM and managed computers do not malfunction because above Limitations have been ignored or omitted. If you are not sure how to properly apply the changes in your particular environment, please contact our Customer Support service. CESM Server upgrade 1. Download the CESM 1.6 installation file and store it on your CESM server machine. 2. Stop Comodo ESM Server service. 3. Backup CESM database using any MSSQL RDBMS management tool such as Microsoft SQL Server Management Studio Express. Please note: default name of CESM database is CrmData. Caution! Please perform database backup using RDBMS management tool (do not simply copy the database files) this will eliminate possible integrity violation. 4. Run CESM 1.6 installation file and follow installation program's instructions. 5. Make sure installation is completed successfully. 6. Make sure Comodo ESM Server service is started. 7. Run CESM Console and get connected to CESM server. Make sure that The managed computers are in the same (online or offline) state as before the upgrade; The CESM data (tasks definitions, discovery results, packages, history data) are correct; The scheduled tasks are running as usual, the alerts and requests you expect from managed products appear in corresponding CESM Console managers. 8. Please check if the About dialog or Start Page shows correct version number and make sure your license information is correct. Note: If you experience problems during CESM server upgrade, please double check if you have followed all upgrade steps properly. If the problems persist, please contact Customer Support service. Note: After your CESM server has been successfully upgraded: 1. You will be able to manage "new" computers in your tree and install CESM Agent 1.6 and CIS on them. By "new" computers we mean those that currently have no previously installed CESM Agent and CIS. 2. At the same time (without taking any preparatory actions) you will be able to continue managing computers that were made "managed" before. Optionally, you can leave and use previously installed CIS on these computers. Please follow below instructions if you decide to replace the old CIS version with new one. Caution! You need to upgrade both CESM Agent and CIS on managed computers which will apply all the latest fixes in full, please carefully follow described upgrade steps to avoid any unpredictable consequences. CESM Agent upgrade 26

27 Caution! CESM Agent must be upgraded before you upgrade the product. Doing so you will ensure the managed computer's software is not damaged. 1. Open CESM Console. 2. Select target computers in the Computers tree (group-select using Shift or Ctrl buttons). 3. Right-click on the selected and chose Control - Update Agent. 4. Make sure notifications about successful CESM Agent upgrade were received and computers which you have just installed CESM Agent on are online according to their status in the computers tree. Note: If you have several different users each of them having own administrative privileges on their managed computers, you have to divide your computers' pool in which you need to upgrade CESM Agent into corresponding groups and perform above CESM Agent upgrade step 3 separately for every such administrator/group. Comodo Internet Security 3.x to 4.x upgrade Caution! Please do not perform upgrade of the product before you upgrade the CESM Agent, it may inflict damage on the managed computer's software. 1. Open CESM Console. 2. Run the task containing Discover data action (having CIS - Config profile) to be run on managed computers on which you need to perform upgrade. Create such a task if it does not yet exist. 3. Create a task containing Uninstall package action to be run on computers on which you need to upgrade CIS. Choose corresponding CIS package to be uninstalled by this action. 4. Run this task. 5. Make sure the task is completed successfully checking Task Results history. If you see an error message, fix the problem accordingly and run the task again. Make sure that after reboot the target computers in the tree turned online. 6. Open Package Manager and add new CIS version as a new package. 7. Create a task containing Install package action to be run on target computers on which you need to upgrade CIS. Choose CIS package you have just added on the previous step. (You also can right click on a target computer in a Computers tree and select Install and choose a new CIS package.) 8. Run this task. 9. Make sure the task is completed successfully by checking the Task Results History. If you see an error message, fix the problem accordingly and run the task again. Make sure that after reboot the target computers in the tree appear as online. 10. Using the data discovered by the task ran at the step 2 create a new task containing 'CIS set Config' action to be run on the target computers on which you have just installed new CIS package. 11. Run this task. 12. Make sure the task is completed successfully by checking Task Results history. If you see an error message, fix the problem accordingly and run the task again. Note: If you have different managed product configurations on target computers on which you need to upgrade CIS, you have to divide target computers' pool into corresponding groups (by CIS configurations) and perform above CIS upgrade steps 1012 separately for every such configuration/group. Comodo Internet Security 4.x upgrade If you do not use Comodo Offline Updater for CIS anti-virus databases and executables updates please proceed directly to step Add CIS RM folder cis_rm/download/updates/release/inis_600 for binary download to Comodo Offline Updater as shown on the picture below (an alternative way to configure Comodo Offline Updater to get CIS updates is to set Automatically detect remote folder from client requests checkbox). 27

28 2. Run the task on target machines containing CIS - Set Update Hosts list action with Comodo Offline Updater server details in order to configure CIS to update from your Comodo Offline Updater server. 3. Open the CESM Console. 4. Run the task containing CIS - Update Virus Databases/Programs action on the target computers. Create such a task if it does not yet exist. 5. Enter administrator's username and password on the target machine if needed in order to start binary updater. 6. Restart endpoint if needed when update is finished. 7. Make sure the task is completed successfully checking Task Result history. Note: If you carefully followed all above upgrade steps, now you have the latest versions of CESM Server, CESM Agent and CIS, the latter has the same configuration as it had before the upgrade Upgrading CESM version 1.4 to CESM version 1.6 Introduction To upgrade CESM 1.4 to the new version CESM 1.6 you need to do the following. Upgrade the ESM Administrative Console and/or Central Service computer (ESM Server) by installing ESM 1.6 server components. Refer section 'CESM Server Upgrade' below for detailed steps. Upgrade endpoint installations of the ESM Remote agent by installing CESM 1.6 Agent on the managed computers. Refer section 'CESM Agent upgrade' for steps. Note: For CESM 1.3 and higher, you can install CESM Agents on 32-bit and 64-bit systems from the same task. Appropriate agent installation is selected automatically. Upgrade endpoint installations of CIS. Refer section CIS Upgrade below for steps. No upgrade of CDE is required. Note: Make sure that you are connected to Internet before starting the upgrade process. 28

29 Limitations Please carefully read this part and follow given advices to ensure the upgrade goes on smoothly and leads to further troublefree use of the application. 1. Version 1.4 of CESM Console is not supported by CESM 1.6 and therefore it has to be replaced with the new 1.6 version wherever it is installed. If 1.4 versions of CESM Console are installed on standalone machines, they have to be uninstalled before installation of CESM Console 1.6. In order to uninstall the CESM Console from a standalone machine you should go to: Start > Control Panel > Programs > Uninstall a program Chose 'COMODO Endpoint Security Manager' from the list and click the 'Uninstall' button. Follow the steps in the uninstall wizard to make sure the uninstallation is completed successfully. 2. CIS does not allow remote CESM Agent installation. Before you upgrade CESM Agent you have to disable CIS firewall and Defense+ on target computers on which you need to upgrade CESM Agent so as to avoid CESM Agent 1.6 remote installation fail. 3. Old 1.4 version of CESM Agent cannot support new CESM 1.6 features. Instructions Please perform the upgrade strictly as described in this section to ensure that the CESM and managed computers do not malfunction because above Limitations have been ignored or omitted. If you are not sure how to properly apply the changes in your particular environment, please contact our Customer Support service. CESM Server upgrade 1. Download CESM 1.6 installation file and store it on your CESM server machine. 2. Stop Comodo ESM Server service. 3. Backup CESM database using any MSSQL RDBMS management tool such as Microsoft SQL Server Management Studio Express. Please note: default name of CESM database is CrmData. Caution! Please perform database backup using RDBMS management tool (do not simply copy the database files) this will eliminate possible integrity violation. 4. Run CESM 1.6 installation file and follow installation program's instructions. 5. Make sure installation is completed successfully. Restart CESM Server machine (if the installation program requires you to do so). 6. Make sure Comodo ESM Server service is started. 7. Run CESM Console and get connected to CESM server. Make sure that - 8. The managed computers are in the same (online or offline) state as before the upgrade; The CESM data (tasks definitions, discovery results, packages, history data) are correct; The scheduled tasks are running as usual, the alerts and requests you expect from managed products appear in corresponding CESM Console managers. Please check if the About dialog or Start Page shows correct version number and make sure your license information is correct. Note: If you experience problems during CESM server upgrade, please double check if you have followed all upgrade steps properly. If the problems persist, please contact Customer Support service. Note: When you successfully completed upgrade of CESM server: 1. You will be able to manage "new" computers in your tree and install CESM Agent 1.6 and CIS on them. By "new" computers we mean those that currently have no previously installed CESM Agent and CIS. 2. At the same time (without taking any preparatory actions) you will be able to continue managing computers that were made "managed" before. Optionally, you can leave and use previously installed CIS on these computers. Please follow below instructions if you decide to replace the old CIS version with new one. 29

30 Caution! You need to upgrade both CESM Agent and CIS on managed computers which will apply all the latest fixes in full, please carefully follow described upgrade steps to avoid any unpredictable consequences. CESM Agent upgrade Caution! CESM Agent must be upgraded before you upgrade the product. Doing so you will ensure managed computer's software is not damaged. 1. Open CESM Console. 2. Right click on the target computer in Computers tree, select Internet Security > Configuration > Custom Disable Firewall and Defense+ in CIS configuration. Press OK. 4. Open configuration again to be sure, that it was applied successfully (firewall and Defense+ are disabled on computer where you need to upgrade CESM Agent). 5. Run Agent installation wizard. You can run it from Start page or Tools or from context menu on Computers tree 6. Select managed computers where you want to upgrade CESM Agent. 7. Type user credentials for CESM Agent installation 8. On Target computers configuration check page you have message "Agent is out of date" and status "Success" for all computers 9. Press Next to continue agent installation wizard 10. Press Install button on Agent(s) installation process to run installation 11. Make sure notifications about successful CESM Agent upgrade were received and computers on which you have just installed CESM Agent are online according to their status in the computers tree. 12. Make sure Run Comodo Products Installation checkbox is unchecked and click Finish button. Note: If you have several different users each of them having own administrative privileges on their managed computers, you have to divide your computers' pool in which you need to upgrade CESM Agent into corresponding groups and perform above CESM Agent upgrade steps 5-12 separately for every such administrator/group. CIS upgrade Caution! Please do not perform upgrade of the product before you upgrade CESM Agent, it may inflict damage on managed computer's software. 1. Open CESM Console. 2. Run the task containing Discover data action (having CIS - Config profile) to be run on managed computers on which you need to perform upgrade. Create such a task if it does not yet exist. 3. Create a task containing Uninstall package action to be run on computers on which you need to upgrade CIS. Choose corresponding CIS package to be uninstalled by this action. 4. Run this task. 5. Make sure the task is completed successfully checking Task Results history. If you see an error message, fix the problem accordingly and run the task again. Make sure that after reboot the target computers in the tree turned online. 6. Open Package Manager and add new CIS version as a new package. 7. Create a task containing Install package action to be run on target computers on which you need to upgrade CIS. Choose CIS package you have just added on the previous step (You also can right click on a target computer in a Computers tree and select Install and choose a new CIS package). 8. Run this task. 9. Make sure the task is completed successfully checking Task Results history. If you see an error message, fix the problem accordingly and run the task again. Make sure that after reboot the target computers in the tree appear as online. 10. Using the data discovered by the task ran at the step 2 create a new task containing CIS - Set Config action to be run on the target computers on which you have just installed new CIS package. 11. Run this task. 30

31 12. Make sure the task is completed successfully checking Task Results history. If you see an error message, fix the problem accordingly and run the task again. Note: If you have different managed product configurations on target computers on which you need to upgrade CIS, you have to divide target computers' pool into corresponding groups (by CIS configurations) and perform above CIS upgrade steps 1012 separately for every such configuration/group. Note: If you carefully followed all above upgrade steps, now you have the latest versions of CESM Server, CESM Agent and CIS, the latter has the same configuration as it had before the upgrade Upgrading CESM version 1.3 to CESM version 1.6 Introduction To upgrade CESM 1.3 to the new version CESM 1.6 you need to do the following. Upgrade the ESM Administrative Console and/or Central Service computer (ESM Server) by installing ESM 1.6 server components. Refer section 'CESM Server Upgrade' below for detailed steps. Upgrade endpoint installations of the ESM Remote agent by installing CESM 1.6 agent on the managed computers. Refer section 'CESM Agent upgrade' for steps. Note: For CESM 1.3 and higher, you can install CESM Agents on 32-bit and 64-bit systems from the same task. Appropriate agent installation is selected automatically. Upgrade endpoint installations of CIS. Refer section CIS Upgrade below for steps. No upgrade of CDE is required. Note: Make sure that you are connected to Internet before starting the upgrade process. Limitations Please carefully read this part and follow given advices to ensure the upgrade goes on smoothly and leads to further troublefree use of the application. 1. Version 1.3 of CESM Console is not supported by CESM 1.6 and therefore it has to be replaced with the new 1.6 version wherever it is installed. If 1.3 versions of CESM Console are installed on standalone machines, they have to be uninstalled before installation of CESM Console 1.6. In order to uninstall the CESM Console from a standalone machine you should go to: Start > Control Panel > Programs > Uninstall a program 2. Chose 'COMODO Endpoint Security Manager' from the list and click the 'Uninstall' button. Follow the steps in the uninstall wizard to make sure the uninstallation is completed successfully. 3. CIS does not allow remote CESM Agent installation. Before you upgrade CESM Agent you have to disable CIS firewall and Defense+ on target computers on which you need to upgrade CESM Agent so as to avoid CESM Agent 1.6 remote installation fail. 4. Old 1.3 version of CESM Agent cannot support new CESM 1.6 features. Instructions Please perform the upgrade strictly as described in this section to ensure that the CESM and managed computers do not malfunction because above Limitations have been ignored or omitted. If you are not sure how to properly apply the changes in your particular environment, please contact our Customer Support service. CESM Server upgrade 1. Download CESM 1.6 installation file and store it on your CESM server machine. 2. Stop Comodo ESM Server service. 3. Backup CESM database using any MSSQL RDBMS management tool such as Microsoft SQL Server Management Studio Express. Please note: default name of CESM database is CrmData. 31

32 Caution! Please perform database backup using RDBMS management tool (do not simply copy the database files) this will eliminate possible integrity violation. 4. Run CESM 1.6 installation file and follow installation program's instructions. 5. Make sure installation is completed successfully. Restart CESM Server machine (if the installation program requires you to do so). 6. Make sure Comodo ESM Server service is started. 7. Run CESM Console and get connected to CESM server. Make sure that - 8. the managed computers are in the same (online or offline) state as before the upgrade; the CESM data (tasks definitions, discovery results, packages, history data) are correct; the scheduled tasks are running as usual, the alerts and requests you expect from managed products appear in corresponding CESM Console managers. Please check if the About dialog or Start Page shows correct version number and make sure your license information is correct. Note: If you experience problems during CESM server upgrade, please double check if you have followed all upgrade steps properly. If the problems persist, please contact Customer Support service. Note: When you successfully completed upgrade of CESM server: 1. You will be able to manage "new" computers in your tree and install CESM Agent 1.6 and CIS on them. By "new" computers we mean those that currently have no previously installed CESM Agent and CIS. 2. At the same time (without taking any preparatory actions) you will be able to continue managing computers that were made "managed" before. Optionally, you can leave and use previously installed CIS on these computers. Please follow below instructions if you decide to replace the old CIS version with new one. Caution! You need to upgrade both CESM Agent and CIS on managed computers which will apply all the latest fixes in full, please carefully follow described upgrade steps to avoid any unpredictable consequences. CESM Agent upgrade Caution! CESM Agent must be upgraded before you upgrade the product. Doing so you will ensure managed computer's software is not damaged. 1. Open CESM Console. 2. Right click on the target computer in Computers tree, select Internet Security Configuration Custom Disable Firewall and Defense+ in CIS configuration. Press OK. 4. Open configuration again to be sure, that it was applied successfully (firewall and Defense+ are disabled on computer where you need to upgrade CESM Agent). 5. Run Agent installation wizard. You can run it from Start page or Tools or from context menu on Computers tree 6. Select managed computers where you want to upgrade CESM Agent. 7. Type user credentials for CESM Agent installation 8. On Target computers configuration check page you have message "Agent is out of date" and status "Success" for all computers 9. Press Next to continue agent installation wizard 10. Press Install button on Agent(s) installation process to run installation 11. Make sure notifications about successful CESM Agent upgrade were received and computers on which you have just installed CESM Agent is online according to their status in the computers tree 12. Make sure Run Comodo Products Installation checkbox is unchecked and click Finish button. Note: If you have several different users each of them having own administrative privileges on their managed computers, you have to divide your computers' pool in which you need to upgrade CESM Agent into corresponding groups and perform above CESM Agent upgrade steps 5-12 separately for every such administrator/group. 32

33 CIS upgrade Caution! Please do not perform upgrade of the product before you upgrade CESM Agent, it may inflict damage on managed computer's software. 1. Open CESM Console. 2. Run the task containing Discover data action (having CIS - Config profile) to be run on managed computers on which you need to perform upgrade. Create such a task if it does not yet exist. 3. Create a task containing Uninstall package action to be run on computers on which you need to upgrade CIS. Choose corresponding CIS package to be uninstalled by this action. 4. Run this task. 5. Make sure the task is completed successfully checking Task Results history. If you see an error message, fix the problem accordingly and run the task again. Make sure that after reboot the target computers in the tree turned online. 6. Open Package Manager and add new CIS version as a new package. 7. Create a task containing Install package action to be run on target computers on which you need to upgrade CIS. Choose CIS package you have just added on the previous step. (You also can right click on a target computer in a Computers tree and select Install and choose a new CIS package.) 8. Run this task. 9. Make sure the task is completed successfully checking Task Results history. If you see an error message, fix the problem accordingly and run the task again. Make sure that after reboot the target computers in the tree appear as online. 10. Using the data discovered by the task ran at the step 2 create a new task containing CIS - Set Config action to be run on the target computers on which you have just installed new CIS package. 11. Run this task. 12. Make sure the task is completed successfully checking Task Results history. If you see an error message, fix the problem accordingly and run the task again. Note: If you have different managed product configurations on target computers on which you need to upgrade CIS, you have to divide target computers' pool into corresponding groups (by CIS configurations) and perform above CIS upgrade steps 1012 separately for every such configuration/group. Note: If you carefully followed all above upgrade steps, now you have the latest versions of CESM Server, CESM Agent and CIS, the latter has the same configuration as it had before the upgrade Installing Comodo Offline Updater Utility The Comodo Offline Updater Utility allows administrators to configure a local server to download, store and provision database and program updates to networked computers running software such as Comodo Internet Security. The utility can be installed on a local server and configured to periodically download CIS signature and program updates from (default). Once downloaded, this local server can then act as the CIS update server for some or all of the managed machines on the network. Setting up a local update server often allows an organization to save time and bandwidth when rolling out updates to a large number of managed nodes.. This section explains the installation of the Comodo Offline Updater Utility on the server. For a detailed explanation on how to configure the configuration of the application after installation, see Appendix 1 Setting Up a Local Update Server. I. Downloading and Running the Installer The offline updater can be downloaded from: To set up the Comodo Offline Updater on the CESM Server, download and save the 'COU_Setup_< version>.msi' installation file. To start installation of the application, double click the installation file icon. The welcome screen will be displayed. 33

Click 'Next'. II. License Agreement The End User License Agreement will be displayed. To complete the installation phase you must read and accept the License Agreement.

34 Click 'Next'. II. License Agreement The End User License Agreement will be displayed. To complete the installation phase you must read and accept the License Agreement. After you have read the End-User License Agreement, check the 'I accept the terms in the License Agreement' box and click 'Next' to continue installation. If you decline, you cannot continue with the installation. III. Choosing Destination Folder The next step is to choose the destination folder in your server for the installation of the Comodo Offline Updater. 34

35 To install the application in the default location, click 'Next'. If you want the application to be installed in a different location, click 'Change', navigate to the desired folder and click 'Next'. IV. Ready to Install After completing the configuration options to your satisfaction in the preceding steps, a confirmation dialog will be displayed. Click the 'Back' button to review and/or modify any of settings you have previously specified. To confirm your choices and begin the installation of the Comodo Offline Updater, click 'Install'. A setup status dialog box is displayed. You will see a progress bar indicating that files are being installed. 35

V. Installation Complete The Installation Complete dialog is displayed indicating the successful completion of installation. Click 'Finish'.

36 V. Installation Complete The Installation Complete dialog is displayed indicating the successful completion of installation. Click 'Finish'. The Comodo Offline Updater Utility is successfully installed in your server. Note: The Comodo Offline Updater Utility can be installed on several servers within the network if the Administrator wants to setup multiple local update servers. This can be done through the CESM console by creating a task to install the application. For more details, see 'The Package Management Window', 'The Sequence Manager Window' and 'The Task Manager Window' sections Upgrading Comodo Offline Updater Upgrading Comodo Offline Updater is a simple process of uninstalling the old version, deleting any downloaded data then installing the latest version. 1) Uninstall the old version of Comodo Offline Updater. This has to be done via the Windows Control Panel 36

37 Windows versions prior to Vista: Start > Run > Type 'control.exe' in the 'Run' field and click 'OK' > Open 'Add/ Remove Programs' > Find 'Comodo Offline Updater' in the list of installed programs and select 'Uninstall' Windows Vista and above: Start > Run > Type 'control.exe' in the 'Run' field and click 'OK' > Open 'Programs and Features' > Find 'Comodo Offline Updater' in the list of installed programs and select 'Uninstall' 2) Delete all data downloaded by the older version of Comodo Offline Updater. Delete the folder located at: "C:\Program Files (x86)\comodo\offline Updater\Data\ Or C:\Program Files\Comodo\Offline Updater\Data\" Note: The location stated above is the default location. This will be different if you changed the default directory during setup of COU. 3) Install the latest version. This can be downloaded from the Comodo website at the following URL: Once downloaded, run the COU setup program as described above Local Installation of CIS and the Agent Instead of installing remotely, administrators have the option to locally install Comodo Internet Security and the latest version of the CESM Agent directly on endpoint machines. This is done by running the Local Installation Package, a dedicated installer available on the Comodo website, on the local machine. Installing CIS and the agent locally is an alternative way of establishing connectivity between an endpoint and the CESM Central Service server. This may useful should the administrator experience difficulties connecting to an endpoint. During setup, the person installing the software will specify the host and port number of the CESM Central Service server. After the endpoint has successfully connected it can be controlled by the Administrator in the same way as it would if it were imported via the usual process. During the setup process, this installer will: Detect and offer to uninstall any incompatible software that is installed on the endpoint; Provide the opportunity to install the latest version of Comodo Internet Security; Provide the opportunity to install the latest version of CESM Agent. Note: Administrators are advised to have installed and configured CESM before installing this software on a local machine. One of the initial stages of installation is that you specify the host-name and agent port number of your CESM server. Download the offline installer: Visit Scroll to the bottom of the page and locate the 'Local Installation Package' icon 37

Select 'Click Here to download' and save the installer file to a local drive. Administrators should now copy this file to the required endpoint machines.

exe', has to be run via a command line with the following additional parameters: /host=hostname - where 'hostname' is the name of the host upon which CESM has been installed.

38 Select 'Click Here to download' and save the installer file to a local drive. Administrators should now copy this file to the required endpoint machines. Installation Step 1 - Run the setup file with additional parameters The setup file 'CESM_Agent_Setup_<version>.exe', has to be run via a command line with the following additional parameters: /host=hostname - where 'hostname' is the name of the host upon which CESM has been installed. This can be in the form of a hostname or IP address. /port=portnumber - where 'portnumber' is the agent port that was configured when CESM was originally set up. If the administrator accepted the default of 9901 during CESM setup then they can omit this parameter if they choose. For example: "C:\Documents and Settings\Username\Desktop\CESM_Agent_Setup_1.6.exe" /host=cesmhostname /port=9901 OR "C:\Documents and Settings\Username\Desktop\CESM_Agent_Setup_1.6.exe" /host= /port=9901 One way to do this is via the 'Run..' command on the 'Start' menu. Click 'Start > Run...', type the path to the executable with the additional parameters and click 'OK': Note: If they are not performing the installation themselves, the CESM administrator should obviously communicate these connection details to the person responsible for the local installation. Step 2: Preliminaries and uninstall incompatible software The first stage of the installer is the introduction screen. 38

39 Click 'Next' to continue. Before commencing the installation of Comodo packages, the wizard will check for any incompatible products. This includes items such as third party antivirus/firewall products. The wizard will list any discovered products that are incompatible and offer you the opportunity to uninstall them (highly recommended): Select the checkbox next to the name of the product(s) you wish to remove then click 'Uninstall'. The computer may need to be rebooted to complete the uninstallation. Step 3: Install CIS and the Agent The next stage is to install CIS and the Agent. The installer will first check whether any of these items are already installed. You must first uninstall any older versions of CIS or the Agent that are detected. 39

To commence the installation, ensure both products are selected in then click 'Install'. The computer will need to be rebooted to finalize installation. 2.

40 To commence the installation, ensure both products are selected in then click 'Install'. The computer will need to be rebooted to finalize installation Licensing The trial license allows the management of up to 5 workstations. To extend the number of managed computers an administrator should purchase the load an activate a license for the desired number of managed computers. To do this, an Administrator should: 1) Purchase a new CESM license by: Selecting 'Purchase Online' at the CESM License Upgrade Wizard To open the wizard, select 'Help > Upgrade License...' in the CESM Administrative Console. OR Complete the online order form at (Click Here for help to complete this form.) 2) Load and activate the new license file After purchase is complete, load and activate the new license using the CESM License Upgrade Wizard. To open the wizard, select 'Help > Upgrade License...' in the CESM Administrative Console. To view the current license details an administrator should navigate to: Help > About (See the screenshot below). 40

complete, Administrators can start the Administrative Console interface via the Windows Start Menu.

41 3 The Administrative Console 3.1 Logging in to the Administrative Console After installation of the Administrative Console and Central Services is complete, Administrators can start the Administrative Console interface via the Windows Start Menu. The CESM Administrator Console can be started by selecting: Start > All Programs > Comodo > Endpoint Security Manager > CESM Console. The CESM Administrative Console requires authorization before granting access to the interface: 41

CESM Administrative Console Authorization Parameters Field Name Description Server If you have installed the Central Service on the same physical machine that you are now attempting to open the

42 CESM Administrative Console Authorization Parameters Field Name Description Server If you have installed the Central Service on the same physical machine that you are now attempting to open the Administrative Console from, then leave the 'Host' field at the default setting of 'localhost'. If you have installed the Central Service on a separate machine to one that you are now attempting to open the Administrative Console from, then you must specify the host name of that machine in the 'Host' field in order to connect. Port 9001 is the default port number that the Central Service will listen to for connections from the Administrative Console. If you specified an alternate port number during Central Service Installation then you should type that port number here. If you did not specify an alternate port number then you should leave this setting unchanged. Credentials: Windows Authentication If you are currently logged into the Windows domain as the administrator that originally installed the CESM application, then your login credentials will automatically be drawn from the Active Directory database. You should choose Windows Authentication and do not need to enter a user name and password in order to access the Administrator interface. If not, you will need to authenticate yourself to the CESM Administrator Console by entering User Name and Password details in the 'Custom Credentials' fields. Credentials: Custom Credentials If you are not currently logged into the Windows Domain as the administrator that originally installed the CESM application then you will need to enter a valid User Name and Password in the 'Custom Credentials' field. This User Name and Password must belong to a member of the 'CrmUsers' local group that has access rights to the CESM Central Service. The 'CrmUsers' local group is created automatically during the installation process. Click 'OK' to login to the interface. After successfully logging in the CESM Administrative console will become available. The Administration Interface is fully explained in the next section - Administrative Console Overview. 3.2 Administrative Console Overview The Administrative Console is the nerve center of Comodo Endpoint Security Manager and is designed to 42

help administrators of corporate networks deploy, manage and monitor Comodo endpoint security software on networked computers. The interface has a modular design that is entirely reconfigurable.

43 help administrators of corporate networks deploy, manage and monitor Comodo endpoint security software on networked computers. The interface has a modular design that is entirely reconfigurable. Each window or management area can be dragged, dropped and docked to virtually anywhere within the interface, allowing administrators to create the custom workspace that suits their needs and preferences. CESM Administrative Console The Administrative Console is sub-divided into the following main functional areas: The 'Computers and Group Manager' windows - Enable administrators to import, view and manage network computers. The 'Package Management window' - Enables administrators to view, manage and upload.msi packages for installation at managed endpoints. The 'Discovery Profiles' window - Enables administrators to choose information to retrieve from network computers. The 'Sequence Manager' window - Enables administrators to define a set of actions to be carried out as part of a task. The 'Task Manager' window - Enables administrators to define tasks based on sequences of actions to run on computers. The Administrator Console also contains the following Monitoring and Reporting areas: The 'Task Result' window - Enables administrators to view whether a task executed on a computer was successful or not. The 'Notification Monitor' - Enables administrators to view service messages from Comodo packages running on computers to CESM central service. The 'Notification History' window - Enables administrators to view all service status messages from CESM Central Service. The 'Request Monitor' - Enables administrators to view and react to alerts from Comodo packages running on computers. The 'Request History' window - Enables administrators to view all alerts including those dealt with and removed from the monitor. Note: Most Monitoring and Reporting areas contain shortcuts that initiate activities carried out by the functional areas. The Administrative console also contains a configuration area at the bottom right of the interface. On starting the console, the 'Start' page is displayed by default in the configuration area. The start page acts as a user friendly front end to the console functionality and contains shortcuts, wizards and useful information. Click the links below to get more details on the wizards and 43

44 support, accessible from the Start page. Add Computers - Opens the wizard for importing network computers into CESM Administrative console. Install Agents - Opens the wizard for installing CESM Remote Agent on the managed computers. New Task - Opens the wizard for creating a new task. New Computers Group - Opens 'New Group' window box for creating a new group of computers for the purposes of rolling out Tasks across multiple computers and/or networks. Install Packages - Opens the 'Product Installation Wizard' for uploading new installation packages and installing uploaded packages onto target computers. The 'Computers' Area - Displays a dashboard summary of the status of managed and unmanaged computers in your network. The 'Tasks' Area - Displays the state of currently executed task and scheduled tasks. The 'System Status' Area - Displays the current protection status of the networked computers and has links to View License / Upgrade License. The 'Overall Endpoint Security' Area - Displays a dashboard summary of the infection state and the virus database update state of the endpoints in the network. The 'Getting Started' Area - Contains links to the Help Guide pages to get support on: How to Upgrade How to Install CIS How to Configure CIS How to Install CDE How to Buy Licenses for more End Points Admin Guide The 'Learn More' Area - Contains links to get additional support on CESM New Release Features FAQ's Forums The 'Support' Area - Contains details on getting phone support, submitting a support ticket at online knowledgebase and getting LivePCSupport : Call: Contains contact details on getting the phone support Submit a Ticket: Contains a link for submitting a support ticket at Comodo's online knowledgebase Live PC Support: Connects to Comodo's Live PC Support - the quickest, most comprehensive way of getting help with your computer problems Persistent Navigational Elements -The File Menu and Shortcut Toolbar The CESM File and Shortcut Toolbar provide access to all functional areas of the CESM interface. The File Menu can be accessed at all times and consists of six areas: Console, View, History, Windows, Tools and Help. The Shortcut Toolbar, positioned directly below, provides fast and easy access to many of the functions contained in the 'Console', 'View' and 'History' areas of the the file menu. Both these menus are always visible at the upper left hand side of the screen irrespective of the layout chosen by the user. The following table contains a brief summary of these areas: 44

45 File Menu Element Equivalent Shortcut Toolbar Icon Description Console Contains program commands relating to user login and shutdown. Log in Allows administrators to log into the CESM console. Log out Logs the current user out of the Administration Interface but does not close the interface down. Exit None Logs the current user out of the Administration Interface then closes down the application. View Contains shortcuts that open up the various functional and task management areas of the interface. Computers Opens the 'Computers' window. Group Manager Opens the 'Group Manager' window. Request Monitor Opens the 'Request Monitor' window. Notification Monitor Opens the 'Notification Monitor' window. Task Manager Opens the 'Task Manager' window. Sequence Manager Opens the 'Sequence Manager window. Discovery Profiles Opens the 'Discovery Profiles' window. Package Manager Opens the 'Package Manager' window. Language Allows the administrator to change the language of the console. Currently available languages are English and Chinese (Simplified). Language changes will be applied after restarting the console. After changing language, all message boxes, controls, menus, requests, notifications and reports will be displayed in the chosen language. Note: The language can also be changed for the Comodo Offline Updater' and 'Service Configuration Tools' but this must be done from within the tools themselves. History Contains shortcuts that open 'History' windows relating to Tasks, Requests or Notifications. Task Result Opens up the 'Task Results' window. Request History Opens up the 'Request History' window. Notification History Opens up the 'Notification History window. Reports Contains shortcuts to generate reports for computer details, malware detection statistics and Antivirus database update status. Computer Details... None Opens a wizard for generating reports on 'Computer Details' of the target endpoint computers. Malware statistics... None Opens a wizard for generating reports on 'Malware Statistics' of the target endpoint computers. 45

46 File Menu Element Antivirus Database Updates... Equivalent Shortcut Toolbar Icon None Tools Description Opens a wizard for generating reports on 'Antivirus Database update status' of the target endpoint computers. Contains shortcuts to CESM wizards. Add Computers None Opens the wizard for importing network computers into CESM Administrative console. Install Agents None Opens the wizard for installing CESM Remote Agent on the managed computers. Create Agent Installation Package None Opens the wizard for creating CESM Agent Installation Package for installation on the managed computers. New Task None Opens the wizard for creating a new task. Install Products None Opens the 'Install Packages' wizard. Click here to view the help page on this wizard. Import and Export None Settings Runs import/export processes for CESM console settings related to layout configuration, CESM server authorization settings and import from active directory settings. Windows Contains workspace related options and presets. Layout None Save Current Layout None Saves the currently configured arrangement of windows. This workspace will be loaded by default upon next login. Reset Layout None Resets layout of windows to the arrangement that was loaded upon first login. Optimal None Comodo pre-configured workspace. Provides visibility and fast access to all major functional areas. Scheduling None Comodo pre-configured workspace. Provides greater visibility and access to the Task Manager and Request and Notification History windows. Remaining windows are docked to the left hand side of the interface. Monitoring None Comodo pre-configured workspace. Provides greater visibility and access to the Notification and Request Monitoring Windows. Remaining windows are docked to the left hand side of the interface. Results and Monitoring None Comodo pre-configured workspace. Provides greater visibility and access to overall monitoring of network tasks results and request notifications. Remaining windows, apart from 'Discovery Profiles' are docked to the right hand side of the interface. Custom Layout 1/2/3 None Allows the user to quickly select then deploy 1 of 3 user-defined workspace layouts. Set this as Current None Loads the workspace layout previously saved as layout 1,2 or 3. Save current Layout to this None Saves the current arrangement of windows as Custom Layout 1,2 or 3. Close All Windows None Closes all open windows but does not close down the main Administration Interface. Help Help Opens the internal help guide. 46

47 File Menu Element Equivalent Shortcut Toolbar Icon Description Upgrade License... None Launches the 'CESM Upgrade License' wizard which gives the administrator an ability to change license file, to register as a new user and get/enter an activation code for CESM server. About None Provides the administrator with license and software version information, provides access to the 'CESM Upgrade License' wizard. The System Tray Icon A system tray icon is created during the installation of CESM console to act as a shortcut for opening the console and configuring the CESM alerts. Right clicking on the icon provides the following options: Show New Requests Alert - Displays alerts on new Requests from the CESM manage packages installed at the endpoints, e.g Alerts from the local CIS installations. Refer to The Request Monitor Window for more details. Show New Notifications Alert - Displays alerts on new Notifications (service status messages) sent by CESM Central Service. Refer to The Notification Monitor Window for more details. Hide When Minimized - Selecting this option hides the CESM tab from the task bar when CESM administration console window is minimized. The window can be restored by double clicking the system tray icon or right clicking the icon and selecting 'Open Console'. Open Console - Restores CESM Administration console from minimized state. 3.3 The Start Page The 'Start' page is a user friendly dashboard interface containing wizards, shortcuts, useful links and important system information. It is displayed by default in the main configuration area of the console interface and provides a very convenient way for users to perform common tasks and access important configuration areas. The title bar of the Start page indicates the currently installed version of CESM and enables you to check for the available updates. The Start page features: Shortcuts and wizards that allow you to quickly initiate commonly executed activities like importing end-point computers, creating new Tasks and installing the CESM agent. An at-a-glance summary of System Status of the networked computers. A dashboard summary of the infection status and update status of the endpoints in the network. A snapshot of managed and unmanaged computers in your network. A summary of the status of tasks under execution. 'Getting Started' links to help you learn about important aspects of the application. 47

48 You can always access the Start page by clicking View > Start page from the menu bar or by clicking the Start page icon from the shortcut tool bar. The start page contains seven functional areas as explained below: The Startup Tasks Area - The 'Startup Tasks' area contains shortcuts to simply start important and often used wizards like importing computers in to CESM console, installing CESM Remote Agent to managed computers, creating new tasks, creating new computer groups and installing managed products to the managed endpoint computers. Add Computers - Opens the wizard for importing network computers into CESM Administrative console. Install Agents - Opens the wizard for installing CESM Remote Agent on the managed computers. New Task - Opens the wizard for creating a new task. New Computers Group - Opens 'New Group' window box for creating a new group of computers for the purposes of rolling out Tasks across multiple computers and/or networks. Install Packages - Opens the 'Product Installation Wizard' for uploading new installation packages and installing uploaded packages onto target computers. The 'Computers' Area - The 'Computers' area in the Start page displays a dashboard summary of the status of managed and unmanaged computers in your network. The 'Tasks' Area - The 'Tasks' area displays the state of currently executed task and scheduled tasks. The 'System Status' Area - The 'System Status' area displays the current protection state of the computers in the network. It also contains links to view your license details and enabling to upgrade your license. The 'Overall Endpoint Security' Area - The 'Overall Endpoint Security' Area displays a dashboard summary of infection levels of endpoints in your network and a dashboard summary of update status of AV database in the endpoints installed with CIS version 4.0 and above. For the endpoints installed with older versions of CIS, the status will be shown as not available. The 'Getting Started' Area - The Getting Started area contains links to the Help Guide pages to get support on: How to Upgrade How to Install CIS How to Configure CIS How to Install CDE How to Buy Licenses for more End Points 48

Admin Guide The 'Learn More' Area - The Learn more area contains links to get additional support on CESM New Release Features FAQ's Forums The 'Support' Area - The 'Support' area displays details on

49 Admin Guide The 'Learn More' Area - The Learn more area contains links to get additional support on CESM New Release Features FAQ's Forums The 'Support' Area - The 'Support' area displays details on getting phone support, submitting a support ticket at online knowledgebase and getting LivePCSupport: Call: Contains contact details on getting the phone support Submit a Ticket: Contains a link for submitting a support ticket at Comodo's online knowledgebase Live PC Support: Connects to Comodo's Live PC Support - the quickest, most comprehensive way of getting help with your computer problems. Check for Updates - Clicking the link 'Check for Available Updates' in the title bar connects to Comodo servers and checks for the updates for CESM. If any updates are available, you will be prompted to download and install the updates The 'Add Computers' Wizard The 'Add Computers' wizard allows administrators to quickly import computers and network structures into the CESM console. In order to establish preliminary control of any computer (or group of computers) they must be imported, designated as a 'Managed' computer and then have the CESM Remote Agent installed on them. Installing the Agent allows the endpoint to communicate with CESM central service and the administrative console. Once this preliminary control has been established, the Administrator can install applications on the endpoints then define and deploy tasks for those applications. This page will guide Administrators through the first stage in this process - importing computers from either Active Directory, a Workgroup or by IP address/range. Further information on the subjects discussed on this page can be found in the sections Importing Network Structure, The 'Computers' and 'Group Manager Windows and 'Workstation and Workgroup Management'. To begin importing new computers or a group of computers into CESM 1. Click the link 'Add Computers' in the 'Startup Tasks' area of the 'Start' page. 2. The Computers Import wizard will be started and the welcome screen will be displayed. 49

50 3. Select the source if you want to import the computers from Active Directory or Workgroup or select IP-based import if you want to import computers by specifying their IP addresses or DNS names. The computers to be managed can be imported into CESM by three types. Import from Active Directory - to import computers from an Active Directory Domain Import from Workgroup - to import computers from a workgroup Import Computers by IP address - to import individual computers by specifying their IP Addresses, DNS names or a group of computers by specifying their IP Address range. Import from Active Directory If you want to import the computers from an Active Directory, select the radio button 'Active Directory' and click 'Next'. The Domain Import Settings dialog will appear. Domain Import Settings - Table of Parameters Import from current domain Selecting this option will import all computers from the Active Directory domain that the 50

51 (Selected by default) administrator is currently logged into. Import from specified domain controller Selecting this option allows the administrator to specify an alternative Active Directory domain from which computers will be imported. Choosing this option requires administrators to specify the following details: Domain: Administrators should enter the IP address or name of the Active Directory domain controller from which they wish to import. Login: Enter the user-name of a user with administrative rights to domain controller from which they wish to import. Password: Enter the password of the user specified in the 'Login' field Use advanced import settings Selecting this checkbox enables the Administrator to make advanced filter settings for importing the computers and domain controllers from the specified Active Directory. 4. Enter the details in the Domain Import Settings interface and click 'Next'. If you have selected 'Use advanced import settings' checkbox, the Advanced Domain Import Settings dialog will appear, else this step will be skipped. Advanced Domain Import Settings-Table of Parameters Import Computers Only Selecting this option means that only computers will be imported from the domain specified in the 'Active Directory Domain' section. Domain controllers belonging to that domain will not be imported. Import Domain Controllers Only Selecting this option means that only domain controllers will be imported from the domain specified in the 'Active Directory Domain' section. Computers belonging to that domain will not be imported. Import Computers and Domain Controllers Selecting this option means that both computers and domain controllers will be imported from the domain specified in the 'Active Directory Domain' section. Update Organizational Units (Checked by default) Selecting this option means that organizational units' names (tree folders names) will be updated automatically. Import Changed Computers only Selecting this option means that only computers whose Active Directory configuration has been modified will be imported. 5. Make your selections and click 'Next'. A confirmation dialog will appear. 51

52 6. Click 'Previous' if you want to review and change the setting made in the previous steps or click 'Next'. The import progress will be indicated and the Import Finished dialog will be displayed on successful import of the computers from the Active Directory. 7. If you want to assign Managed Status to all the computers imported from this workgroup, select the checkbox 'Manage imported computers' and click 'Finish'. If you want to assign Managed status selectively, uncheck the check box and click Finish. When the Active Directory import process is finished, the full tree of imported items will be displayed in the 'Computers' window on the left hand side of the interface. Imported computers must be assigned 'Managed' status to enable installation of the CESM Remote Agent (you may already have done this at the end of the wizard). If not, assign managed status by right-clicking on a computer in the list then selecting 'Control > Manage'. Install the agent by right clicking and selection 'Control > Install Agent'. Further reading related to the topic of this page: Importing Network Structure The 'Computers' and 'Group Manager Windows 52

Workstation and Workgroup Management Next Steps: Assigning Managed Status to Imported Computers Install the CESM Agent on Managed Computers Import from Workgroup If you want to import the computers

53 Workstation and Workgroup Management Next Steps: Assigning Managed Status to Imported Computers Install the CESM Agent on Managed Computers Import from Workgroup If you want to import the computers from an Active Directory, select the radio button 'Workgroup' and click 'Next'. The Workgroup Import Settings dialog will appear. Workgroup Import Settings - Table of Parameters Workgroup name 4. Administrators should enter the name of a network Workgroup which they wish to import. Enter the Workgroup name in the text box and click 'Next'. 53

54 5. Click 'Previous' if you want to review and change the setting made in the previous steps or click 'Next'. The import progress will be indicated and the Import Finished dialog will be displayed on successful import of the computers from the Workgroup. 6. If you want to assign Managed Status to all the computers imported from this workgroup, select the checkbox 'Manage imported computers' and click 'Finish'. If you want to assign Managed status selectively, uncheck the check box and click Finish. When the Workgroup import process is finished, the full tree of imported items will be displayed in the 'Computers' window on the left hand side of the interface. Imported computers must be assigned 'Managed' status to enable installation of the CESM Remote Agent (you may already have done this at the end of the wizard). If not, assign managed status by right-clicking on a computer in the list then selecting 'Control > Manage'. Install the agent by right clicking and selection 'Control > Install Agent'. 54

55 Further reading related to the topic of this page: Importing Network Structure. The 'Computers' and 'Group Manager Windows. Workstation and Workgroup Management. Next Steps: Assigning Managed Status to Imported Computers. Install the CESM Agent on Managed Computers. Import Computers by IP address If you want to import the computers by specifying their IP addresses, select the radio button 'IP-based import' and click 'Next'. The IP-based Import Settings dialog will appear. 4. Click the drop-down arrow in the Add button. 5. The computers can be added into CESM through IP-based import by three methods. By specifying IP Addresses or DNS Names 55

By specifying IP Addresses and Subnet masks By specifying IP Address Ranges To import an individual computer by specifying IP Address/DNS Name, select the option IP Addresses/DNS Names from the

56 By specifying IP Addresses and Subnet masks By specifying IP Address Ranges To import an individual computer by specifying IP Address/DNS Name, select the option IP Addresses/DNS Names from the drop-down menu, enter the IP Address or the DNS name of the individual computer in the IP Address properties dialog and click OK. Note: Clicking the Add button will enable you to import an individual computer by specifying IP Address/DNS Name. Through this method, only one computer can be added at a time. To add more number of computers the processes can be repeated. To import Computers by specifying IP Addresses and Subnet mask, select the option IP Addresses and Subnet masks from the drop-down menu, enter the IP Address and the Subnet masks in the IP Address and Subnet mask properties dialog and click OK. To import a group of computers by specifying their IP Address range, select the option IP Address Ranges from the drop-down menu, enter the IP Address range in the IP Address Range properties dialog and click OK. 6. The added computers are listed in the next dialog. You can select or deselect the computers to be added from this screen by selecting/deselecting the checkbox beside each computer name. 56

57 7. Click Next. 8. Click 'Previous' if you want to review and change the setting made in the previous steps or click 'Next'. The import progress will be indicated and the Import Finished dialog will be displayed on successful import of the computers. 57

58 9. If you want to assign Managed Status to all the computers imported from this workgroup, select the checkbox 'Manage imported computers' and click 'Finish'. If you want to assign Managed status selectively, uncheck the check box and click Finish. When the computer import process is finished, the full tree of imported items will be displayed in the 'Computers' window on the left hand side of the interface. Imported computers must be assigned 'Managed' status to enable installation of the CESM Remote Agent (you may already have done this at the end of the wizard). If not, assign managed status by right-clicking on a computer in the list then selecting 'Control > Manage'. Install the agent by right clicking and selection 'Control > Install Agent' Further reading related to the topic of this page: Importing Network Structure The 'Computers' and 'Group Manager Windows Workstation and Workgroup Management Next Steps: Assigning Managed Status to Imported Computers Install the CESM Agent on Managed Computers The 'Install Agents' Wizard Installing the CESM Agent onto imported computers is a crucial stage in the endpoint management process. Installing the Agent allows the computer to communicate with CESM central service and enables the Administrative console to deploy Tasks to the endpoint and to monitor and react to requests from those endpoints. Note: Before attempting to install the agent you should first have imported your network structure and assigned 'Managed' status to those computers you wish to control (click here to learn how to import computers and assign managed status). This page will guide Administrators through the installation of the Agent on Managed Computers using the 'Install Agents' wizard located on the 'Start' page. Should it be required, further information on the subjects discussed on this page can be found in the sections Assigning Managed Status to Imported Computers and Installing the CESM Remote Agent. To begin the Agent installation wizard: 1. Click the link 'Install Agents' in the 'Startup Tasks' area of the 'Start' page. 58

2. The Agent Installation wizard will start at the computer selection dialog. Check the boxes next to the computers, domains or workgroups that you wish to install the agent on.

59 2. The Agent Installation wizard will start at the computer selection dialog. Check the boxes next to the computers, domains or workgroups that you wish to install the agent on. A computer with a blue icon is managed but does not have the agent installed (so is therefore not connected to the central service yet). The icon will turn green once the agent is installed and the connection is made. Unmanaged computers have a black icon. You will need to first assign managed status to these computers before you can install the agent (Right click on target computer > Control > Manage). Click 'Next' once you have selected your target machines. 3. Next, you need to provide administrator login credentials for the target machine: 59

60 - Enter the local administrator login name and password for the target Managed Computer (use the format in the 'user' field for computers imported with Active Directory). Note: Each Agent is bound to the Central Service that executed its installation. It is not possible to manage computers through Agents that were installed by another instance of CESM Central Service. - Click 'Next' to login to the local machine and proceed to the next step of the wizard 4. CESM will make an initial check to ensure there are no problems with the target machine that will prevent successful installation. If problems are discovered CESM will display an error message stating the nature of the problem so that corrective actions can be taken. If no problems are detected then you will see a 'Ready to Install' status message: - Select the check-boxes next to the computers you wish to install the agent on and click 'Next' to move to the installation dialog. - Click 'Previous' if you wish to review your steps so far. - Click 'Cancel' if you do not wish to install at this time. 60

61 5. At the install dialog box you have another chance to select or deselect which computers you wish to install the agent on. 6. Once you have confirmed your choice, click the install button (highlighted) to begin the installation process. If the installation is successful, you will see the following confirmation message. The wizard is now complete. This wizard is followed by the Products Installation Wizard that enables you to upload new installation packages to CESM/install uploaded packages to the endpoint. If you want to run the Products Installation Wizard, leave the check box 'Run products installation wizard' checked and click 'Finish'. If you wish to run the Products Installation Wizard at a later time, uncheck 'Run products installation wizard' and click 'Finish'. Click here for more details on Products Installation Wizard. After the CESM Agent has been installed onto the target machine(s), the Agent will attempt to establish connectivity with the CESM Central Service. If the connection attempt is successful then the color of the icon representing those machines will change from Blue (Managed but not connected to Central Service) to Green (Managed and successfully connected to CESM Central Service): 61

62 Managed but Agent not installed Managed. Agent installed and connected Once an endpoint machine has the agent installed and is connected, the Administrator can begin to deploy Tasks onto the machine. Further reading related to the topic of this page: Assigning Managed Status to Imported Computers Installing the CESM Remote Agent Next Steps: Creating and deploying a Task using the 'New Task' Wizard The 'New Task' Wizard Background Information A CESM 'Task' is comprised of a Sequence of Action(s) that is executed on a Managed computer. The Task Manager window allows the administrator to execute any Task - thereby deploying the Actions defined in the Sequence in that Task (including sequences designed to install Comodo packages; install 3rd party.msi packages; implement Comodo Internet Security configuration settings on all Managed network items; discover and control Windows services on those computers and more). A 'Task' must contain a 'Sequence'. A Sequence is comprised of one or more 'Actions'. Executing a Task on a computer or group of computers therefore means executing the Action or Actions that are contained in that Task's 'Sequence' A Task cannot be created or executed without a Sequence first being added to that Task. Before creating a task we advise you have first created at least one Sequence. However, this wizard will provide you with the opportunity to create a new Sequence if you haven't done so already. Tasks can be executed immediately or can be scheduled to run at a predetermined time (Daily, Weekly, Monthly, Once) A Task can only be executed on a Managed Computer which has the CESM Remote Agent installed upon it. A single Task may be executed on any Imported Network item - including individual computers; entire Active Directory Domains; entire Workgroups or all computers in a CESM 'Group' (of computers) This 'New Task' wizard simplifies the creation and deployment of CESM Tasks by consolidating all of the above into a single, step-by-step process. More detailed information on the subjects discussed on this page can be found in the sections 'The Sequence Manager 62

63 Window', 'Creating A Sequence and 'Adding Actions to that Sequence' and 'Table of Actions - Definitions and Usage'. To begin the New Task Wizard 1. Click the link 'New Task' in the 'Startup Tasks' area of the 'Start' page. 2. The Create Task Wizard will start. Type a Name and Description for the Task. Task Names are mandatory Descriptions are optional. It is good practice to choose Task Names that accurately describe the purpose of the Task (or more accurately, the purpose of the Action(s) within the Sequence of that Task). Click 'Next'. 3. Next you need to specify the target type. If you want to run the task on selected computers, select the radio button 'Computers'. If you want to run the task to a user-defined group of computers, select the radio button 'Computers Group'. 63

64 Click 'Next'. 4. Select the target computers or the groups from the computer tree displayed in the next dialog. 5. After selecting the computers/groups, select whether you want to create a new Sequence of Actions or use a preconfigured Sequence. if you want to use an existing Sequence, select the radio button Use existing sequence, select the Sequence from the list displayed below and click Finish. if you want to create a new Sequence, select the radio button 'Create new sequence of actions' and click Next. For more details on the Sequence, see Creating a Sequence and Adding Actions to that Sequence. 64

6. Choose the actions to be included in the Sequence, by selecting the action from the left pane and adding it to the right pane in the next dialog and click Next.

65 6. Choose the actions to be included in the Sequence, by selecting the action from the left pane and adding it to the right pane in the next dialog and click Next. For more details on the Actions, see 'Table of Actions - Definitions and Usage'. Some of the actions can be executed even if no user is logged in to the endpoint and some of the actions show different behaviors depending on whether the user is logged in. Refer to Appendix 3 - Behavior of Actions When No User is Logged in for more details. 7. Next specify the parameters for the selected action(s) by clicking the drop-down arrow beside each parameter row at the right hand side pane and selecting the parameter from the drop-down options. 65

The screenshot above shows the parameters that become available when configuring an 'Install Package' Action. More complete explanations of the 'Install Action' and it's parameters can be found here.

Select whether or not you want the system to be restarted after installation.

66 The screenshot above shows the parameters that become available when configuring an 'Install Package' Action. More complete explanations of the 'Install Action' and it's parameters can be found here. Account - account under which the installation is to be run. Misc - Certain packages need the system to be restarted in order to complete the installation. Select whether or not you want the system to be restarted after installation. Arguments - Certain packages have additional installation options that can be implemented by modifying the 'Arguments' field Package - Choose the package you would like to install (e.g. the CIS installer) If required, more complete explanations of the 'Install Action' and it's parameters can be found here.click Next to confirm your choices and move onto the next stage. 8. Schedule the Task (optional). - If you want to run the task instantly, select the option Do not use schedule and click Next. - If you want to schedule the task, select the schedule from the drop-down options and configure the schedule and 66

67 click Next.. 9. After successful configuration and scheduling of the task, a confirmation dialog will appear. Click 'Previous' if you want to review and change the setting made in the previous steps or click 'Next'. The task creation progress will be indicated and the Finished dialog will appear on successful creation of the task. 67

68 - If you want to run the task instantly in addition to the schedule, select the checkbox 'Run task now' and click Finish. - If you want to run the task only on the scheduled time, uncheck the checkbox 'Run task now' and click Finish. The success or failure of a Task can be viewed in real-time from the 'Task Result' window. This window also contains a history of the results of all Tasks run in the past. Further reading related to the topic of this page: The Sequence Manager Window The Task Manager Window The Task Result Manager Window New Computers Group Creating groups of computers allows the administrator to split large networks up into convenient and/or logical groupings. For example, an administrator may create groups of computers called 'Sales Department', 'Accounts Department', 'Vista Workstations', 'XP Workstations', 'Domain Controllers', '64 bit Machines' or 'All Managed Computers'. Once created, the administrator can create and deploy tasks to run all machines belonging to that group. For a more detailed summary of the functionality of the Group Manager window, see section 'The Group Manager Window - Functionality and Purpose'. This page will guide Administrators on creating a new 'Computer Group' from the computers in the network using the shortcut 'New Computers Group' located on the 'Start' page. Should it be required, further information on the subjects discussed on this page can be found in the sections 'The Group Manager Window - Functionality and Purpose' and Managing Groups of Computers. To begin the creating a new group of computers: 1. Click the link 'New Computers Group' in the 'Startup Tasks' area of the 'Start' page. 68

69 2. The 'New Group' interface will open. Fill out the form that appears, specifying the new group's name and description: 3. To begin adding computers to this new group, click the green 'Add Computer' symbol as shown: 4. Select the workstations, controllers, domains and/or Workgroups you want to combine in this group then click 'OK'. The list of computers you selected as members of this group will be displayed in the list of group members: 69

70 5. Next, click the 'Save' button or select one of the following save options: Tip: The 'Save' button has smart saving ability. Administrators that are familiar with the Administrative Console can select 'Save, Create Task, Close' to immediately begin the Task creation process with this Group pre-selected as the target. This new group appears in the Group Manager pane. It can now be referenced as the target of new tasks when creating or editing new tasks. Further reading related to the topic of this page: The Group Manager Window - Functionality and Purpose Managing Groups of Computers The 'Install Packages' Wizard A CESM 'Package' is a file that is used for the installation, maintenance, and removal of software on Microsoft Windows operating systems. CESM 'Packages' are the installer files for Comodo applications such as Comodo Internet Security and come in the form of.msi files. You must upload the appropriate Package to CESM for the application you wish to manage on networked computers. Once uploaded, this package can be specified as the 'Installation Parameter' of an 'Install' or 'Uninstall' action. Available packages include products such as Comodo Internet Security, Comodo Disk Encryption and Comodo Offline Updater utility. This page will guide Administrators on uploading new installation packages to CESM and installing uploaded installation packages on to target endpoint computers using the shortcut 'Install Packages' located on the 'Start' page. Should it be required, further information on the subjects discussed on this page can be found in the section The Package Management Window. To begin the uploading a new installation package into CESM or installing an uploaded package: 1. Click the link 'Install Packages' in the 'Startup Tasks' area of the 'Start' page. 70

2. The Product Installation Wizard will be started. Select the endpoint computer(s) upon which you wish to install the Comodo product(s) and click 'Next'. 3.

71 2. The Product Installation Wizard will be started. Select the endpoint computer(s) upon which you wish to install the Comodo product(s) and click 'Next'. 3. Before commencing the installation of Comodo packages, the wizard will first check for any incompatible products. This includes items such as third party antivirus/firewall products. The wizard will list any discovered products that are incompatible and offer you the opportunity to uninstall them (highly recommended). 71

72 To avoid software conflicts that could prevent Comodo products from offering maximum protection to your network environment, Comodo strongly recommends that you remove all incompatible software prior to continuing. Select the checkbox next to the name of the product then click 'Uninstall'. CESM may need to reboot the endpoint machine(s) to complete the uninstallation of incompatible products. The local end-user will be notified of this with a pop-up message on their desktop that offers them the opportunity to postpone the reboot for 10 minutes or initiate the reboot immediately. If the end-user takes no action then their machine will automatically reboot after a 3 minute count-down. Administrators can keep track of the progress of the uninstallation via the Task Result Manager (click ' History > Task Results' to bring this window to the foreground) 72

The Administrator should click 'Next' once all incompatible products are fully uninstalled. The wizard will now move onto the installation of the selected Comodo products. 4.

73 The Administrator should click 'Next' once all incompatible products are fully uninstalled. The wizard will now move onto the installation of the selected Comodo products. 4. Just prior to commencing installation, the wizard will contact Comodo servers to check whether the packages that have been uploaded to the CESM Console are the latest versions. If any Comodo packages are found to be out-dated, they will be listed in the next screen. Click the update button to replace the (older) package with the latest version. 5. On completion of update action, click 'Next'. The product selection screen displays a list of packages that are available for installation. Should you wish to, you also have the opportunity to upload new packages to CESM. Any new packages you add will be immediately uploaded and added to the list.. 73

To select the arguments, click on the blue underlined text in the 'Arguments' column corresponding to the selected package. The Arguments editor dialog with the installation options will be displayed.

74 Installation 'Arguments': Certain packages have additional installation options that can be implemented by modifying the 'Arguments' field. For example, administrators have the option to install only the firewall or only the antivirus components of Comodo Internet Security (CIS). To select the arguments, click on the blue underlined text in the 'Arguments' column corresponding to the selected package. The Arguments editor dialog with the installation options will be displayed. To install the full CIS suite (Antivirus, Firewall and Defense+) - Select Install all components; To install Firewall and Defense+ BUT NOT Antivirus - Select Install firewall components only; To install Antivirus and Defense+ BUT NOT Firewall - Select Install antivirus components only; The 'language' drop-down allows you to change the installation language of CIS. Click 'OK' to continue and click 'Next'. Next choose the profile in which CIS has to be installed. 74

75 Click 'Next'. A confirmation dialog is displayed: To confirm your choices and begin the installation, click 'Next'. To review the configurations set in the previous steps, click 'Previous'. The product installation progress will be displayed... 75

Further reading related to the topic of this page: The Package Management Window The Sequence Manager Window 3.

76 ... and a completion screen will be displayed. Click Finish. The selected package will be installed at the target endpoint computer. Further reading related to the topic of this page: The Package Management Window The Sequence Manager Window The 'Computers' Area The 'Computers' area provides administrators with an at-a-glance summary of the status and quantity of imported computers. This area also provides a shortcut to the full 'Computers' management window. 76

The total number of imported computers is the sum of 'Managed' + 'Unmanaged'. 'Online' computers are a sub-set of 'Managed' computers (i.e. those Managed computers that are actively connected to CESM central service).

77 The total number of imported computers is the sum of 'Managed' + 'Unmanaged'. 'Online' computers are a sub-set of 'Managed' computers (i.e. those Managed computers that are actively connected to CESM central service). 'Online' computers are those that are actively connected to CESM central service. This means they are (i) Managed (ii) Have the Agent installed on them (iii) Are powered on. Computers in this state are ready for Tasks. Each computer in this state uses one license. 'Managed' computers have been brought under the control of CESM but are not 'Online' so are not ready to accept Tasks. This can include: Computers that are Managed but do not have the Agent installed and are therefore not capable of connecting to central service Computers that are Managed + Agent installed but are powered off Each computer in this state uses one license. 'Managed' computers can be brought to 'Online' status by installing the CESM Agent or simply switching the machine on as appropriate. Please see The Install Agent Wizard page if you need help with installing the Agent. 'Warranties' - The Warranted computers are those that are actively connected to CESM central service. This means they are: (i) (ii) (iii) (iv) (v) Managed Have the Agent installed on them Have CIS version 4.0 or above installed on them CESM Warranty has been enabled on the computer Are powered on. Computers in this state are ready for Tasks. CESM Warranty provides a warranty coverage for any damage caused by malware to a managed endpoint installed with CIS. The number of warranties will be equal to the number of endpoint licenses that the administrator has signed for. Each computer in this state uses one warranty. Please note that the warranty coverage is available only if you have chosen 'I am interested in ESM warranty' during the installation of CESM. The coverage is only for the damage caused by the malware and not to hardware or any other non-malware related damages. 'Unmanaged' computers are those that have been imported but are not controlled by CESM. Computers in this state do not use any licenses. 'Unmanaged' computers can be brought to 'Managed' status by clicking the 'Show Computers' link then right-click on the desired computer and select 'Control > Manage' from the menu. Show Computers - Clicking this link will open the Computers window which provides granular control over imported endpoint computers and networks. Further reading related to the topic of this page: Assigning Managed Status to Imported Computers Installing the CESM Remote Agent The 'Computers and Group Manager' Windows The 'Tasks' Area The 'Tasks' panel shows a summary of the total number of Tasks that are currently being executed on CESM controlled endpoint 77

78 machine. Always visible by default, the panel is a handy way for Administrators to monitor the progress of scheduled or recently deployed Tasks. Clicking the 'Show Tasks Results' link will open the Task Result Manager window - an interface which shows a complete listing of all previous and currently executing tasks. Apart from providing a more granular reading of tasks that are currently executing, the interface also allows Administrators to take troubleshooting steps on Tasks that have not completed successfully; create new sequences from previously executed tasks; create custom tasks to run only on machines that have previously failed and more: See The Task Result Manager Window for a full description of this interface. Further reading related to the topic of this page: The Task Result Manager Window The 'New Task' Wizard The Sequence Manager Window The Task Manager Window 78

79 3.3.8 The 'System Status' Area The 'System Status' area provides administrators with an at-a-glance summary of the overall protection status of the computers. It also contains links to view the license information and to upgrade your license. Viewing License Information Clicking the Licenses link from the System Status area opens the about dialog to view the license information. Refer to The 'Help' Options > The 'About' Window for more details. Upgrading License Clicking the Upgrade License... link from the System Status area starts the License Upgrade wizard. 79

80 Refer to The 'Help' Options > The CESM Upgrade License Wizard for a explanation of the available options in this wizard. Further reading related to the topic of this page: The 'Help' Options The 'Computers and Group Manager' Windows The 'Overall Endpoint Security' Area The 'Overall Endpoint Security' area provides administrators with an at-a-glance summary of the endpoint security and update status of managed endpoint machines. Simple and clear, these high visibility graphics deliver a holistic view of overall network security and help provide an immediate heads up on developing threats and at-risk machines. Endpoint Infections Indicates whether or not malware is currently present on imported endpoint machines. Prerequisites For an endpoint to communicate its infection status it: 80

81 Must be managed and connected. A computer is in this state if it is colored green in the 'Computers' window - Must have Comodo Internet Security 4.0 or above installed. Earlier versions will not communicate infection status The Comodo Internet Security installation must be in Remote Administration Mode. Click here for more details on switching between Remote Administration Mode and Local Administration mode. All imported computers that do not meet the conditions above will be 'Unknown'. Security Status Description Indicates the number of endpoints which are completely free of malware. Comodo Antivirus has a real-time virus scanner that constantly monitors each endpoint for malware. Furthermore, each endpoint constantly relays this security status back to the CESM Central Service and the CESM Administrative Console. Because of this heartbeat connection, the data shown here is an up-tothe-second reflection of infection status. Administrators should, however, make sure all endpoints are also using the latest virus signature database. Indicates the number of endpoints on which malware was discovered and is still present. Malware can be discovered as a result of an on demand, on access or scheduled antivirus scan. Malware can also be discovered by Comodo Internet Security heuristics. If any endpoints show 'Infected' status, administrators are advised to: Make sure all installations of Comodo Internet Security are using the latest antivirus database. Administrators can check this easily by glancing at the 'Endpoint Updates' chart to the right Run a full antivirus scan on all endpoints to delete or quarantine the discovered malware In the rare eventuality that a virus scan with the latest database does not remove the infection then administrators should immediately contact Comodo livepcsupport and request assistance LivePCsupport can be initiated by clicking the 'Live PC Support' button at the bottomright of the 'Start' page: Indicates the number of endpoints whose security status cannot be determined because they are either not connected or do not have CIS 4.0 installed. Administrators should check that all network endpoints that they intend to be protected by CESM are in the 'Green' state and have CIS 4.0 installed. Managed (agent installed) and connected (online and accepting connections). This is the state an endpoint must be in for it to communicate it's security status to the graphics on the CESM 'Start' page Managed, but not connected. These may be endpoints that have the agent installed but are offline (not switched on?) or are managed and online but do not yet have the agent installed. These are listed as 'unknown' in the graphics. Unmanaged computers. Those that have been imported but are not controlled by CESM. These are also listed as 'unknown' in the graphics See 'Importing Network Structure' and/or 'Preparing Imported Computers' for more details about endpoint statuses. Alternatively, simply start up either the 'Add Computers Wizard' or the 'Install Agents Wizard' More detailed malware reports can be created by using the report generation wizard. This can be opened by clicking 'Reports > 81

82 Malware Statistics...' on the file menu. The help page for this section is at 'Reports > Malware Statistics...' Endpoint Updates Indicates which endpoints currently have the latest antivirus database installed. For maximum protection against the very latest, zero-hour, threats it is essential that CIS has the latest signatures. If automatic updates are enabled then updates should be automatically provisioned and installed as and when they become available. Comodo advises administrators to leave automatic updates enabled. Prerequisites For an endpoint to communicate its update status it: Must be managed and connected. A computer is in this state if it is colored green in the 'Computers' window - Must have Comodo Internet Security 4.0 or above installed. Earlier versions will not communicate update status The Comodo Internet Security installation must be in Remote Administration Mode. Click here for more details on switching between Remote Administration Mode and Local Administration mode. For an endpoint to be listed as 'Outdated', it Is managed, connected, has CIS 4 installed but does not have the latest antivirus database Update Status Description Indicates the number of endpoints which are using the latest virus database. Machines with an up-to-date update status AND a 'Not Infected' status should be considered to be safe from all known viruses and malware. Indicates the number of managed and connected endpoints which are using a database older than the most recent. Examples of why this situation could occur include difficulties with the connection to the update server; delays because of high network traffic or because CIS has just been installed and is awaiting its first signature update. If any endpoints are listed as 'Outdated' for extended periods of time then administrators are advised to: Update the virus database by right-clicking on the target computer from the 'Computers Window' and select Internet Security > Update Antivirus Bases Create and run a task which contains the action, 'CIS Update (Virus Database/Programs)'. Run this task on all 'Outdated' machines. To do this, Click 'New Task' on the 'Start' page. Choose a name for the new task and select the target computers. Create a new Sequence of Actions then select 'Internet Security > CIS Update...' as the specific Action. If automatic updates are already enabled then you do not need to set a schedule and should click 'Next'. Make sure 'Run the task now' is selected at the final confirmation and click 'Finish' to execute the task. Investigate the idea of setting up a local update server to accelerate the speed at which updates are distributed to endpoints machines. For more details, see 'Setting up a local update server' If you still have problems with endpoints receiving updates then contact livepcsupport to speak to a Comodo technician about the issue. The livepcsupport button can be found at the bottom-right of the 'Start' page. OR 82

83 Indicates the number of endpoints whose update status cannot be determined because: The endpoint is unmanaged. Imported but not controlled by CESM () The endpoint is managed but does not have the agent installed () The endpoint is managed, has the agent installed, but is not online (also ) Administrators should check that all network endpoints that they intend to be protected by CESM are in the 'green' state - indicating managed and connected ( )This is the state an endpoint must be in for it to communicate it's update status to the graphics on the CESM 'Start' page The machine is managed and connected but it does not yet have Comodo Internet Security 4.0 installed. Administrators can install CIS on target endpoints by either (a) right clicking on the desired machines in the 'Computers' window and selecting 'Install Package' (b) Creating a new Task to install CIS on the endpoint More detailed database update reports can be created by using the report generation wizard. This can be opened by clicking 'Reports > Antivirus Database Updates...' on the file menu. The help page for this section is at 'Reports > Antivirus Database Updates...' Side note. Uniquely, Comodo Internet Security is able to keep endpoint machines safe from the latest (unknown) threats EVEN IF a machine does not yet have the latest signature database installed. This is because of CIS' new automatic sandboxing procedure. When an executable is first run it passes through the following CIS security inspections: Real time Antivirus scan Defense+ Heuristic check Buffer Overflow check If the processes above determine that the process is malware then, of course, the executable is quarantined and the administrator is alerted. Next, CIS will check to see if an application is 'known safe' (whitelisted). An application will be recognized as 'safe' by CIS (and therefore not sandboxed) if: It is on the global Comodo Safe List. The Administrator adds the executable to the local safelist of endpoint machines. The Administrator grants the installer elevated privileges (CIS detects if an executable requires administrative privileges). Additionally, a file will not be sandboxed if it is defined as an Installer or Updater in HIPS policy. Applications that pass the security inspections but are not yet recognized as 'safe' will be sandboxed. This means they will be run in an isolated operating environment on the endpoint machine and will be prevented from writing to or interacting with the 'real' operating system, registry or user data. Items treated in this way will include any emerging, zero-hour threats and any threats that are not covered by an 'out-dated' database on the endpoint How to Upgrade The 'How to Upgrade' link provides a direct link to documentation detailing the steps required to upgrade older versions of CESM to the latest version. Click Here to go there now. Further reading related to the topic of this page: How to upgrade to the latest version of Comodo Endpoint Security Manager. Installing Comodo Endpoint Security Manager. System Installation Requirements for Comodo Endpoint Security Manager. Upgrading a trial license to a full license How to Install CIS The 'How to Install CIS' link provides a direct link to documentation detailing the steps required to install Comodo Internet Security. Click here to go there now. 83

84 How to Configure CIS The 'How to Configure CIS' link provides a direct link to documentation detailing the steps required to configure Comodo Internet Security. Click here to go there now How to Install CDE The 'How to Install CDE' link provides a direct link to documentation detailing the steps required to install Comodo Disk Encryption. Click here to go there now How to Buy Licenses for More Endpoints The 'How to Buy License for More Endpoints' link provides a direct link to documentation detailing the procedure to buy license for more endpoints. Click here to go there now New Release Features Version 1.6 New Release Features New - GUI Localization The CESM Administrative Console now features Chinese language support. To switch languages, select 'View > Languages' then make your choice from those available. Chinese is the first of many planned languages as we expand our internationalization efforts and further improve the service we provide to our non-native English speaking audiences. New - General software maintenance and improvements. Version 1.6 also contains numerous updates, improvements, tweaks and bug fixes in response to reports by customers and by the Comodo forum community. Version 1.5 New Release Features New - Integration with Comodo Internet Security 4.0. The latest version of CIS heralds a major leap forward in security and usability with the introduction of the new Sandbox feature - an isolated operating environment for untrusted applications. Under default settings, unknown executables are now automatically sandboxed so that they cannot make changes to other processes, programs or data on the endpoint. Key benefits include: Even higher levels of protection - Comodo have integrated sandboxing technology directly into the security architecture of CIS to complement and strengthen the existing Firewall, Defense+ and Antivirus layers. Less noise for CESM administrators - CIS 4.0 generates far fewer alerts with absolutely no loss in security. Administrators looking to get on with more productive tasks can 'set it and forget it' with confidence A smoother experience for endpoint users - automatically sandboxing untrusted applications has the dual benefit of allowing 'unknown but ultimately safe' programs to run as they normally would while completely isolating 'unknown and malicious' programs where they can do no damage. By uniquely deploying 'sandboxing as security', CIS 4.0 increases the overall protection enjoyed by corporate networks, lowers administrative burden without compromising security and eliminates disruption to the workflows of endpoint users. Improved - 'Start' page reloaded. With version 1.5, CESM's interactive dashboard is now more informative, powerful and easier to use than ever before. The Start page provides fingertip access to all major functionality; allows administrators to easily monitor endpoint security status; serves as a launchpad to run common tasks and provides fast access to support resources and other useful information. Additions to the Start page in version 1.5 include: LivePCsupport integration. Administrators can now initiate real-time support chats with Comodo support by clicking a single button on the Start page. LivePCsupport is an always-on link to a human support operative who can answer questions, provide guidance and even remote desktop into network machines to help resolve any issues. Real time security, operational and licensing data is now featured throughout the Start page, including: Highly visible graphics displaying the real-time security and update status of managed endpoint machines. Simple and clear, the new graphics deliver a holistic view of overall network security and help provide an immediate heads up on developing threats and at-risk machines. Task status information. The Start page now includes a summary of tasks that are currently being executed. 84

85 The product update information is now prominently displayed on the Start page. Provides an easy approach to view and upgrade the license by displaying respective links in the Start page. New - Even greater visibility and control of endpoint computers from the CESM console. In addition to existing capabilities, right clicking on any managed machine now features: Enhanced 'Power Control' options. Administrators can remotely instruct an endpoint to shut down, restart, stand by or hibernate. Remote desktop capability. Administrators can take control of any managed endpoint directly from the CESM console to perform any tasks they wish (including general maintenance tasks not related to Comodo software). A more comprehensive 'Properties' dialog that facilitates extensive micro-management of any endpoint, including: View / Start / Stop services; View / Uninstall software that is already installed on the machine; View / Stop running processes; View Windows restore points / Roll back machine to a specific Windows restore point; View / Reconfigure existing power management settings such as the length of time before the monitor or hard disks are switched off or the machine goes into standby/hibernation. Improved - Task Execution. The 'Computers' pane now allows the administrator to group-select multiple machines and simultaneously implement tasks such as: Manage / Unmanage endpoints Install agents or software packages on multiple machines Send messages to multiple target computers Restart, shut-down or place multiple targets into standby or hibernation Initiate CIS tasks, including deploying a preset CIS security policy and initiating virus scans on the target machine. Improved - Task Result Manager. Apart from a more intuitive design architecture, the Task Result Manager now contains a progress bar for every task under execution. New - Local administration mode. CESM 1.5 allows the CIS 4.0 interface to be accessed and managed from the endpoint machine itself. After specifying a local access password, CESM administrators can use this functionality to: Devolve limited powers to end-point users. For example, to allow them to answer their own CIS alerts rather than rely upon administrator assistance (invaluable for workers outside the corporate VPN); Conveniently access and reconfigure CIS at the local machine rather than from the remote console. New - Detailed reporting capabilities. Administrators can now quickly generate highly informative reports on Malware Statistics, Antivirus Database Updates and Computer Details. Each type of report is fully customizable and can be ordered for anything from a single machine right up to the entire managed environment. New - CESM server configuration tool. Administrators can more easily modify CESM service settings using the built in configuration tool. This includes starting and stopping the CESM service, modifying database connection settings, modifying server and agent ports and viewing event logs. New - Software deployment and configuration tools: Product installation wizard - step-by-step wizard guides administrators through the installation and configuration of Comodo software packages on endpoint machines. This wizard will also detect and offer to remove any software like third party Antivirus software on the endpoint that is incompatible with Comodo products. Custom setup wizard - enables administrators to create custom setup folders that contain the remote agent and the precise combination and configuration of Comodo software required for specific endpoints. Improved - Simplified agent operations. It is now possible to update or uninstall remote agents from multiple machines with a single click. Improved - Licensing. New license merging capabilities allow customers to more easily add additional endpoints to their license. Additionally, improvements to the CESM installer mean customers can choose to add the Comodo Warranty to their license during initial setup - ensuring coverage throughout the entire product deployment life-cycle. 85

86 Improved - CIS Alerts. Alerts now feature powerful new functionality: Ability to create a Windows restore point on the endpoint machine prior to implementing the administrators response to the alert Ability to instantly submit unknown files to Comodo for analysis directly from an alert Ability to dynamically add software vendors to the local trusted vendor list directly from an alert Improved - Notifications. Newly implemented product update manager immediately alerts administrators whenever new versions of Comodo software become available for download. New - Safe list and trusted vendor management. CESM administrators can now remotely append, replace or remove executables from the local whitelist of endpoint machines. Similarly, trusted vendors can be quickly added or removed on a per-machine or network wide basis. New - Real time navigation of remote files and folders. New functionality allows administrators to explore the file systems of managed endpoints to run on-demand virus scans of selected items FAQs The 'FAQs' link provides a list of frequently asked questions about CESM. Click here to go there now Forums Comodo forums are a family of dedicated message boards created exclusively for our users to discuss anything related to our products. Clicking the 'Forums' link will open your default browser at the CESM sub-forum at Because the boards are always heavily populated, posting your question can often be one of the fastest ways to get assistance on CESM (though customers are encouraged to first consult their appropriate support channel). The forums are also a great place for you to air your suggestions and general experiences whilst using the product. Registration is free and by joining in you'll benefit from the expert contributions of developers and fellow users alike The 'Support' Area The 'Support' area of the 'Start Page' is a ready reference for administrators should they need help to configure or troubleshoot Comodo Endpoint Security Manager. 86

It displays details on getting phone support, submitting a support ticket at online knowledgebase and getting LivePCSupport : Call: Contains support phone numbers; Submit a Ticket: Contains a link to

87 It displays details on getting phone support, submitting a support ticket at online knowledgebase and getting LivePCSupport : Call: Contains support phone numbers; Submit a Ticket: Contains a link to Comodo's online knowledgebase; Live PC Support: Connects to Comodo's Live PC Support - the quickest, most comprehensive way of getting help with your computer problems. Support Ticketing System The 'Submit a ticket' link will open the Comodo support portal at After registering for a free account, customers can submit support tickets that will be handled by our professional and experienced product experts. The support portal also contains a product knowledge base and other useful links that can help to solve some of the most common queries about the product. Administrators are also encouraged to register at the Comodo community messageboards (Sign up at : More information about the forums is available here). The FAQ section of this guide can also help to solve many of the most common problems. This help guide contains detailed advice on every area of CESM. Administrators are advised to consult the guide before contacting support. 87

88 Live PC Support Live PC Support offers the quickest, most comprehensive way of getting help with problems surrounding your CESM deployment. All CESM license holders receive unlimited access to livepcsupport services. LivePCsupport is delivered via a secure chat window and can be started in any of the following ways: Click the 'Live PC Support' link in the 'Support' area of the 'Start' page Click 'Help > Live PC Support...' from the CESM file menu From the Windows Start Menu - Click All Programs > COMODO > livepcsupport > Comodo livepcsupport. Starting the service in any of the ways described above will open the following login dialog: Select the type of service you need: 88

89 Other - Select if you need assistance in setting up and managing endpoints and other Windows/System related problems; Virus Infection - Select if you need assistance in removing viruses, malware etc. from your server/endpoints. So that you will be connected to the technician skilled in the specific area. Clicking any of the options will open the registration screen. Try Now - The easiest and fast way to get the services is by clicking the 'Try Now!' link. Within seconds, a Comodo Support Technician will respond in a chat window and ask you to describe the problem. 89

90 Explain the problem in the server/managed endpoint and also provide the IP address of the endpoint in which the problem has arisen. The technician will access the server/endpoint through a remote desktop and fix the problems. The trial service does not require a subscription. Register - Clicking the 'Register' link will take you to the LivePCSupport trial sign-up page. Follow the sign up procedures. Your subscription ID will be sent to you by . 90

91 Sign-in - Click this button if you already have a subscription ID. At the login box: Enter the Subscription ID you received through and click 'Next'. Within seconds, a Comodo Support Technician will respond in a chat window and ask you to describe the problem. 91

92 Explain the problem in the server/managed endpoint and also provide the IP address of the endpoint in which the problem has arisen. The technician will access the server/endpoint through a remote desktop and fix the problems. Apart from answering routine support questions, livepcsupport technicians are also on hand to perform any of the following services: Virus Diagnosis / Removal - If required, any endpoint is thoroughly checked for viruses and spyware. If any are discovered they are expertly removed and your computer restored to it's pre-viral state. PC Tune Up - Expert evaluation of issues affecting your computer's performance. Fine Tuning key areas and improving speed and stability. Internet Login Protection - Activating the basic security settings of a computer to prevent loss of sensitive data and identity theft. Account Set Up -Setting up any Internet-based account for an endpoint any provider, any account. Software Installation -Installing your Comodo products and customizing configuration for maximum security protection and efficiency. Technicians can also identify and remove any software that is not compatible with Comodo products. Green PC - Optimization of power management settings. Technicians can do this on a per endpoint basis or can help configure power settings through the CESM console. Computer Troubleshooting -Check for basic hardware conflicts in Windows. 92

3.4 Importing Network Structure This section outlines the preliminary steps required to establish control of networked computers under Comodo Endpoint Security Manager.

93 3.4 Importing Network Structure This section outlines the preliminary steps required to establish control of networked computers under Comodo Endpoint Security Manager. Ultimately, any computer (or group of computers) must be designated as a CESM 'Managed' computer in order for an administrator to define and schedule tasks for the Comodo applications installed upon it. To complete this process, you will need to carry out the following steps: i. ii. iii. iv. Import networked computers into the CESM Administrative Console (Optional) Create computer 'Groups' within CESM Administrative Console to simplify management Assign 'Managed' status to those computers that you wish to control Install the CESM Remote Agent on those Managed computers After completing steps (i) through (iv) you will have successfully finished the initial setup of your CESM configuration and can begin to set tasks for your chosen Managed machines. For example, you can begin to roll out the installation of CESM controlled applications such as Comodo Internet Security to those machines (Full details on each aspect of creating and setting Tasks can be found in 'The Administrative Console'. A walk through example can be found in 'Managing Computers using the CESM Administrative Console'). Note: CESM also allows the Administrators to add individual computers. For more details see Importing Computers by IP Addresses Initiating the import After successfully installing and logging into the CESM Administrative Console the first task an administrator should complete is to import their network structure. CESM allows administrators to import computers from an Active Directory or from a Windows Workgroup. It also allows to import individual computers by specifying their IP addresses or a range of IP Addresses. To begin importing a network structure: Click the 'Import' button on the 'Computers' task bar above the Computer list pane The Computers Import wizard will be started and the welcome screen will be displayed. 93

94 Computers to be managed can be imported into CESM in the following ways: Import from Active Directory - imports computers from an Active Directory Domain Import from Workgroup - imports computers from a workgroup Import Computers by IP Address - to import individual computers by specifying their IP Addresses, DNS names or a group of computers by specifying their IP Address range. CESM can manage an unlimited number of networked computers so, administrators should repeat this process until all computers for which management is required have been successfully imported. Note: Licenses are required for each computer you wish to manage. Full explanations of importing using the sources can be found in the following sections: Import from Active Directory, Import from Workgroup and Import Computers by IP Address. Select the source if you want to import the computers from Active Directory or Workgroup or select IP-based import if you want to import computers by specifying their IP addresses or DNS names Importing from Active Directory Choosing to import computers from 'Active Directory' will open up the following preferences dialog: 94

95 Domain Import Settings - Table of Parameters Import from current domain (Selected by default) Selecting this option will import all computers from the Active Directory domain that the administrator is currently logged into. Import from specified domain controller Selecting this option allows the administrator to specify an alternative Active Directory domain from which computers will be imported. Choosing this option requires administrators to specify the following details: Domain: Administrators should enter the IP address or name of the Active Directory domain controller from which they wish to import. Login: Enter the user-name of a user with administrative rights to domain controller from which they wish to import. Password: Enter the password of the user specified in the 'Login' field. Use advanced import settings Selecting this checkbox enables the Administrator to make advanced filter settings for importing the computers and domain controllers from the specified Active Directory. Enter the details in the Domain Import Settings interface and click 'Next'. If you have selected 'Use advanced import settings' checkbox, the Advanced Domain Import Settings dialog will appear, else this step will be skipped. 95

96 Advanced Domain Import Settings-Table of Parameters Import Computers Only Selecting this option means that only computers will be imported from the domain specified in the 'Active Directory Domain' section. Domain controllers belonging to that domain will not be imported. Import Domain Controllers Only Selecting this option means that only domain controllers will be imported from the domain specified in the 'Active Directory Domain' section. Computers belonging to that domain will not be imported. Import Computers and Domain Controllers Selecting this option means that both computers and domain controllers will be imported from the domain specified in the 'Active Directory Domain' section. Update Organizational Units (Checked by default) Selecting this option means that organizational units' names (tree folders names) will be updated automatically. Import Changed Computers only Selecting this option means that only computers whose Active Directory configuration has been modified will be imported. Make your selections and click 'Next'. A confirmation dialog will appear: 96

97 Click 'Previous' if you want to review and change the setting made in the previous steps or click 'Next'. The import progress will be indicated and the 'Import Finished' dialog will be displayed on successful import of the computers from Active Directory. If you want to assign Managed Status to all the computers imported from this workgroup, select the checkbox 'Manage imported computers' and click 'Finish'. If you want to assign Managed status selectively, uncheck the check box and click Finish. You can assign Manged Status to selected computers later. See Assigning Managed Status to Imported Computers for more details. When the Active Directory import process is finished, the full list of imported items will be displayed in a tree in the Computers pane of CESM manager: 97

Administrators now have the following broad options: Add More Computers: Administrators can add further computers to the list by repeating the Active Directory Import Process and/or using by using

98 Administrators now have the following broad options: Add More Computers: Administrators can add further computers to the list by repeating the Active Directory Import Process and/or using by using the Workgroup import process. Create Groups from these Computers: Creating user-defined groups of computers is perhaps the easiest and fastest way to roll out tasks to multiple machines or entire networks. Please refer to the section 'Managing Groups of Computers' for more details on the steps involved in this process. Manage these computers: At this stage, all computers and/or domain controllers in the Domain have 'Unmanaged' status (Unmanaged status is indicated by the Grey color of the icon next to the computer's name). In order for CESM to establish control of these computers, two further actions must be taken: (1) Assign "Managed" Status to the computer(s). Full instructions on how to create Managed computers can be found in section Assigning Managed Status to Imported Computers; (2) Install CESM Remote Agent on the computers. Full instructions on installing agents onto computers can be found in section Installing CESM Remote Agent Importing from a Workgroup Choosing to import computers as 'Workgroup' will open up the following preferences dialog: 98

99 Workgroup Import - Table of Parameters Workgroup name Administrators should enter the name of a network Workgroup which they wish to import. Enter the Workgroup name in the text box and click 'Next'. A confirmation dialog will appear. Click 'Previous' if you want to review and change the setting made in the previous steps or click 'Next'. The import progress will be indicated and the Import Finished dialog will be displayed on successful import of the computers from the Workgroup. 99

If you want to assign Managed Status to all the computers imported from this workgroup, select the checkbox 'Manage imported computers' and click 'Finish'.

100 If you want to assign Managed Status to all the computers imported from this workgroup, select the checkbox 'Manage imported computers' and click 'Finish'. If you want to assign Managed status selectively, uncheck the check box and click Finish. When the Workgroup import process is finished, the full list of imported items will be displayed in a tree in the Computers pane of CESM manager: Administrators now have the following broad options: Add More Computers: Administrators can add further computers to the list by repeating the Active Directory Import Process and/or using by using the Workgroup import process. Create Groups from these Computers: Creating user-defined groups of computers is perhaps the easiest and fastest way to roll out tasks to multiple machines or entire networks. Please refer to the section 'Managing Groups of Computers' for more details on the steps involved in this process. Manage these computers: At this stage, all computers and/or domain controllers in the Workgroup have 'Unmanaged' status (Unmanaged status is indicated by the Grey color of the icon next to the computer's name). In order for CESM to establish control of these computers, two further actions must be taken: (1) Assign "Managed" Status to the computer(s). Full instructions on how to create managed computers can be found in section Assigning Managed Status to Imported Computers. 100

101 (2) Install CESM Remote Agent on the computers. Full instructions on installing agents onto computers can be found in section Installing CESM Remote Agent Importing Computers by IP Addresses Choosing to IP based import will open up the following configuration dialog: Click the drop-down arrow in the Add button. The computers can be added into CESM through IP-based import by three methods. By specifying IP Addresses or DNS Names By specifying IP Addresses and Subnet masks By specifying IP Address Ranges To import an individual computer by specifying IP Address/DNS Name, select the option IP Addresses/DNS Names from the drop-down menu, enter the IP Address or the DNS name of the individual computer in the IP Address properties dialog and click OK. Note: Clicking the Add button will enable you to import an individual computer by specifying IP Address/DNS Name. Through this method, only one computer can be added at a time. To add more number of computers the processes can be repeated. 101

102 To import Computers by specifying IP Addresses and Subnet mask, select the option IP Addresses and Subnet masks from the drop-down menu, enter the IP Address and the Subnet masks in the IP Address and Subnet mask properties dialog and click OK. To import a group of computers by specifying their IP Address range, select the option IP Address Ranges from the drop-down menu, enter the IP Address range in the IP Address Range properties dialog and click OK. CESM can manage an unlimited number of networked computers so, administrators should repeat this process until all computers for which management is required have been successfully imported. Note: Licenses are required for each computer you wish to manage. The added computers are listed in the next dialog. You can select or deselect the computers to be added from this screen by selecting/deselecting the checkbox beside each computer name. 102

103 Click Next. Click 'Previous' if you want to review and change the setting made in the previous steps or click 'Next'. The import progress will be indicated and the Import Finished dialog will be displayed on successful import of the computers. 103

104 If you want to assign Managed Status to all the computers, select the checkbox 'Manage imported computers' and click 'Finish'. If you want to assign Managed status selectively, uncheck the check box and click Finish. The new computers will be added to the Computer tree in the Computers window. Administrators now have the following broad options: Add More Computers: Administrators can add further computers to the list by repeating the Active Directory Import Process and/or using by using the Workgroup import process. Create Groups from these Computers: Creating user-defined groups of computers is perhaps the easiest and fastest way to roll out tasks to multiple machines or entire networks. Please refer to the section 'Managing Groups of Computers' for more details on the steps involved in this process. Manage these computers: At this stage, all computers and/or domain controllers in the Workgroup have 'Unmanaged' status (Unmanaged status is indicated by the Grey color of the icon next to the computer's name). In order for CESM to establish control of these computers, two further actions must be taken: (1) Assign "Managed" Status to the computer(s). Full instructions on how to create managed computers can be found in section Assigning Managed Status to Imported Computers. (2) Install CESM Remote Agent on the computers. Full instructions on installing agents onto computers can be found 104

105 in section Installing CESM Remote Agent. Additional Information Workgroup computers will not be imported if they are not powered on. Any Workgroup computers that were previously poweredoff or disconnected from the network can be imported into the list by re-running the 'Workgroup Import' process. Any newly added computers can be imported into the list by re-running 'Active Directory' Import or 'Workgroup Import' using either of the two methods outlined above. The list of computers displayed in the tree can also be refreshed by right clicking in the Computer List pane and selecting 'Refresh' from the context sensitive menu. 3.5 The 'Computers' and 'Group Manager' Windows The 'Computers' and 'Group Manager' windows play a key role in the CESM Administrative interface window by providing system administrators with the ability to import, view and manage networked computers. The 'Computers' window displays the network structure of imported machines in a familiar hierarchical tree structure and can also be used as the launchpad for running tasks and controls on imported machines. For a more detailed summary of the functionality of the Computers window, see section The 'Computers' Window - Functionality and Purpose. For a detailed tutorial explaining how to import computer structures then configure those computers for management under CESM, see section Importing Network Structure. For a detailed tutorial explaining how to import newly added computers individually, see the section Importing Computers by IP Addresses. The 'Group Manager' window displays a list of user-defined groups of imported computers. Creating groups of computers allows the administrator to split large networks up into convenient and/or logical groupings. For example, an administrator may create groups of computers called 'Sales Department', 'Accounts Department', 'Vista Workstations', 'XP Workstations', 'Domain Controllers', '64 bit Machines' or 'All Managed Computers'. Once created, the administrator can create and deploy tasks to run all machines belonging to that group. For a more detailed summary of the functionality of the Group Manager window, see section The 'Group Manager' window - Functionality and Purpose. For a tutorial explaining how to set up a group of imported computers, see section Managing groups of computers. By default, the 'Computers' and 'Group Manager' windows are displayed next to each other in a tab structure as shown below. Administrators can view each as an individual window and re-position them according to their preferences by simply left-clicking + hold on either tab then dragging the window to the desired location. 105

3.5.1 The 'Computers' Window - Functionality and Purpose The 'Computers' window allows the administrator to: Import network structures from Active Directory Domains and Windows Workgroups into the

106 3.5.1 The 'Computers' Window - Functionality and Purpose The 'Computers' window allows the administrator to: Import network structures from Active Directory Domains and Windows Workgroups into the CESM Administrative Console. For a detailed tutorial on importing network structures, see Importing Network Structure. Add computers individually into CESM Administrative by using IP Addresses. For a detailed tutorial on adding an individual computer, see Importing Computers by IP Addresses. Assign 'Managed' status to individual computers, Domains, Domain controllers or Workgroups for which control of Comodo applications is required. For more details on the importance of assigning 'Managed Status', see Preparing Imported Computers For Remote Management. Install or uninstall the CESM Remote Agent onto computers with 'Managed' status so that the CESM Central Service can establish or relinquish control of the machine. See Installing CESM Remote Agents for more details. Create a new Task to run on this computer. Selecting 'Create Task' from the right-click menu will open the 'New Task' dialog with the selected computer already preselected as the target. See The 'Task Manager' window for more details. View 'Discovered Data' about the selected computer. 'Discovered Data' is information that has been collected by a Task that ran a Discovery Profile on the selected computer. See section The 'Discovery Profiles' Window for more details. Administrators can open the 'Computers' window in the following ways: Via the File Menu. Select View > Computers to open the 'Computers' window Via the shortcut toolbar button: Icon to access 'Computers' tab Via keyboard shortcut. Press 'CTRL + ALT + C' to open the 'Computers' window. Window Specific Controls - 'Computers' Menu Element Import Element Icon Description Initiates the 'Computer Import Wizard' - allowing the Administrator to import network 106

107 Window Specific Controls - 'Computers' computers to be managed from Active Directory or Workgroup or to import an individual computer or a group of computers by specifying their IP addresses. See the section Importing Network Structure for more details. Show All Click the 'Show all' button to view all hidden items (workstations). Expand All Click the 'Expand All' command to expand all of the items in the tree. Collapse All Click the 'Collapse All' command to collapse all of the currently items in the view. Search Click the 'Search' button to find the needed unit or target workstation in the tree. Export Agent Installation Files Exports the folder containing agent installation files to the location of Administrator's choice for copying to a removable media like CD, DVD or USB memory, enabling manual installation of the Remote Agent on to target machines. 'Computers' Window - Tree Icons Tree Icon Description Root folder icon. Domain / Workgroup icon Organizational Unit Computer Status = Unmanaged. All newly imported computers are unmanaged until the administrator chooses to manage them. CESM cannot interact with a computer unless it has 'Managed' status. Computer Status = Managed but not connected to CESM Central Service. The CESM Remote Agent must be installed on a workstation in order for it to connect to central service. Computer Status = Managed and connected to CESM Central Service. Computer Status = Managed, connected to CESM Central Service and CESM Warranty is enabled. Right clicking on any workstation, Domain, Domain controller or workstation listed in the 'Computers' window will open a context sensitive menu that allows the following actions to be carried out on the computer/group: 107

108 108

109 'Computers' Context Sensitive Menu - Table of parameters Action's name Description Control Manage - Assigns "Managed" Status the selected item. Unmanage - Removes "Managed" status from the selected item. Enable Warranty - Sets the status of the computer as Warranted Computer. Disable Warranty - Removes the 'Warranted' status of the computer. Install Agent - Will initiate the CESM Remote Agent installation procedure on the selected item. Update Agent - Will initiate the CESM Remote Agent update procedure on the selected item, enabling to update to the latest version of Agent. Uninstall Agent - Will initiate the CESM Remote Agent uninstallation procedure on the selected item. Show Hidden computers can be made visible at Computers' panel again by clicking "Show all" button. Hide Hides the selected item so that it is not displayed in the tree. This is handy should, for example, an administrator only wish to view CESM 'Managed' computers. Note: Computers can not be deleted from the display can be hidden if required. Open Discovered data Power Control Allows the administrator to view 'discovered' data about the selected item. Discovered data is fetched by running a task that includes a CESM 'Discovery Profile' on the item. Allows the Administrator to turn off the selected workstation, unit or group, with the following options: Shut down - Shuts down the selected workstation; Restart - Restarts the selected workstation; Stand by -Drives the selected workstation to stand-by state; Hibernate - Hibernates the selected workstation. Note: This option is available only for managed workstations in which the Remote Agent is installed and connected to the CESM console. Allows the Administrator to send a text message to the user(s) of the selected workstation, unit or group. On clicking the Send Message... option, a Send Message dialog will appear. Send Message... The Administrator has to type the message and click OK. The message will be delivered to the selected workstation(s) instantly. Note: This option is available only for managed workstations in which Remote Agent is installed and connected to the CESM console. The message will be displayed at the endpoint only if the user has logged in to it. Command Prompt... Allows the Administrator to open the Command Prompt window of the selected workstation. The Administrator can execute the Command Line Controls instantly and directly on the managed workstation from the CESM console. Note: This option is available only for managed workstations in which Remote Agent is installed and 109

110 'Computers' Context Sensitive Menu - Table of parameters connected to the CESM console. Allows the Administrator to directly connect to the desktop of a target endpoint through Remote Desktop connection. Remote desktop connection Install Note: The target endpoint computer should have the Remote Desktop access enabled on it. Also the Administrator needs to enter the login credentials for the machine to gain access. Tip: The Remote Desktop access can be enabled by clicking Start > Control Panel > System > System Properties > Remote tab and selecting the checkbox 'Allow users to connect remotely to this computer' at the target endpoint. Allows the administrator to install a Comodo (or 3rd party).msi package onto the target computers or group of computers (for example, this option can be used to install the Comodo Internet Security or Comodo Disk Encryption packages). For more details on how to install the applications from the right click options see the section Context Sensitive Menu - Installing Applications given below. Note: This option is available only for managed workstations in which Remote Agent is installed and connected to the CESM console. Internet Security Allows the administrator to run an on-demand antivirus scan on the endpoint, view Antivirus, Firewall and and Defense + logs, to configure Comodo Internet Security, update Antivirus database and to set a local mode password for the endpoint instantly. More details on these options are provided later on this page in Context Sensitive Menu - Internet Security. Note: This option is available only for managed workstations in which Remote Agent is installed and connected to the CESM console. Create Task Allows administrators to create and execute a new task on the selected endpoint computer. Click here for a detailed explanation of the process. Show notifications Opens the Notification Monitor window and displays a list of the notifications generated for the selected endpoint. Show requests Opens the Request Monitor window and displays a list of the requests generated by the CESM controlled Comodo applications such as Comodo Internet Security, from the selected endpoint. Properties Opens the 'Properties' dialog for the selected object and allows the Administrator to view details for the selected object such as Name, Guid, Sid, Creation date, Date of last modification, DNS (for workstations only), Status (for workstations only), and view and manage discovered data such as Windows Services, Installed Products, currently running Windows processes, created Windows Restore Points and Power Options. See the section Context Sensitive Menu - Properties given below for more details. Tip: The actions from the context sensitive menu can be executed simultaneously on more than one endpoint by holding the 'Control' key, selecting individual machines and right-clicking to open the context sensitive menu. 110

111 The action selected from the context sensitive menu will be executed on all the selected computers. Context Sensitive Menu - Installing Applications The Install option in the context sensitive menu enables the Administrators to install the CESM managed applications to the endpoint(s) instantly. To install an application Right- click on the selected endpoint and point to 'Install ' Select a package from the list 111

112 OR To install a package which has not be uploaded to CESM, select 'Browse...'. This will open the standard Windows file browser: Browse to the local or network location to which you have saved Comodo.msi files. Select the appropriate file and click 'Open'. The installation package will be uploaded to CESM and then installed to the endpoint(s). The selected application will be installed on to the endpoint(s). For more details on the uploading the installation packages see the section The Package Management Window. Note: You can also install applications by creating a Task with a Sequence containing the Install Package Action and executing the Task on selected endpoints. See the sections The Sequence Manager Window and The Task Manager Window for more details. Context Sensitive Menu - Internet Security This option enables administrators instantly execute the following tasks on endpoints that have CIS installed: Configure the Comodo Internet Security installation in the endpoint; View the Antivirus, Firewall and Defence+ logs for the selected endpoint; Run an on-demand Antivirus scan on the selected endpoint; Set Local Mode access password; Update the Antivirus database on the selected endpoints. 112

113 To deploy a CIS security profile on the target endpoint. Right click on the selected endpoint, point to Internet Security > Configuration. The Configuration options will be displayed To select a predefined configuration for CIS, select any one of the options from: Endpoint Security; Internet Security; Proactive Security; Antivirus Security; 113

114 Firewall Security. Click here for more details about these predefined CIS configurations. To manually specify the configuration settings for CIS, choose 'Custom...'. The CIS Configuration Editor' will open. This will allow you to modify settings as per your requirements. Click Here to see the 'CIS Configuration Editor' To learn more about the settings in the configuration editor, Administrators are advised to download the dedicated CIS Configuration Editor User Guide from: To view the CIS logs for the selected endpoint Right click on the selected endpoint, point to Internet Security > Logs. The Log options will be displayed. To view the Antivirus log, select Antivirus; The log of Antivirus events will be displayed. Click here for more details. To view the Firewall log, select Firewall; The log of Firewall events will be displayed. Click here for more details. To view the Defense+ log, select Defense+ The log of Defense+ events will be displayed. Click here for more details. 114

115 Antivirus Logs Window AntiVirus Logs Window - Table of Menu bar Options Menu Element Description Save As Enables the Administrator to save the log as comma separated values (csv) or html file at a desired location. Today Filters the log and displays all logged events for today. This Week Filters the log and displays all logged events during the past 7 days. This Month Filters the log and displays all logged events during the past 30 days. Refresh Refreshes the list of events in the log window. Column Descriptions 1. Status - Gives the status of the action taken. 2. Location - Indicates the location where the application detected with a threat is stored; 3. Date - Indicates the date of the event; 4. Malware Name - Gives the name of the Malware; 5. Action - Indicates action taken against the malware through Antivirus; 115

Firewall Logs Window Firewall Logs Window - Table of Menu bar Options Menu Element Description Save As Enables the Administrator to save the log as comma separated values (csv) or html file at a

116 Firewall Logs Window Firewall Logs Window - Table of Menu bar Options Menu Element Description Save As Enables the Administrator to save the log as comma separated values (csv) or html file at a desired location. Today Filters the log and displays all logged events for today. This Week Filters the log and displays all logged events during the past 7 days. This Month Filters the log and displays all logged events during the past 30 days. Refresh Reloads and updates the list of events in the log window. Column Descriptions 1. Details - Contains a summary of the details of the connection attempt and the action taken by the firewall. 2. Destination IP - States the IP address of the host to which the connection attempt was made. This is usually the IP address of your computer for inbound connections. 3. Source IP - States the IP address of the host that made the connection attempt. This is usually the IP address of your computer for outbound connections. 4. Date - Indicates the precise details of the date and time of the connection attempt. 5. Application - Indicates which application or process propagated the event; 6. Protocol - Represents the Protocol application attempted to use to create the connection. This is usually TCP/IP or UDP - which are the most heavily used networking protocols. 7. Action - Indicates how the firewall has reacted to the connection attempt. 116

117 Defense+ Logs Window Defense+ Logs Window - Table of Menu bar Options Menu Element Description Save As Enables the Administrator to save the log as comma separated values (csv) or html file at a desired location. Today Filters the log and displays all logged events for today. This Week Filters the log and displays all logged events during the past 7 days. This Month Filters the log and displays all logged events during the past 30 days. Refresh Reloads and updates the list of events in the log window. Column Descriptions 1. Target - Represents the location of the target file. 2. Date - Contains precise details of the date and time of the access attempt. 3. Application - Indicates which application or process propagated the event. If the application has no icon, the default system icon for executable files will be used. 4. Action - Indicates kind of action. Running an On-Demand Antivirus Scan Right click on the selected endpoint, point to Internet Security > Scan. The Scan options will be displayed. 117

118 You can choose to scan: Manually defined area(s) Preselected areas(s) To manually configure the locations to be scanned Choose 'Custom...'. The 'Remote File System' dialog will open to specify the disk(s), Folder(s) or File(s) to be scanned. 118

119 Browse to the disk(s), folder(s) or file(s) to be scanned and select the checkboxes beside them Click 'OK'. An antivirus scan will be run on the selected locations/objects and a notification will appear on completion of the scan. The results can be viewed by right clicking on the endpoint and selecting Internet Security > Logs > Antivirus or in the Task Results Manager Window. To scan preselected areas, select any one of the options from: Full system scan - To scan the entire system; System Drive - To scan the drive partition in which the Operation System is installed (usually, this is C:\) Program Files - To scan the 'Program Files' folder of the Operating System Windows - To scan the Windows folder containing the Windows OS files and drivers. Context Sensitive Menu - Set Local Mode Password Allows the CESM administrator to set a password that will let the endpoint user access the CIS interface locally. Once CIS has been set to 'Local Mode', the endpoint user will be responsible for answering their own alerts. This is in contrast to Remote Administration Mode where alerts from endpoint machines are sent to the CESM console in the form of Requests and require a response from the administrator. The ability to answer alerts at the local level is particularly useful for users that travel, work from home or are otherwise outside of the VPN (laptop users are good candidates for Local Mode). To set the Local Mode password: Right click on the selected endpoint, point to Internet Security > Set Local Mode Password.... The 'Set CIS Local Mode Password' dialog will be displayed. 119

Type a password in the 'Enter new password' text box and retype the password in the 'Confirm password' text box. This password can be used to enable Local Mode.

120 Type a password in the 'Enter new password' text box and retype the password in the 'Confirm password' text box. This password can be used to enable Local Mode. It must be typed into the CIS interface on the endpoint in question (click here to see how). This can be done by: The administrator informing the end user of the password and allowing that person to enable Local Administration Mode Alternatively, the CESM administrator could make a remote desktop connection to the endpoint to personally enable Local Administration Mode Note: In addition to creating a specific CESM password, Local Administration mode can also be enabled on an endpoint if the user is currently logged in as an administrator or can supply the user-name, domain and password of user with administrative privileges. Note: CESM administrators are advised to also read the next section 'Local Mode administration - more details'. Local Administration Mode - more details Enabling Local Access Mode on an endpoint machine Open the CIS interface on the Local Machine. This can be done by clicking the CIS tray icon or via the Windows 'Start' menu. Open the 'Summary' screen on the CIS interface. Click 'Switch to Local Administration Mode' in the 'Remote Management' area. This will open the Local Admin login box shown below: 120

Local Administration Mode can be enabled on an endpoint machine in one of three ways: Current Windows user - Select this option if the user is logged into the endpoint as a local administrator.

121 Local Administration Mode can be enabled on an endpoint machine in one of three ways: Current Windows user - Select this option if the user is logged into the endpoint as a local administrator. Click 'OK' to enter Local Admin Mode. Specific Windows user - Choose this option if the user is not logged in as a local administrator BUT knows the login credentials of a local admin. After entering the required details, click 'OK' to enter Local Admin Mode. ESM Access - Select this option if the CESM Administrator has specified a Local Admin password using the 'CIS Set Local Mode Password' command. After entering the password, click 'OK' to enter Local Admin Mode. The CIS installation will be immediately switched to Local Administration mode and a notification will be generated in the Notification Monitor Window of the CESM console. Enabling Local Administration Mode on an endpoint will give the end user full access and control over CIS security settings. It will also mean that they assume responsibility for answering CIS alerts. 121

Note: The notification will be received on switching an endpoint to Local Administration mode, only if the endpoint is online. No notification will be received if the endpoint is not online.

122 Note: The notification will be received on switching an endpoint to Local Administration mode, only if the endpoint is online. No notification will be received if the endpoint is not online. CIS in Remote Administration Mode - from the end users point of view By default, Comodo Internet Security is installed on endpoints in 'Remote Administration Mode'. From the perspective of the end user, this means that the CIS interface can be opened from the Windows 'Start' menu or by clicking the CIS task tray icon BUT the user cannot alter any settings. If the user attempts to modify any settings then a dialog box will inform them that they cannot change settings in Remote Administration Mode. It will also ask them if they would like to enable Local Administration Mode. If they select 'Yes' then they will need to enter access credentials as described earlier. The user will not be able to proceed unless they are a local administrator; know the login credentials of a local administrator or have been provided with a CIS Local Mode password. The CIS installation will be immediately switched to Remote Administration mode and a notification will be generated in the Notification Monitor Window of the CESM console. Disabling Local Administration Mode In order for the administrator to assume control over the CIS installation in Local Administration in an endpoint, it can be switched to Remote Administration mode. Open the CIS interface on the Local Machine. This can be done by clicking the CIS tray icon or via the Windows 'Start' menu. Open the 'Summary' screen on the CIS interface. Click 'Switch to Remote Administration Mode' in the 'Remote Management' area. 122

The CIS installation will be immediately switched to Remote Administration mode and a notification will be generated in the Notification Monitor Window of the CESM console.

The Antivirus database in the target endpoint will be updated to the latest version.

123 The CIS installation will be immediately switched to Remote Administration mode and a notification will be generated in the Notification Monitor Window of the CESM console. Update Antivirus Database To update the antivirus database installed on a target endpoint Right click on the selected endpoint, point to Internet Security > Update Antivirus Bases. The Antivirus database in the target endpoint will be updated to the latest version. Tip: You can check the version of the antivirus database installed in an endpoint by Generating an Antivirus Database Updates report. Click here for more details. Context Sensitive Menu - Properties The 'Properties' dialog provides administrators with the highest levels of control over endpoint machines and contains the following areas: General; Windows Services; 123

Installed Products; Currently Running Processes; Windows Restore Points; Power Options. Click any of the above to jump straight to that section of the guide.

124 Installed Products; Currently Running Processes; Windows Restore Points; Power Options. Click any of the above to jump straight to that section of the guide. General Name - The name of the computer; Guid - The globally unique identifier of the computer Sid - The System Identifier of the computer; Creation date - The date on which the computer was added to CESM console; Modified- The date of latest modification of system settings; DNS Name (for workstations only) - Domain Name Server Name identification of the computer (for workstations only); IP Address - The IP address of the endpoint device; Status (for workstations only) - The CESM connection and license status of the computer; System Information - The Hardware and Software information of the system. Clicking the Show Report link will create a more detailed 'Computer Details' report for the selected machine. Once generated, this report can be printed and/or exported to a variety of formats. Services The 'Services' tab displays a list of Windows Services configured to start when Windows is started and run in the background. The dialog also allows the administrator to start/stop the services at the endpoint. 124

Tip: The list will be displayed instantly if a task with a sequence that contained the action 'Discover Data' + Discovery Parameter = 'Windows services list' has been run on the endpoint previously.

125 Tip: The list will be displayed instantly if a task with a sequence that contained the action 'Discover Data' + Discovery Parameter = 'Windows services list' has been run on the endpoint previously. See The Discovery Profiles Window for more details. If you do not get the list of services displayed instantly, click the link Get Services list now, in the information area of the dialog. Installed Products The 'Installed Products' tab displays a list of applications and software products and packages currently installed at the endpoint. This dialog also allows the administrator to uninstall the unwanted applications/software products. Tip: The list will be displayed instantly if a task with a sequence that contained the action 'Discover Data' + Discovery Parameter = 'Installed products list' has been run on the endpoint previously. See The Discovery Profiles Window for more details. Click the 'Refresh' button to update the list. To uninstall a program, select the program from the list and click 'Uninstall'. 125

126 Processes The 'Processes' tab displays a list of Windows processes running currently at the endpoint. This dialog also allows the administrator to stop processes as required (for example, services that are currently problematic). Tip: The list will be displayed instantly if a task with a sequence that contained the action 'Discover Data' + Discovery Parameter = 'Windows processes list' has been run on the endpoint previously. See The Discovery Profiles Window for more details. Click the 'Refresh' button to update the list. If no processes are shown then click the 'Get Processes list now' link. 126

127 To stop a process, select the process from the list and either click the 'End Process' button or right-click and select 'End Process'. Restore Points The 'Restore Points' tab in the Properties dialog enables the administrator to view and use any Windows System Restore Points that have been created on the endpoint. The endpoint can be remotely restored to any listed restore point simply by clicking the 'Restore' button. Tip: If you do not see a list of restore points displayed instantly, click Get Restore Points information now, in the information area of the dialog. 127

128 Power Options The Power options tab enables the administrator to view and manage the power scheme settings of the endpoint computer. Setting up a tailored power profile for networked machines can help create substantial savings for organizations of any size. 128

The power scheme parameters are: Turn off monitor : <after X period of time> Turn off hard disks :<after X period of time> System standby :<after X period of time> System hibernates :<after X period

129 The power scheme parameters are: Turn off monitor : <after X period of time> Turn off hard disks :<after X period of time> System standby :<after X period of time> System hibernates :<after X period of time> To change the values of the parameters, select the desired value from the drop-down box beside the parameter and click 'Apply' for the settings to take effect The 'Group Manager' Window - Functionality and Purpose The 'Group Manager' window allows the administrator to: Define a CESM 'Group' of imported computers for the purposes of rolling out Tasks across multiple computers and/or networks. Creating groups of computers allows the administrator to split large networks up into convenient and/or logical groupings. For example, an administrator may create groups of computers called 'Sales Department', 'Accounts Department', 'Vista Workstations', 'XP Workstations', 'Domain Controllers', '64 bit Machines' or 'All Managed Computers'. For a tutorial explaining how to define a group of imported computers, see section Managing groups of computers. Instantly assign or remove 'Managed' status to all computers, Domains, Domain controllers or Workgroups that are members of that group. For more details on the importance of assigning 'Managed Status', see Preparing Imported Computers For Remote Management. Install or uninstall the CESM Remote Agent onto computers with 'Managed' status so that the CESM Central Service can establish or relinquish control of the machine. See Installing CESM Remote Agent for more details. Install (or uninstall) the CESM Remote Agent onto all computers in the groups so CESM Central Service can establish 129

130 or relinquish control of the machine. See Installing CESM Remote Agent for more details. Create a new Task to run on all computers in the group (for example, a task to install Comodo Internet Security on all computers in the group). Selecting 'Create Task' from the right-click menu will open the 'New Task' dialog with the selected Group already preselected as the target. See The 'Task Manager' Window for more details on the nature, implementation and types of Tasks available. Once a CESM 'Group' has been created, this group can be specified as the target entity for any new Tasks (or added to the target list of an existing task). The ability to roll out tasks to large numbers of machines will prove itself to be an invaluable timesaver in networks of all sizes: Administrators can open the 'Group Manager' window in the following ways: Via the File Menu. Select ' View > Group Manager' to open the 'Group Manager' window Via the shortcut toolbar button: Icon to access 'Group Manager' tab Via keyboard shortcut. Press 'CTRL + ALT + G' to open the 'Group Manager' window 130

131 The 'Group Manager' window lists all existing, user defined 'Groups' and provides the ability to Add, Remove and reconfigure groups. Window Specific Controls - Group Manager Menu Element Element Icon Description Add Initiates the 'Add New Group' dialog. More details can be found in Creating groups. Delete Deletes the currently selected group. Edit Opens the 'Edit Group' dialog - allowing the administrator to alter settings related to this group including Group composition, Name and Description. Export Agent Installation Files Refresh Exports the folder containing agent installation files to the location of Administrator's choice for copying to a removable media like CD, DVD or USB memory, enabling manual installation of the Remote Agent on to target machines. Updates the entire list of groups displayed in the Group Manager tab so it displays groups which have been recently created, deleted or modified. Right clicking on any group listed in the 'Group Manager' window will open a context sensitive menu that allows further actions to 131

132 be carried out on the group: 'Groups' Context sensitive menu - Table of parameters Action's name Description Add... Initiates the 'Add New Group' dialog. More details can be found in Creating groups Delete Deletes the currently selected group Manage - Assigns "Managed" Status the selected item. Control Unmanage - Removes "Managed" status from the selected item. Create Task Allows administrators to start the add new task process for the selected workstation, unit or group. Refresh Updates the currently selected group so that any recent changes to the group are reflected in the listing. Edit Opens the 'Edit Group' dialog - allowing the administrator to alter settings related to this group including Group composition, Name and Description. 3.6 The Package Management Window A CESM 'Package' is a file that is used for the installation, maintenance, and removal of software on Microsoft Windows operating systems. CESM 'Packages' are the installer files for Comodo applications such as Comodo Internet Security and come in the form of.msi files. You must upload the appropriate Package to CESM for the application you wish to manage on networked computers. Once uploaded, this package can be specified as the 'Installation Parameter' of an 'Install' or 'Uninstall' action. Available packages include products such as Comodo Internet Security, Comodo Disk Encryption and Comodo Offline Updater utility. The 'Uninstall' or 'Install' action may form part or all of a 'Sequence' of 'Actions' that will determine the purpose of any 'Task' you intend to run on a 'Managed' computer or group of computers.) Updated and new Comodo.msi files for use as CESM packages will be provided by Comodo as part of your license agreement. Certain packages have additional installation options that can be implemented by modifying the 'Arguments' field while creating a sequence that utilizes the 'Install' Action. For example, administrators have the option to install only the firewall or only the antivirus components of Comodo Internet Security (CIS). See 'Note on 'partial' installation options for Comodo Internet Security' at the foot of this page for more details on this. After installation is complete, administrators need to 'activate' the software by setting the configuration of the package. Installed software is not operational (active) until the administrator has done so. This is done by deploying a Sequence containing a 'Set Config' Action or a 'Set Predefined Config' Action for that package. For more details, see 'Install Package' and the 'Important Note: Package Configuration' in the table of Actions in the Sequence Manager page. Tip: Since CESM version 1.4, new packages can also be uploaded by clicking on the 'New Installation Package' wizard on the Start page Opening the Package Manager window Administrators can open the 'Package Manager' window in the following ways: 132

133 Via the File Menu. Select ' View > Packages' to open the 'Package Manager' window. Via the shortcut toolbar button: Icon to access 'Package Manager' tab By clicking on the 'New Installation Package' wizard on the Start Page Via keyboard shortcut. Press 'CTRL + ALT + P' to open the 'Package Manager' window. Once opened, the 'Package Manager' window enables administrators to add, view and re-configure CESM 'Packages'. Window Specific Controls - Package Manager Menu Element Element Icon Description Add Enables the user to add a new package to the list. Opens the 'Add New Package' dialog. See Adding a Package to Comodo Endpoint Security Manager for a short tutorial explaining this process. Delete Deletes the selected package. Edit Enables the administrator to edit package parameters such as Name and Description and/or to upload an alternative or updated.msi file. Refresh Updates list of packages. Update Products Opens the Managed Products Update Tool that enables the administrator to check for latest updates of the managed products and to download the latest version. Click here for more details. Right clicking on any Package listed in the 'Package Manager' window will open a context sensitive menu that allows further actions to be carried out on the group: 133

'Package Manager' Context Sensitive Menu - Table of parameters Action's name Description Add... Enables the user to add a new package to the list. Opens the 'Add New Package' dialog.

134 'Package Manager' Context Sensitive Menu - Table of parameters Action's name Description Add... Enables the user to add a new package to the list. Opens the 'Add New Package' dialog. See Adding a Package to Comodo Endpoint Security Manager for a short tutorial explaining this process. Delete Allows the user to delete the package. Create Install Sequence Allows the user to create a new Sequence for Installing the package on target computers. Create Uninstall Sequence Allows the user to create a new Sequence for Uninstalling the package from target computers Refresh Updates the list of packages. Edit Enables the administrator to edit package parameters such as Name and Description and/or to upload an alternative or updated.msi file Adding a Package to Comodo Endpoint Security Manager To add a package to Comodo Endpoint Security Manager: Open the 'Package Manager' window using any of the methods outlined earlier. Click the 'Add New Item' Icon (highlighted below). 134

135 This will open the 'Add New Package' dialog (shown below). At this stage, you should create an appropriate Name and (optional) Description for the Package you are about to upload. Next, click the ellipsis button to the right of the 'MSI File:' field (highlighted above). This will open the standard Windows file browser: 135

136 Browse to the local or network location to which you have saved Comodo.msi files. Select the appropriate file and click 'OK'. This will return you to the 'New Package' dialog where the filename of the.msi file will now be displayed in the 'MSI File:' field. Click the 'Save' button to confirm and save your new package: The newly created Package will be listed alongside any other packages in the 'Package Manager' window: 136

137 Once the Package' has been created, it can be specified as the 'Installation Parameter' of an 'Install' or 'Uninstall' Action in 'Sequence' of Actions using the 'Sequence Manager' dialog: Note on 'partial' installation options for Comodo Internet Security Administrators have the option to install only the firewall or only the antivirus components of Comodo Internet Security (CIS). This is done by typing a small command into the 'Arguments' field in the 'Installation Parameters' pane whilst configuring a Sequence with the 'Install Package' Action with CIS as the package to be installed. 137

..) on the right end of the Arguments Field and typing the command in the Command Line Arguments text dialog: To install Firewall and Defense+ BUT NOT

138 To effect one of the options above, the administrator needs to enter a small command into the 'Arguments' field. The command can be entered by clicking the ellipsis button (...) on the right end of the Arguments Field and typing the command in the Command Line Arguments text dialog: To install Firewall and Defense+ BUT NOT Antivirus - type INSTALLFIREWALL=1 INSTALLANTIVIRUS=0 To install the full CIS suite (Antivirus, Firewall and Defense+) - type INSTALLFIREWALL=1 INSTALLANTIVIRUS=1 To install the Antivirus only, simply leave the argument field empty (do not type anything - this is the default setting) 138

Managed Products Update Tool The Managed Products Update Tool enables administrators to quickly manage and

139 After installing CIS, Administrators must then configure the software on endpoint machines by creating and running a Task with a Sequence containing a 'CIS Set Config' Action or a 'CIS Set Predefined Config' Action. Managed Products Update Tool The Managed Products Update Tool enables administrators to quickly manage and update their CESM software Packages. To access the tool click 'Update Products' from the 'Package Manager' window. 139

140 Selecting the Package and clicking 'Update' will automatically update the Package that has been uploaded to CESM. The administrator can then install the updated package to the endpoints by executing the Product Installation Wizard. 3.7 The Discovery Profiles Window Note: In terms of understanding, 'Discovery Profiles' are heavily dependent on an understanding of CESM 'Actions' and 'Sequences'. If they haven't done so already, Comodo advises administrators to familiarize themselves with Actions and Sequences before reading this section. A Discovery Profile is an Action that fetches data about Managed computers in a network and returns that information to the CESM console. Armed with this data, administrators can make informed decisions about the configuration policy that they wish to take on those Managed computers - including Windows Service control, the installation or uninstallation of packages and the configuration of Comodo applications such as Comodo Internet Security and Comodo Disk Encryption. For example, the Installed Packages Discovery Profile will inform the administrator as to which Packages were installed on the machine at the time the Action was run (including any 3 rd party.msi packages). The administrator can then quickly uninstall any one of those packages from that machine by right clicking, selecting 'Create Sequence'; saving this Sequence as a Task and running the Task on that machine or multiple machines in the network. The 'OS Version' Discovery Profile could be used to determine which version of a Package the administrator should install on a Managed computer. Clicking on a specific 'Discovery Profile' listed in the 'Discovery Profiles' window is firstly a convenient way of viewing all Managed computers in the network that have had that Profile executed on them. Secondly, and more importantly, it allows you to quickly access the data recovered by that Profile for the machine in question and use that data as a basis for new Sequences to be implemented on Managed computers. CESM includes the following discovery profiles: Discovery Profile Name Prerequisites for viewing data Clicking on this Discovery Profile in the 'Discovery Profiles' Window will show you: OS Version A 'Task' must have been run on at least one machine with a 'Sequence' that contained : A list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'OS Version' has been run and the time it was run. 140

141 Discovery Profile Name Prerequisites for viewing data Action = 'Discover Data' + Clicking on this Discovery Profile in the 'Discovery Profiles' Window will show you: To the right of this list of computers is the results panel which displays the operating system present on the selected machine at the time the Action was run. Discovery Parameter = 'OS Version'' System Information Windows services list A 'Task' must have been run on at least one machine with a 'Sequence' that contained: Action = 'Discover Data' + Discovery Parameter = 'System information' To the right of this list of computers is the results panel which displays the hardware details like the processor type and system memory capacity and software details like version of OS, of the selected machine. A 'Task' must have been run on at least one machine with a 'Sequence' that contained : A list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'Windows Services' has been run and the time it was run. Action = 'Discover Data' To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will display the Name, State and Type of all services present on the machine at the time the Action was run. + Discovery Parameter = 'Windows Services List' Installed products A 'Task' must have been run on at least one machine with a 'Sequence' that contained : Right clicking on any one of these services will allow the administrator to quickly create a new 'Sequence' containing a 'Control Service' Action that can be used to stop, start, pause or continue that service. This Sequence can then be used as part of a Task which can be deployed on that individual machine or across multiple machines. Discovery Parameter = 'Installed Product List' A list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'Installed Product List' has been run and the time it was run. To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will display the Name, Version, Publisher, Date (of installation) and Location of all Comodo and 3rd party Packages present on the machine at the time the Action was run. ('Package', in this instance, means 'installed using a.msi installer) Right clicking on any one of these Packages will allow the administrator to quickly create a new 'Sequence' containing an 'Uninstall Package' Action that can be used to remove that Package. This Sequence can then be used as part of a Task which is used to remove the selected Package from that individual machine or multiple machines. A 'Task' must have been run on at least one machine with a 'Sequence' that contained : A list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'File system items list' has been run and the time it was run. Action = 'Discover Data' + File system items list A list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'System information' has been run and the time it was run. Action = 'Discover Data' To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will display + the file system structure of the machine at the time the Action was Discovery Parameter = 'File system run. items list' Right clicking on any one of these structure items will allow the + administrator to quickly create a new 'CIS scan sequence' Input Parameters = 'Depth / Root' containing a 'Run a Scan' Action. Note: Depth = amount of levels to be scanned. 0 is the default value that means all folders and subfolders will be scanned. Root = indicates the directory that will be scanned first. Default value = all drives and directories. You can specify, for example: 141

142 Discovery Profile Name Prerequisites for viewing data Clicking on this Discovery Profile in the 'Discovery Profiles' Window will show you: c:\windows. This means that only drive C and folder Windows (with specified depth) will be scanned. Windows Command A 'Task' must have been run on at least one machine with a 'Sequence' that contained: Action = 'Discover data' + Discovery Profile = 'Windows Command' + A list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'Windows Command' has been run and the time it was run. To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will display the results of the command (e.g. ipconfig) in effect on the machine at the time the action was run. The command line is input as argument to the Discovery Profile 'Windows Command' while creating the sequence. Input Parameters = 'Command' Power Policy A 'Task' must have been run on at least one machine with a 'Sequence' that contained: Action = 'Discover Data' + Discovery Parameter = Power Policy A list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'Power Policy'' has been run and the time it was run To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will display the power scheme in effect on the machine at the time the action was run. The power scheme parameters are: Turn off Monitor : <after X period of time> Turn off Hard Disks : <after X period of time> System Standby : <after X period of time> System Hibernates : <after X period of time> Administrators can set any of the parameters above on any machine(s) by specifying a 'Set Power Policy' Action during the creation of a Sequence when creating a Task. Windows process list Screenshot A 'Task' must have been run on at least one machine with a 'Sequence' that contained: Action = 'Discover Data' + Discovery Parameter = 'Windows process list' A 'Task' must have been run on at least one machine with a 'Sequence' that contained: Action = 'Discover Data' + Discovery Parameter = 'Screenshot' A list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'Windows Process list'' has been run and the time it was run To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will display the list of Windows processes running at the time the action was run. A list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'Screenshot' has been run and the time it was run To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will display the screenshot of the computer desktop at the time the action was run. The administrators can know the current details of the endpoint like currently running applications from the screenshot. System statistics A 'Task' must have been run on at least one machine with a 'Sequence' that contained: Action = 'Discover Data' + Discovery Parameter = 'System A list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'System statistics' has been run and the time it was run To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will display the 'System Statistics result window' for the computer selected from 142

143 Discovery Profile Name Prerequisites for viewing data statistics' Clicking on this Discovery Profile in the 'Discovery Profiles' Window will show you: the list of computers. The System statistics result window provides system information like Operating System, User, Domain etc. Hardware information, number of currently running processes, Desktop resolution etc. of the selected computer. Users list CIS Config A 'Task' must have been run on at least one machine with a 'Sequence' that contained: Action = 'Discover Data' + Discovery Parameter = 'Users list' A list of the names of all the end users of the endpoint computer upon which a 'Discover Data' Action with the Discovery Profile'Users list'' has been run. A 'Task' must have been run on at least one machine with a 'Sequence' that contained : A list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'CIS Config' has been run and the time it was run. To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will display the list of all the end-users of the end-point. Action = 'Discover Data' To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will open a + window which displays the various configuration settings that were Discovery Parameter = 'CIS Config' in use on that installation of the application at the time the Action was run. Clicking 'File > Save As' at the top left of this window will allow the administrator to save this configuration setting as an.xml file. This.xml file can then be loaded as the basis of a new 'Sequence' containing the 'CIS Set Config' Action. This Sequence can then be used as part of a Task to roll out those settings across multiple machines. Alternatively, having decided this discovered profile is a good 'start' point, the administrator may wish to change only one or two of the settings when defining the Sequence and implement the new configuration across the entire network. CIS - Quarantined Items A 'Task' must have been run on at least one machine with a 'Sequence' that contained : Action = 'Discover Data' + Discovery Parameter = 'CIS Quarantined Items' CIS - Firewall Log A list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'CIS Quarantined Items' has been run and the time it was run. To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will display the Location, Date and Name of all items in quarantine present on the machine at the time the Action was run. Right clicking on any one of these quarantined items will allow the administrator to quickly create a new 'Remove from quarantine...' or 'Restore from quarantine...' sequence containing these actions. A 'Task' must have been run on at least one machine with a 'Sequence' that contained : A list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'CIS Firewall Log' has been run and the time it was run. Action = 'Discover Data' To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will display the Application, Protocol, Source IP, Destination IP, Action, Date and Details of all firewall events present on the machine at the time the Action was run. + Discovery Parameter = 'CIS Firewall Log' + Note: Input Parameters = 'Count/From date/to date' Count = specifies a number of rows in the log list; From date = specifies the start of a time period for collecting logs; To date = specifies the end of a time period for collecting logs. 143

144 Discovery Profile Name Prerequisites for viewing data CIS - Defense+ Log A 'Task' must have been run on at least one machine with a 'Sequence' that contained : Action = 'Discover Data' + Discovery Parameter = 'CIS Defense+ Log' + Input Parameters = 'Count/From date/to date' CIS - AntiVirus Log Clicking on this Discovery Profile in the 'Discovery Profiles' Window will show you: A list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'CIS Defense+ Log' has been run and the time it was run. To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will display the Target, Date, Application and Action of all Defense+ events present on the machine at the time the Action was run. Note: Count = specifies a number of rows in the log list; From date = specifies the start of a time period for collecting logs; To date = specifies the end of a time period for collecting logs. A 'Task' must have been run on at least one machine with a 'Sequence' that contained : A list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'CIS AntiVirus Log' has been run and the time it was run. Action = 'Discover Data' To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will display the Status, Location, Date, Malware Name, and Action of all antivirus events present on the machine at the time the Action was run. + Discovery Parameter = 'CIS AntiVirus Log' + Note: Input Parameters = 'Count/From date/to date' Count = specifies a number of rows in the log list; From date = specifies the start of a time period for collecting logs; To date = specifies the end of a time period for collecting logs. CIS - Infected Items A 'Task' must have been run on at least one machine with a 'Sequence' that contained : Action = 'Discover Data' + Discovery Parameter = 'CIS Infected Items' CIS - Trusted Vendors A 'Task' must have been run on at least one machine with a 'Sequence' that contained : Action = 'Discover Data' + Discovery Parameter = 'CIS Trusted Vendors' A list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'CIS - Update URL' has been run and the time it was run. To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will display a list of files identified as infected by CIS in the computer selected in the left hand pane. A list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'CIS - Trusted Vendors' has been run and the time it was run. To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will display a Trusted Vendor List (TVL) created for the computer selected from the list of computers. This is useful for the administrator to know the current TVL and decide on addition or deletion of entries to the list. CIS - Safe Files List A 'Task' must have been run on at least one machine with a 'Sequence' that contained : Action = 'Discover Data' + Discovery Parameter = 'CIS - Safe Files List' A list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'CIS - Safe Files List' has been run and the time it was run. To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will display a list of safe files created for the computer selected from the list of computers. This is useful for the administrator to know the current list of safe 144

145 Discovery Profile Name Prerequisites for viewing data Clicking on this Discovery Profile in the 'Discovery Profiles' Window will show you: files and decide on addition or deletion of entries to the list. CIS - Update Hosts List A 'Task' must have been run on at least one machine with a 'Sequence' that contained : Action = 'Discover Data' + Discovery Parameter = 'CIS Update Hosts List' CDE - Config A 'Task' must have been run on at least one machine with a 'Sequence' that contained : Action = 'Discover Data' + Discovery Parameter = 'CDE Config' A list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'CIS - Update Hosts List' has been run and the time it was run. To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will open the Host List Editor dialog that displays a list of local update hosts specified for the respective computer to download the AV database for CIS. A list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'CDE Config' has been run and the time it was run. To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will open the Comodo Disk Encryption Config dialog which displays various configuration settings that were in use on that installation of the CDE at the time the Action was run. Having decided this discovered profile is a good 'start' point, the administrator may wish to change only one or two of the settings when defining the Sequence and implement the new configuration across the entire network Opening the Discovery Profiles Window Administrators can open the 'Discovery Profiles' window in the following ways: Via the File Menu. Select ' View > Discovery Profiles' to open the 'Discovery Profiles' window. Via the shortcut toolbar button: Icon to access 'Discovery Profiles' tab Via keyboard shortcut. Press 'CTRL + ALT + D' to open the 'Discovery Profiles' window. Via context menu or 'Computers' window. Once opened, the 'Discovery Profiles' window enables administrators to view discovered data for selected type of profile. Once opened, the 'Discovery Profiles' window enables administrators to view discovered data for selected type of profile. 145

146 Window Specific Controls - Discovery Profiles Menu Element Element Icon Description Refresh Updates profiles' list Open Discovered Data Enables the user to view profiles of the selected Managed workstation. Right clicking on any of four profiles listed in the 'Discovery Profile' window will open a context sensitive menu that allows further actions to be carried out: 'Discovery Profile' Context Sensitive Menu - Table of parameters Action's name Description Refresh Updates the information about profiles listed. Open Discovered data Enables the administrator to view discovered data for selected type of profile. Allows the administrator to create a new sequence: Create Discovery Sequence An 'Uninstall Package' sequence can be quickly created from the context sensitive menu if the 'Installed Products List' Discovery Profile is selected. A 'Control Windows Service' sequence can be quickly created from the context sensitive menu if the 'Windows service list' Discover Profile is selected. A 'Set CIS config' sequence can be quickly created from the context sensitive menu if the 'CIS' Discovery Profile is selected. A 'Restore/Remove from quarantine' sequence can be quickly created from the context sensitive menu if the 'CIS - Quarantined Items' is selected. 'OS Version' Profile The 'OS Version' discovery profile allows administrators to establish which operating system is installed on a target computer (or group of computers). Clicking 'OS Version' in the 'Discovery Profiles' window will open a list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'OS Version' has been run and the time it was run. 146

To the right of this list of computers is the results panel which displays the operating system present on the selected machine at the time the Action was run. 3.7.

147 To the right of this list of computers is the results panel which displays the operating system present on the selected machine at the time the Action was run 'System Information' Profile The 'System information' discovery profile allows administrators to find the hardware details like processor type and system memory capacity and software details like version of the OS of target computer (or group of computers). Clicking 'System information' in the 'Discovery Profiles' window will open a list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'System information' has been run and the time it was run. To the right of this list of computers is the results panel which displays the hardware and software details of the selected machine 'Windows Services' Profile The 'Windows Services List' discovery profile allows the administrator to view (and subsequently create a Sequence to control) the list of Windows services registered on a target computer. Clicking on 'Windows Services List' in the 'Discovery Profiles' window will open a list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'Windows Services' has been run and the time it was run. This list contains name, status and control abilities. 147

To the right of this list of computers is the results panel containing the 'Services List' for that particular machine. Clicking the ellipsis button (.

148 To the right of this list of computers is the results panel containing the 'Services List' for that particular machine. Clicking the ellipsis button (... ) on the right hand side of this panel will display the Name, State and Type of all services present on the machine at the time the Action was run (see below). Right clicking on any one of these services will allow the administrator to quickly create a new 'Sequence' containing a 'Control Service' Action that can be used to stop, start, pause or continue that service. This Sequence can then be used as part of a Task which can be deployed on that individual machine or across multiple machines 'Installed Products' Profile The Installed MSI packages discovery profile allows the administrator to view which programs are present on a target computer or computers that have been installed with the Windows installer (.msi). Clicking on 'Installed Products' in the 'Discovery Profiles' window will show a list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'Installed Product List' has been run and the time it was run. 148

To the right of this list of computers is the results panel containing the 'Products List' (those.msi packages on that particular machine). Clicking the ellipsis button (.

149 To the right of this list of computers is the results panel containing the 'Products List' (those.msi packages on that particular machine). Clicking the ellipsis button (... ) on the right hand side of this panel will display the Name, Version, Publisher, Date (of installation) and Location of all Comodo and 3rd party Packages present on the machine at the time the Action was run. ('Package', in this instance, means 'installed using a.msi installer). Right clicking on any one of these Packages will allow the administrator to quickly create a new 'Sequence' containing an 'Uninstall Package' Action that can be used to remove that Package. This Sequence can then be used as part of a Task which is used to remove the selected Package from that individual machine or multiple machines 'File System Items List' Profile The 'File system items list' Profile allows the administrator to view (and subsequently create a Sequence to control) the current file system on a particular machine. Clicking 'File system items list' in the 'Discovery Profiles' window will display a list of file system items of all computers upon which a 'Discover Data' Action with the Discovery Profile 'File system items list' has been run and the time it was run. 149

150 To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will display the file system structure of the machine at the time the Action was run. Right clicking on any one of these structure items will allow the administrator to quickly create a new 'CIS scan sequence' containing an 'Run a Scan' Action. Note: Depth = amount of levels to be scanned. 0 is the default value that means all folders and subfolders will be scanned. Root = indicates the directory that will be scanned first. Default value = all drives and directories. You can specify for example: c:\windows. This means that only drive C and folder Windows (with specified depth) will be scanned 'Windows Command' Profile The 'Windows Command' Profile allows the administrator to view the results of the command line tasks (e.g. ipconfig) executed on a particular machine. Clicking 'Windows Command' in the 'Discovery Profiles' window will display a list of all computers upon which a 'Discover Data' Action with the Discovery Profile 'Windows Command' has been run and the time it was run. 150

151 To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will display the results of the command line task executed on the machine at the time the Action was run 'Power Policy' Profile The 'Power Policy' Profile allows the administrator to view the power scheme in effect on a particular machine. Clicking 'Power Policy' in the 'Discovery Profiles' window will display a list of all computers upon which a 'Discover Data' Action with the Discovery Profile 'Power Policy' has been run and the time it was run. 151

152 To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will display the power scheme in effect on the machine at the time the action was run. The power scheme parameters are: Turn off Monitor : <after X period of time> Turn off Hard Disks : <after X period of time> System Standby : <after X period of time> System Hibernates : <after X period of time> Administrators can set any of the parameters above on any machine(s) by specifying a 'Set Power Policy' Action during the creation of a Sequence when creating a Task 'Windows Process List' Profile The 'Windows process list' Profile allows the administrator to view the list of Windows processes currently running in a particular machine. Clicking 'windows process list' in the 'Discovery Profiles' window will display a list of all computers upon which a 'Discover Data' Action with the Discovery Profile 'Windows processes list' has been run and the time it was run. 152

153 To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will display the list of Windows processes running at the time the action was run 'Screenshot' Profile The 'Screenshot' Profile allows the administrator to view the current desktop screenshot of a particular machine. Clicking 'Screenshot' in the 'Discovery Profiles' window will display a list of all computers upon which a 'Discover Data' Action with the Discovery Profile 'Screenshot' has been run and the time it was run. 153

154 To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will display the screenshot of the computer desktop at the time the action was run. The image can be resized/zoomed using the controls at the menu bar 'System Statistics' Profile The 'System Statistics' Profile allows the administrator to view the details of a particular endpoint machine. It gives system information like the Operating System installed, Registered User, Workgroup/Domain to which the machine is connected, Hardware information, number of currently running processes, desktop resolution etc. Clicking 'System Statistics' in the 'Discovery Profiles' window will display a list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'System Statistics' has been run and the time it was run. 154

The System statistics result window provides system information like Operating System, User, Domain etc.

155 To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will display the System statistics result window. The System statistics result window provides system information like Operating System, User, Domain etc. Hardware information, number of currently running processes, Desktop resolution etc. of the selected computer 'Users List' Profile The 'Users List' Profile allows the administrator to view the list of end-users who could log-on to a particular endpoint machine. 155

.. ) on the right hand side of this panel will display the list of end-users of the computer. 3.7.

156 Clicking 'Users List' in the 'Discovery Profiles' window will display a list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'Users List' has been run and the time it was run. To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will display the list of end-users of the computer 'CIS Config' Profile The 'CIS Config' Profile allows the administrator to view the current configuration settings of Comodo Internet Security on a particular machine. Clicking 'CIS Config' in the 'Discovery Profiles' window will display a list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'CIS Config' has been run and the time it was run. 156

157 To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will open the 'Settings Editor' which displays the various configuration settings that were in use on that installation of the firewall at the time the Action was run: Clicking 'File > Save As' at the top left of this window will allow the administrator to save this configuration setting as an.xml file. This.xml file can then be loaded as the basis of a new 'Sequence' containing the 'CIS Set Config' Action. This Sequence can then be used as part of a Task to roll out those settings across multiple machines. Alternatively, having decided this discovered profile is a good 'start' point but is in need of tweaking, the administrator change one or two of the settings when defining the Sequence and implement the new configuration across the entire network. 157

158 Example: Using 'CIS Config' Discovery Profile to roll out an existing CIS Configuration onto other machines. Note: The process outlined below describes a specific situation whereby the administrator needs to copy and re-deploy a preexisting CIS configuration (or copy it in large but with minor tweaks). To set and deploy a brand new CIS configuration on networked computers, administrators should skip straight to step 3. If you currently have a computer with CIS installed and wish to copy and re-deploy that CIS configuration on other computers in the network: 1. Open the Discovery Profiles window, select the 'CIS Config profile. Choose the machine that has the CIS configuration you wish to use and click the ellipsis (...) button to the right of the 'Discovery Data' panel. 2. This will open the CIS 'Settings Editor' which displays the configuration settings in use on that machine at the time the Discovery Profile Action was run. Click 'File > Save As...' from the file menu in this window and save these configuration settings to a local or network drive as an.xml file. Note - you cannot alter the configuration of these settings yet. If you desire to reconfigure these settings, then this is done during the next stage - creating a 'Set CIS Config' Sequence. 3. Next, open the 'Sequence Manager' and click the 'Action' and click 'Add'. icon to create a new Sequence. Select 'CIS Set Config' as the 4. At the 'Config Parameters' panel, click the ellipsis (...) button. This will open the CIS 'Settings Editor' window. As you wish to roll out the settings from the computer whose 'CIS Config' discovery profile you saved in step 2., you should now click 'File > Open' at the file menu and browse to this saved.xml file. At this stage, administrators should make any configuration changes they wish to implement. Click 'OK' at the bottom of the 'Settings Editor' when finished. 5. You will now be returned to the 'Sequence' configuration dialog. The 'Config Parameters' for CIS have been set in the step 4. Supply a Name and Description for the Sequence and Save the sequence. 6. To roll the configuration out to network computers, you now need to create a task that includes the Sequence you created in steps 3 and 4. Open the Tasks manager window and click the icon to create a new Task. To the right of the 'Sequence' field there is an ellipsis button (...) which will allow you to choose the Sequence you saved in step 4. After providing a Name and Description for the sequence, choose the target computers using the 'Computer' or 'Groups' selection windows in the lower half of the Task editing dialog. If you want to run this task at a later time, configure your preferences in the 'Schedule' tab. Save the task. 7. Open 'Task Manager'. You can run this task immediately by right clicking on the Task name and selection 'Execute' from the context sensitive menu. Alternatively, you may wish to schedule this task to run at a later time 'CIS - Quarantined Items' Profile The 'CIS - Quarantined Items' discovery profile allows the administrator to view and monitor (and subsequently create a Sequence to control) the list of quarantined items detected on a target computer. Clicking on 'CIS - Quarantined Items' in the 'Discovery Profiles' window will open a list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'CIS - Quarantined Items' has been run and the time it was run. This list contains name, status and control abilities. 158

159 To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will display the Location, Date and Name of all items in quarantine present on the machine at the time the Action was run. Right clicking on any one of these quarantined items will allow the administrator to quickly create a new 'Remove from quarantine...' or 'Restore from quarantine...' sequence containing these actions 'CIS - Firewall Log' Profile The 'CIS Firewall Log' discovery profile allows the administrator to view the list of firewall log of events that took place on a target computer. Clicking on 'CIS Firewall Log' in the 'Discovery Profiles' window will open a list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'CIS Firewall Log' has been run and the time it was run. This list contains name, status and control abilities. 159

160 To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will display the Destination IP, Source IP, Date, Destination Port, Source Port and Action of all firewall events present on the machine at the time the Action was run 'CIS - Defense+ Log' Profile The 'CIS - Defense+ Log' discovery profile allows the administrator to view the list of defense+ log of events that took place on a target computer. Clicking on 'CIS Defense+ Log' in the 'Discovery Profiles' window will open a list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'CIS Defense+ Log' has been run and the time it was run. This list contains name, status and control abilities. 160

161 To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will display the Target, Date, Application and Action of all Defense+ events present on the machine at the time the Action was run 'CIS - AntiVirus Log' Profile The 'CIS - AntiVirus Log' discovery profile allows the administrator to view the list of antivirus log of events that took place on a target computer. Clicking on 'CIS AntiVirus Log' in the 'Discovery Profiles' window will open a list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'CIS AntiVirus Log' has been run and the time it was run. This list contains name, status and control abilities. 161

162 To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will display the Status, Location, Date, Malware Name, and Action of all antivirus events present on the machine at the time the Action was run. 162

163 'CIS - Infected Items' Profile The 'CIS - Infected items' Profile allows the administrator to view the a list of files identified as infected by CIS in a particular machine. Clicking 'CIS - Infected items' in the 'Discovery Profiles' window will display a list of all computers upon which a 'Discover Data' Action with the Discovery Profile 'CIS - Infected items' has been run and the time it was run. To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will open a Infected items dialog which displays a list of files identified as infected by CIS in the computer selected in the left hand pane. 163

164 'CIS - Trusted Vendors' Profile The 'CIS - Trusted Vendors' Profile allows the administrator to view the Trusted Vendor List created for/maintained in a particular machine. Clicking 'CIS Trusted Vendors' in the 'Discovery Profiles' window will display a list of all computers upon which a 'Discover Data' Action with the Discovery Profile 'CIS Trusted Vendors' has been run and the time it was run. To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will open the 'Trusted Vendor List Editor' dialog, with a list of Trusted Vendors created for the particular computer. 164

165 'CIS - Safe Files' List The 'CIS - Safe Files List' Profile allows the administrator to view the list of safe files created for/maintained in a particular machine. Clicking 'CIS - Safe Files List' in the 'Discovery Profiles' window will display a list of all computers upon which a 'Discover Data' Action with the Discovery Profile 'CIS - Safe Files List' has been run and the time it was run. To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will open the 'Safe Files List Editor' dialog, with a list of Safe Files created for the particular computer. 165

166 CIS - Update Hosts List The 'CIS - Update Hosts List' discovery profile allows the administrator to view the list of Update URLs specified for downloading the AntiVirus database on a target computer. Clicking on 'CIS - Update Hosts List' in the 'Discovery Profiles' window will open a list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'CIS Update Hosts List' has been run and the time it was run. This list contains name and Discovered time. To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will open the 'Host List Editor' dialog which displays the list of update urls/ip addresses specified for the target computer at the time the Action was run: 166

167 'CDE - Con fig' Profile The 'CDE Config' Profile allows the administrator to view the current configuration settings of Comodo Disk Encryption on a particular machine. Clicking 'CDE Config' in the 'Discovery Profiles' window will display a list of the names of all computers upon which a 'Discover Data' Action with the Discovery Profile 'CDE Config' has been run and the time it was run. To the right of this list of computers is the results panel. Clicking the ellipsis button (... ) on the right hand side of this panel will open the 'Comodo Disk Encryption Config dialog' which displays the various configuration settings that were in use on that installation of the Comodo Disk Encryption at the time the Action was run: The Administrator can change the settings or use these settings for rolling out to a different machine by creating a Sequence of Actions containing CDE - Config, configure the settings as shown in this dialog, creating a task with the generated sequence and executing on the required target machine. 3.8 The Sequence Manager Window A Sequence is one of the most important concepts in CESM. A Sequence is a set of Actions that will be executed in a Task. Once created, a Sequence (of Actions) is added to a Task and the Task is executed on a list of Managed computers or group of Managed computers. The Administrator can create, manage, delete, edit Sequences via the 'Sequence Manager'. A Task cannot be created or executed without a Sequence being added to that Task. A Sequence is composed of one or more Actions. Actions are the commands that are carried out on Managed Computers. Multiple Actions can be chained sequentially in a Sequence in order to carry out complex task sets. Actions in a Sequence are executed consecutively from the top of the list down. If any Action in a Sequence fails then this acts as a roadblock and all subsequently listed Actions will not be performed. 167

168 Once a Sequence has been created it can be added to a Task. Tasks are then deployed on the target computer or groups of computers. Any Sequence can be used in more than one Task should the administrator require Opening the Sequence Manager Window Administrators can open the 'Sequence Manager' window in the following ways: Via the File Menu. Select ' View > Sequence Manager' to open the 'Sequence Manager' window. Via the shortcut toolbar button: Icon to access 'Sequence Manager' tab Via keyboard shortcut. Press 'CTRL + ALT + S' to open the 'Sequence Manager' window: Sequence Manager - Window Specific controls Menu Element Element Icon Description Add Enables the user to add a new Sequence to the list. Opens the 'Add New Sequence' dialog. Delete Deletes the selected Sequence Edit Enables the administrator to edit the Sequence's parameters such as Name and Description and/or component Actions. Refresh Updates the list of displayed Sequences to reflect changes such as newly added sequences; removed sequences or modifications to existing Sequences. Right clicking on any sequence listed in the 'Sequence Manager' window will open a context sensitive menu that allows further configuration: 168

'Sequence Manager' Context Sensitive Menu - Table of parameters Action's name Description Add... Enables the user to add a new Sequence to the list. Opens the 'Add New Sequence' dialog.

169 'Sequence Manager' Context Sensitive Menu - Table of parameters Action's name Description Add... Enables the user to add a new Sequence to the list. Opens the 'Add New Sequence' dialog. Delete Allows the user to delete the Sequence. Create Task Allows the user to create a CESM 'Task' based on the selected 'Sequence'. Refresh Updates the list of displayed Sequences to reflect changes such as newly added sequences; removed sequences or modifications to existing Sequences. Edit Enables the administrator to edit the Sequence's parameters such as Name and Description and/or component Actions Creating a Sequence and Adding Actions to that Sequence Prerequisites. Because all Sequences of Actions are ultimately deployed onto networked computers via a CESM Task, administrators are advised to first: Ensure that all Network Structures have been imported and that target computers have 'Managed' status and have the CESM Remote Agent Installed. See 'Computers' and 'Group Manager' Windows for more details. See Importing Network Structures for a tutorial explaining how to import a Network Structure. The appropriate Comodo Packages (or third party packages) have been uploaded to the CESM Administrative interface. To create a new Sequence: Open the 'Sequence Manager' window using one of the methods outlined earlier. At the Sequence Manager window, click the green 'Add' symbol (shown below). 169

This will open the 'New Sequence' tab: The following table contains more detailed descriptions of each of the Actions available within a Sequence.

170 This will open the 'New Sequence' tab: The following table contains more detailed descriptions of each of the Actions available within a Sequence. Table of Actions - Definitions and Usage Action name Reboot the computer Description Adding this Action to a sequence will reboot the target computer or group of computers. Note - in most cases it will not be necessary for you to add this Action as the CESM will automatically reboot the machine when required then resume with the rest of the Sequence (e.g. For example, if you wanted to install both CIS and CDE you would not need to add a 'reboot' Action. The process would be 'Install CIS - CIS Installer will reboot the machine - After reboot, the Sequence will resume with the installation of CDE) Required Parameters: Shutdown Timeout. You should set actual reboot delay in seconds. This action show different behaviors depending on whether or not the user is logged in to the endpoint. For more details, refer to Appendix 3 - Behavior of Actions When No User is Logged in. Install package This Action enables the administrator to install a Comodo (or 3rd party).msi or.exe packages onto the target computers or group of computers (for example, this Action would be used to install the Comodo Internet Security or Comodo Disk Encryption packages). This Action can only be executed if the appropriate CESM 'Package' has been uploaded to the interface. See the section The Package Management Window for more details on how to upload packages. Required Parameters: 170

171 Table of Actions - Definitions and Usage Action name Description Execute Under.. Account - Account under which the install action is run Local system - default. Currently logged user - If a user with installation privileges is logged into the local machine it is possible to initiate a.exe installation remotely and the installer interface will be shown to this user Custom account - you need to login and password manually. Miscellaneous Allow Reboot - The administrator can choose between allowing the endpoint computer to reboot immediately (if required) on completion of the installation process by selecting the value 'True' or to reboot at a later time (with a 10 minutes delay) by selecting value 'False'. Note: If the user has logged in to the endpoint at the time of execution of this action, the endpoint will be rebooted after getting confirmation from the user. Else, the endpoint will be rebooted immediately on execution of this action. For more details, refer to Appendix 3 Behavior of Actions When No User is Logged in. Parameters Package - The name of the.msi package needs to be selected by the administrator. Available packages can be chosen from a drop-down list and include products such as Comodo Internet Security (CIS) and Comodo Disk Encryption (CDE). See 'Adding a new package' for more details. Arguments - Certain packages have additional installation options that can be implemented by modifying the 'Arguments' field. For example, administrators have the option to install only the firewall or only the antivirus components of Comodo Internet Security (CIS). To effect one of the options above, the administrator needs to type a small command directly into the 'Arguments' field: To install Firewall and Defense+ BUT NOT Antivirus - type INSTALLFIREWALL=1 INSTALLANTIVIRUS=0 To install the full CIS suite (Antivirus, Firewall and Defense+) - type INSTALLFIREWALL=1 INSTALLANTIVIRUS=1 To install the Antivirus only, simply leave the argument field empty (do not type anything - this is the default setting) Important Note: Package configuration - Even though a Package such as CIS has been installed on an endpoint machine, it is not operational until the Administrator has pro-actively deployed a configuration onto that installed Package. If you used the 'Install Packages' wizard to deploy CIS then you will have already have deployed one of these profiles and can skip this section. If you 'manually' installed using the 'Install Package' Action as part of a Task then you should read the rest of this section. Setting up a Package to run on an endpoint machine is a two stage process of (1) Installation then (2) Activation. Activation is implemented by setting the configuration of the software using a CIS - Set Predefined Config Action or a CIS - Set Config Action on the target machine after installation has been carried out. There are two basic approaches for doing this based on Administrator preference: 1. Deploy one of the Comodo predefined configurations onto the machine. Administrators can create and deploy a Sequence containing a 'CIS - Set Predefined Config' Action. The specifications of these predefined configurations are outlined later in this table in the 'CIS Set Predefined Config' row. 171

172 Table of Actions - Definitions and Usage Action name Description The type of profile that an Administrator may wish to deploy is dependent on the type of installation that was chosen (e.g. Firewall only, AV only or full suite). See The Package Management Window > Note_on_partial_installation_options for more details regarding installation options. 2. Retrieve and redeploy a configuration that is already in operation on another machine. Administrators can do this by running a Task containing a Sequence with the 'CIS Config' Discovery Profile' Action on the machine which has the the configuration they wish to copy. This configuration can then be modified or tweaked (optional) and exported to a.xml file. This.xml can then be imported as the parameters of a new 'Set CIS Config' Action in a new Sequence. For a tutorial of this process, see: Example: Using 'CIS Config' Discovery Profile to roll out an existing CIS configuration onto other machines. See 'CIS - Set Predefined Config' for an explanation of available configuration presets for Comodo Internet Security. Administrators can implement customized settings by configuring and deploying the 'CIS - Set Config' action. Tip: The administrator can deploy a preset configuration during installation as a one stage process by using the Products Installation Wizard. The wizard is accessible by clicking the link 'Install Package' from the 'Start Page' or by clicking 'Tools' > 'Install Products' from the menu bar. Click here for more details on the wizard. Comodo Disk Encryption can be configured via the 'CDE - Set Configuration' action. Note: Some.msi packages may require the machine to be rebooted in order to complete the installation. Where this is the case, administrators should add the 'Reboot the Computer' as the last Action in the Sequence. Uninstall package Enables the administrator to uninstall Comodo (or 3rd party).msi or.exe packages from a target computer or group of computers (for example, this command would be used to uninstall Comodo Internet Security prior to installation of an updated package. Alternatively, it could also be used to uninstall other, 3rd party, applications that are deemed surplus to requirements.) Recommendations: Before running this Action, it is advisable that the administrator first establish which version of the package(s ) are installed on a target machine by running a Task containing a Sequence with an 'Installed Packages Discovery Profile' on the machine. For more details, see 'Discover Data' Action and section 'Discovery Profiles' Window. Execute Under.. Account - Account under which the install action is run Local system - default. Currently logged user - If a user with installation privileges is logged into the local machine it is possible to initiate the uninstallation remotely and the installer interface will be shown to this user Custom account - you need to login and password manually. Miscellaneous Allow Reboot - The administrator can choose between allowing the endpoint computer to reboot immediately (if required) on completion of the installation process by selecting the value 'True' or to reboot at a later time by selecting value 'False'. Note: If the user has logged in to the endpoint at the time of execution of this action, the endpoint will be rebooted after getting confirmation from the user. Else, the endpoint will be rebooted immediately on execution of this action. For more details, refer to Appendix 3-172

173 Table of Actions - Definitions and Usage Action name Description Behavior of Actions When No User is Logged in. Parameters Control Windows service Behavior - specifies the type of uninstallation process Uninstall by Product Code - unique for current msi files ID used to uninstall Product by Package Code - The package code is a GUID identifying a particular Windows Installer package. The package code associates an.msi file with an application or product and can also be used for the verification of sources. The product and package codes are not interchangeable. For details, see Product Codes. Package by.msi file - uses the stored.msi file to uninstall the product Product by Upgrade Code - The UpgradeCode property is a GUID representing a related set of products. The UpgradeCode is used in the Upgrade Table to search for related versions of the product that are already installed. Product by uninstall string - can be used to deinstall *.exe product. Runs *.exe uninstaller. Cannot be finished if uninstaller does not support quiet mode. Package - Administrator should select the package to uninstall The 'Control Windows Service' Action enables the administrator to remotely stop, start, pause or continue a Windows service that is registered as present on a target computer. Recommendations: Before running this Action, it is advisable that the administrator first establish which Windows services have been installed on the target machine by running a Task containing a Sequence with a 'Windows Services List Discovery Profile' on the machine. For more details, see 'Discover Data' Action and section 'Discovery Profiles' Window. Required Parameters: Windows Service Control Set Power Policy Specification of Control Command to be issued to the Windows Service - either 'Start', 'Stop', 'Pause' or 'Continue') Specification of the Name of the Windows service to be controlled by the command. The 'Set Power Policy' Action allows administrators to define a power polices covering four parameters for individual computers or an entire network. Configurable parameters are: Turn off Monitor : <after X period of time> Turn off Hard Disks : <after X period of time> System Standby : <after X period of time> System Hibernates : <after X period of time> Administrators can set any of the parameters above on any machine(s) by specifying a 'Set Power Policy' Action when creating a Task. This Action can be considered especially valuable on larger networks for which an effective power management policy can often lead to substantial savings in 173

174 Table of Actions - Definitions and Usage Action name Description power bill costs and extend the working life of endpoint machine. Send Message Allows the Administrator to define a message that will be sent out to target machines. Messages can be scheduled for a variety of reasons according to the Administrators preferences. Examples include notifications of upcoming system maintenance, reminders about general network policy or the even the resolution of issues that were affecting the endpoints. Administrators can also specify the time period for which the message is displayed. Note: The message will be displayed at the endpoint only if the user has logged in to it. For more details on behavior of actions executed when no user is logged in, refer to Appendix 3 - Behavior of Actions When No User is Logged in. Wake On LAN A Wake on LAN command allows the target computer, group of computers or domain to be turned on (woken up) by a network message. This Action allows the Administrator to issue a Wake on LAN command to selected endpoint machines. Required Parameters: Enhanced power action Port - Specification of the UDP port of the server to broadcast the network message Timeout - Specification of the period to wait till the endpoint is connected, in seconds Allows the Administrator to remotely instruct selected endpoint(s) to shut down, restart, stand by or hibernate. The power control action can be scheduled for a variety of reasons according to the Administrators preferences. For example, the administrator can choose to shut down all or selected computers in the network at a certain time of the day after working hours, leading to substantial savings in power bill costs and extend the working life of endpoint machinery. Required Parameters: Power control parameters Action control - Specification of the power control action to be executed. Can be chosen from Shut down, Restart, Hibernate and Stand By Reboot Parameters Agent Settings Dialog Caption - The message text that is displayed during the shutdown time out period. Default is "CESM has initiated reboot". The administrator can enter customized text to be displayed during the time out period before shutting down the endpoint computer. Force Apps closed - The administrator can choose to close all open applications, including the non-responding applications in the endpoint computer forcibly by setting this value to True during shut down/restart. Default = False. Shutdown Timeout - Administrator should set actual reboot delay in seconds. Allow the Administrator to change the settings of the Agent that is installed on the endpoint machine. This is required if it is necessary to connect the Agent to a different CESM central service server. Required Parameters: Connection settings Server host - Specification of the server host to be connected to. Server port - Specification of the port number of the server host to be connected to. Validate server - The administrator can choose whether or not to validate the server before 174

175 Table of Actions - Definitions and Usage Action name Description connection by selecting between the Boolean values true and false Agent control Allows the administrator to update or uninstall the CESM remote agent from the managed endpoint computer. Required Parameters: General Discover data Action - Administrator can choose between update or uninstall the remote agent at the managed endpoint computer. Force update - Administrator can choose to update the agent to the latest version irrespective of the current version of the agent in the endpoint (even if it is also the latest version) by choosing the value 'True'. Default = False The 'Discover Data' Action allows administrators to collect system information about Managed computers in a network. Once in possession of this data, administrators can make informed decisions about the configuration policy that they wish to take on those Managed computers. Once the 'Discover Data' action has been chosen, the administrator then needs to define the precise nature of the data that should be collected. This is done by selecting a particular 'Discovery Profile' as the parameter of that action. Once a 'Discover Data' action has been run, the information is returned to the CESM console and can be viewed (i) By selecting the specific Discovery Profile in the 'Discovery Profiles' window (ii) By right clicking on an individual Managed computer or CESM Group in the 'Computers' or 'Group Manager' window and selecting 'Open Discovered Data'. CIS - Set Predefined Config The 'CIS - Set Predefined Config' Action allows the administrator to roll out a specific configuration of Comodo Internet Security settings to individual or multiple computers in a network. These predefined configurations can be deployed at any point after the CIS package has been installed on those target machines via a sequence containing the 'Install Package' Action. If you installed CIS 'manually' by using the 'The 'Install Package' Action as part of a Task then you MUST now set the configuration using a 'CIS Set Config' or one of the following 'CIS - Set Predefined Config' Actions in order to make the installed software operational. For a detailed explanation of available options related to setting the configuration of a package, see the 'Important Note in the 'Install Package' row in this table. There are five predefined configurations - one of which must be selected as a parameter of the Action 'CIS - Set Predefined Config when creating a Sequence: COMODO - Endpoint Security - This profile has been especially designed to provide the perfect combination of security and usability for endpoint computers. Firewall is set to Safe mode Defense+ is set to Safe mode Image Execution Control is set to Normal Computer Monitor/Disk/Keyboard/DNS Client access/window Messages are monitored Defense+ is tuned to prevent infection of the system Antivirus is fully enabled Untrusted applications are automatically sandboxed COMODO - Proactive Security - This configuration provides the highest level of protection for endpoint machines by enabling all possible security features within the suite. This profile is recommended if you want to enable the highest security settings. See 'The Package Management 175

176 Table of Actions - Definitions and Usage Action name Description Window' if you would like to read more about Packages. This configuration of CIS implements the following settings: Firewall is set to Safe mode Maximum protection settings for Defense+. All possible protections are activated and all critical COM interfaces and files are protected Antivirus is fully enabled Untrusted applications are automatically sandboxed COMODO - Internet Security - This profile is recommended if you chose to install the full CIS product (both Firewall and Antivirus components) on a target machine while configuring the 'Install Package' Action (more specifically, if you entered 'INSTALLFIREWALL=1 INSTALLANTIVIRUS=1' as the Argument for the CIS package). See 'The Package Management Window' if you would like to read more about Packages. This configuration of CIS implements the following settings: Firewall is set to 'Safe' mode Defense+ is set to 'Safe' mode Image Execution Control is disabled. Computer Monitor/Disk/Keyboard/DNS Client access/window Messages are NOT monitored. Only commonly infected files/folders are protected against infection. Only commonly exploited COM interfaces are protected. Defense+ is tuned to prevent infection of the system. Untrusted applications are automatically sandboxed COMODO - Antivirus Security - Note: 'Antivirus Security' is a legacy profile that will only work with CIS 3.x. If you have CIS 4.x installed then do not use this profile (the task will fail). This profile is recommended if you chose to install only the antivirus component of CIS 3.x on a target machine while configuring the 'Install Package' Action (more specifically, if you left the Argument field blank for the CIS package). See 'The Package Management Window' if you would like to read more about Packages. This configuration of CIS implements the following settings: Optimum protection settings for Defense+ Image Execution Control is disabled. Computer Monitor/Disk/Keyboard/DNS Client access/window Messages are NOT monitored. Only commonly infected files/folders are protected against infection. Only commonly exploited COM interfaces are protected. Defense+ is tuned to prevent infection of the system while creating least number of Defense+ pop-up alerts Antivirus is fully enabled COMODO - Firewall Security - This profile is recommended if you chose to install only the firewall component of CIS on a target machine while configuring the 'Install Package' Action (more specifically, if you entered 'INSTALLFIREWALL=1 INSTALLANTIVIRUS=0' as the Argument for the CIS package). See 'The Package Management Window' if you would like to read more about Packages. This configuration of CIS implements the following settings: Firewall is set to Safe mode Optimum protection settings for Defense+ Image Execution Control checks only applications that are not started manually by the user. Computer Monitor/Disk/Keyboard is NOT monitored. Only commonly infected files/folders are protected against infection. Only commonly exploited COM interfaces are protected. Defense+ is tuned to prevent infection of the system and detect Internet access request leaks even if it is infected. Untrusted applications are not sandboxed. They will still be blocked at the point of execution but will generate a Defense + alert instead of being sandboxed. 176

177 Table of Actions - Definitions and Usage Action name Description Note: Any changes that user has made to Comodo Internet Security settings since installation are in the active profile. If the administrator set a 2nd default profile then, similarly, any rule changes or additions the user makes will be recorded in that, now active, profile. However, if the administrator then set back the first configuration it will load the Comodo default rule set for that profile and NOT implement any of the changes that the user made whilst that 1st profile was active. Setting active profiles will clear any changes the user has made to the first profile. Administrators are strongly advised to save any custom profiles that they wish to re-use at a later date. Note: This action can be executed successfully even if no user is logged in to the endpoint, but the changes will be effective only when the user logs in. For more details on behavior of actions executed when no user is logged in, refer to Appendix 3 - Behavior of Actions When No User is Logged in. CIS Run a Scan The 'CIS Run a Scan' Action enables the administrator to run a scan for viruses on a target computer or group of computers. Required Parameters: Specification of folders to be scanned. Note: This action will not be executed successfully if no user is logged in to the endpoint. For more details, refer to Appendix 3 - Behavior of Actions When No User is Logged in. CIS - Clear Quarantine The 'CIS - Clear Quarantine' Action enables the administrator to purge a quarantine storage on a target computer or group of computers. This action clears ALL quarantined files. Note: This action will not be executed successfully if no user is logged in to the endpoint. For more details, refer to Appendix 3 - Behavior of Actions When No User is Logged in. CIS - Restore from Quarantine The 'CIS - Restore from Quarantine' Action enables the administrator to restore specific files from quarantine. Required Parameters: Specification of Item Identifier: a value which identifies the item in the CIS quarantine storage. Note: This action will not be executed successfully if no user is logged in to the endpoint. For more details, refer to Appendix 3 - Behavior of Actions When No User is Logged in. CIS - Update (Virus Database/Progra ms) The 'CIS - Update (Virus Database/Programs)' Action enables the administrator to instruct endpoint installations of CIS to check for, download and install software and (virus) database updates. CIS - Remove from Quarantine The 'CIS - Remove from Quarantine' Action enables the administrator to remove specific files from quarantine. Note: This action can be executed successfully even if no user is logged in to the endpoint, but the changes will be effective only when the user logs in. For more details on behavior of actions executed when no user is logged in, refer to Appendix 3 - Behavior of Actions When No User is Logged in. Required Parameters: Specification of Item Identifier: a value which identifies the item in the CIS quarantine storage. Note: This action will not be executed successfully if no user is logged in to the endpoint. For more details, refer to Appendix 3 - Behavior of Actions When No User is Logged in. 177

178 Table of Actions - Definitions and Usage Action name Description CIS - Set Update URL The 'CIS Set Update URL' Action allows the administrator to select the host from which the database and program updates are to be downloaded. The administrator can choose to download the updates from the Comodo Update site ( or from a host in the local network. For more details on creating a local update server, see 'Appendix 1- Setting Up a Local Update Server'. Required Parameters: Server name - Specification of Server DNS name or IP address of the Local Update Server for offline update. Server port - Specification of port number of the Local Update Server Note: This action will not be executed successfully if no user is logged in to the endpoint. For more details, refer to Appendix 3 - Behavior of Actions When No User is Logged in. CIS Set Config Comodo Internet Security is configured via the 'CIS Set Config' Action. This Action is added to a Sequence which is in turn added to a Task deployed on target machines. The 'CIS Set Config' action can be configured using either the Sequence Manager Window or by starting the 'New Task' wizard from the Start page. Tip - The Administrator can simply right click on the target endpoint computer from the Computers Window and select Internet Security > Configuration > Custom. Click here for more details. The 'CIS Set Config' Action allows the administrator to roll out a specific configuration of Comodo Internet Security settings to individual or multiple computers in a network. These settings can be deployed at any point after the CIS package has been installed on those target machines. To configure customized settings, first create a new sequence with the Action 'CIS Set Config'. To open the CIS configuration editor, click the ellipsis button (...) in the 'Config Parameters' pane to the right. Administrators MUST set the configuration of installed packages using a '...Set Config' or '...Set Predefined Config' Action in order to make the installed software active. The software is not 'operational' until one of these actions have been run. For a detailed explanation of available options related to setting the configuration of a package, see the Important Note in the 'Install Package' row in this table. Administrators are able specify and save the custom CIS configurations settings in the 'CIS Configuration Editor'. Click Here to see the CIS Configuration Editor' To learn more about the settings in the configuration editor, Administrators are advised to download the dedicated CIS Configuration Editor User Guide from See 'Example: Using 'CIS Config' Discovery Profile to roll out an existing CIS configuration onto other machines' to see an example scenario that uses the "CIS Set Config' Action. Note: This action can be executed successfully even if no user is logged in to the endpoint, but the changes will be effective only when the user logs in. For more details on behavior of actions executed when no user is logged in, refer to Appendix 3 - Behavior of Actions When No User is Logged in. CIS - Set Local Mode Password Allows the administrator to specify a password to enable the user of the endpoint computer to access and configure the CIS installation locally. If this password is set and informed to the user, the user can switch the local CIS installation into local mode without requiring the login credentials of the administrator and will be able to configure, control, run scans etc., by himself/herself. The alerts generated by CIS will be displayed in the local system and the end user can directly respond to the alert. Click here for more details on Local Administration Mode. Required Parameter: 178

179 Table of Actions - Definitions and Usage Action name Description Specification and confirmation of a new password. Note: This action will not be executed successfully if no user is logged in to the endpoint. For more details, refer to Appendix 3 - Behavior of Actions When No User is Logged in. CIS - Set Safe Files List Allows the administrator to create a personal safe list of files to complement the default Comodo safe list. Files added to this area are automatically given Defense+ trusted status and Defense+ will not generate any alert on execution of those. By adding executables to this list (including sub folders containing many components) the amount of alerts that Defense+ generates can be reduced while maintaining a higher level of Defense+ security. This is particularly useful for developers that are creating new applications that, by their nature, are as yet unknown to the Comodo safe list. Required Parameters: Specification of installation path of files/executables considered to be safe, in the 'Safe Files List Editor' dialog. Note: This action can be executed successfully even if no user is logged in to the endpoint, but the changes will be effective only when the user logs in. For more details on behavior of actions executed when no user is logged in, refer to Appendix 3 - Behavior of Actions When No User is Logged in. CIS - Append to Safe Files List Allows the administrator to add safe files and executables to previously created Safe Files List. See CIS - Safe Files List for more details. Required Parameters: Specification of installation path of files/executables considered to be safe, in the 'Safe Files List Editor' dialog. Note: This action will not be executed successfully if no user is logged in to the endpoint. For more details, refer to Appendix 3 - Behavior of Actions When No User is Logged in. CIS - Remove from Safe Files List Allows the administrator to delete safe files and executables previously added to Safe Files List. if required. See CIS - Safe Files List for more details. This is useful in situations where the administrator has added the files considered to be safe to the list and later, came to be known unsafe or when a file considered safe earlier and added to the list has exhibited a malware behavior in one of the endpoints. Required Parameters: Specification of installation path of files/executables considered to be unsafe, in the 'Safe Files List Editor' dialog. Note: This action will not be executed successfully if no user is logged in to the endpoint. For more details, refer to Appendix 3 - Behavior of Actions When No User is Logged in. CIS - Set Trusted Vendors Allows the administrator to create a local Trusted Vendor List (TVL) to complement the default Comodo TVL. CIS will consider the files safe if those are digitally signed by one of the vendors in the TVL. Defense+ will not generate any alerts on execution of such files/executables. Required Parameters: Specification of vendor of files/executables considered to be safe, in the 'Trusted Vendors List Editor' dialog. Background Note: Trusted Vendors are those companies that digitally sign 3rd party software to verify its authenticity and integrity. This signature is then countersigned by an organization called a Trusted Certificate Authority. By default, Defense+ detects software that is signed by a software vendor and counter-signed by a Trusted Certificate Authority. It then 179

Table of Actions - Definitions and Usage Action name Description automatically adds that software to the local users' Trusted Vendor list. To find vendor that has signed an executable, 1.

180 Table of Actions - Definitions and Usage Action name Description automatically adds that software to the local users' Trusted Vendor list. To find vendor that has signed an executable, 1. Browse to the (default) installation directory of the executable. 2. Right click on the file **.exe. 3. Select 'Properties' from the menu. 4. Click the tab 'Digital Signatures' (if there is no such tab then the software has not been signed). This will display the name of the signer that signed the software as shown below: 180

Table of Actions - Definitions and Usage Action name Description Click the 'Details' button to view digital signature information and full name of the signer.

181 Table of Actions - Definitions and Usage Action name Description Click the 'Details' button to view digital signature information and full name of the signer. Note: This action can be executed successfully even if no user is logged in to the endpoint, but the changes will be effective only when the user logs in. For more details on behavior of actions executed when no user is logged in, refer to Appendix 3 - Behavior of Actions When No User is Logged in. CIS - Append to Trusted Vendors Allows the administrator to add trusted vendors to previously created Trusted Vendors List. See CIS Set Trusted vendors for more details. Required Parameters: Specification of vendor of files/executables considered to be safe, in the 'Trusted Vendors List Editor' dialog. Note: This action will not be executed successfully if no user is logged in to the endpoint. For more details, refer to Appendix 3 - Behavior of Actions When No User is Logged in. CIS - Remove from Trusted vendors Allows the administrator to delete vendors previously added to trusted Vendors List. if required. See CIS - Set Trusted Vendors for more details. This is useful in situations where the administrator has added the vendors considered to be safe to the list and later, came to be known unsafe or when a file signed by the vendor in the TVL has exhibited a malware behavior in one of the endpoints. 181

182 Table of Actions - Definitions and Usage Action name Description Required Parameters: Specification of vendor of files/executables considered to be unsafe, in the 'Trusted Vendors List Editor' dialog. Note: This action will not be executed successfully if no user is logged in to the endpoint. For more details, refer to Appendix 3 - Behavior of Actions When No User is Logged in. CIS - Run scan by profile The 'CIS - Run a Scan by profile' Action enables the administrator to run a scan for viruses on preselected areas defined by scan profiles created on the target computers beforehand. Each local installation of CIS will contain two predefined Scan Profiles: My Computer - When this Profile is selected, Comodo Antivirus scans every local drive, folder and file on your system. Critical Areas - When this profile is selected, Comodo Antivirus scans the Program Files Folder and WINDOWS Folder of the Operating System of your computer. The Administrator can also create custom scan profiles for scanning selected areas on the target computer by accessing Antivirus Tasks > Run a Scan > Create New Scan at the local installation of CIS by accessing the local installation through Remote Desktop connection and switching CIS to Local Administration mode. Please refer to dedicated Comodo Internet Security user guide available at for more details on creating custom scan profiles. Required Parameters: Specification of global unique identifier (guid) of the profile. Specification of the name of the profile. Note: This action will not be executed successfully if no user is logged in to the endpoint. For more details, refer to Appendix 3 - Behavior of Actions When No User is Logged in. CIS - Set Update Hosts List (for CIS 4.x) The 'CIS - Set Update Hosts List' Action allows the administrator to create a list of hosts from which the database and program updates are to be downloaded. The administrator can choose to download the updates from the Comodo Update site ( or from a host in the local network. For more details on creating a local update server, see 'Appendix 1- Setting Up a Local Update Server' Required Parameters: Specification of list of urls of update hosts in 'Hosts List Editor' dialog. Note: This action will not be executed successfully if no user is logged in to the endpoint. For more details, refer to Appendix 3 - Behavior of Actions When No User is Logged in. CIS - Set Proxy Settings The 'CIS - Set Proxy Settings' Action allows the administrator to configure how CIS should connect to the update hosts from which the database and program updates are to be downloaded. If a Proxy server is used in the network and if the Administrator wants the application to use the Proxy Server, the Proxy settings can be configured accordingly. Required Parameters: Use Proxy - The administrator should specify whether or not to use the proxy server by selecting between True and False. Default = False, the application will not use the proxy server. Server - Specification of the server name or IP address of the Proxy server, if Use Proxy is 182

183 Table of Actions - Definitions and Usage Action name Description set to True. Port - Specification of connection port number of the Proxy Server. Requires authorization - The administrator should specify whether the proxy server requires authorization by selecting between True and False. Default = False. Login - Specification of login ID for the Proxy Server if it requires authorization. Password - Specification of login ID for the Proxy Server if it requires authorization. Note: This action can be executed successfully even if no user is logged in to the endpoint, but the changes will be effective only when the user logs in. For more details on behavior of actions executed when no user is logged in, refer to Appendix 3 - Behavior of Actions When No User is Logged in. CDE - Set Configuration Comodo Disk Encryption is configured via the 'CDE Set Configuration' Action. This Action is added to a Sequence which is in turn added to a Task deployed on target machines. The 'CSE Set Configuration' action can be configured using either the Sequence Manager Window or by starting the 'New Task' wizard from the Start page. Required Parameters: Administrator must specify the CDE configuration settings in the 'Comodo Disk Encryption Config' dialog. These settings can be deployed at any point after the CDE package has been installed on those target machines. Note: Further Information regarding the configuration of CDE is available in the dedicated CDE help guide at: CDE - Encrypt The 'CDE - Encrypt' Action allows the administrator to encrypt the required logical drive (s) or drive partition(s) in a managed computer. Encrypting a drive protects the confidential information stored in it from being accessed by others. Required Parameters: Specification of the drive letter of the drive partition to be encrypted Password for authentication. The password must be entered whenever the system is started to enable assessing the encrypted drives. Selection of the Encryption and Hash algorithms to be used for encrypting the drive partition from the drop-down options. The available Encryption algorithms are: AES bit / strongest Serpent - 128, 192 or 256-bit / very strong Blowfish - 64-bit block / strong 3DES bit/ strong The available Hash algorithms are: SHA1-160-bit / strong SHA bit / strong MD5-128-bit / strong RipeMD bit / strong Specification of the whether or not the free space in the disk partition to be ignored during encryption. Ignoring empty disk space will significantly accelerate the encryption and decryption processes on large disk drives. 183

184 Table of Actions - Definitions and Usage Action name Description Note: Further Information regarding the configuration of CDE is available in the dedicated CDE help guide at: CDE - Decrypt The 'CDE - Decrypt' Action allows the administrator to decrypt an encrypted drive partition and bring back the drive to its original (unencrypted) form, so that the drive becomes accessible by anyone. The protection offered by encrypting the drive is disabled. Required Parameters: Specification of the drive letter of the encrypted drive partition to be decrypted. Password for authentication. Specification of the whether or not the free space in the disk partition to be ignored. Ignoring empty disk space will significantly accelerate the encryption and decryption processes on large disk drives. Note: Further Information regarding the configuration of CDE is available in the dedicated CDE help guide at: CDE - Change Password The 'CDE - Change Password' Action allows the administrator to change the authentication password set during encrypting a drive partition. Required Parameters: Authentication password set during encrypting a drive partition. Specification of a new password. Specification of the whether or not the free space in the disk partition to be ignored. Ignoring empty disk space will significantly accelerate the encryption and decryption processes on large disk drives. Note: Further Information regarding the configuration of CDE is available in the dedicated CDE help guide at: CDE - Change Encryption Settings The 'CDE - Change Encryption Settings' Action allows the administrator to change the Encryption and Hash algorithms used for encrypting a drive partition. On changing the settings, the pre-encrypted drive will be re-encrypted with the newly selected algorithms. Required Parameters: Specification of the drive letter of the drive partition to be re-encrypted. Authentication password. Selection of new Encryption and Hash algorithms to be used for re-encrypting the drive partition from the drop-down options. Note: Further Information regarding the configuration of CDE is available in the dedicated CDE help guide at: CDE - Add Encrypted Partition The 'CDE - Add Encrypted Partition' Action allows the administrator to restore the partition encrypted previously and removed from the list of the drives using 'CDE - Remove Encrypted Partition' action (the drive is hidden in the Windows Explorer of the managed computer) or when a new encrypted Hard Disk Drive is mounted in the managed computer. Required Parameters: 184

185 Table of Actions - Definitions and Usage Action name Description Specification of the drive letter of the drive partition to be restored. Authentication password. Specification of Encryption and Hash algorithms used for encrypting the drive partition to be mounted. Note: Further Information regarding the configuration of CDE is available in the dedicated CDE help guide at: CDE - Remove Encrypted Partition The 'CDE - Remove Encrypted Partition' Action allows the administrator to remove an encrypted drive from the drives list of drives, meaning the selected drive is hidden in the managed computers' Windows Explorer. Required Parameters: Specification of the drive letter of the drive partition to be removed. Note: Further Information regarding the configuration of CDE is available in the dedicated CDE help guide at: CDE - Create Virtual Drive The 'CDE - Create Virtual Drive' Action allows the administrator to create, mount and format Virtual Drives in the managed Computer. A virtual drive is a drive partition, emulating an optical disk or a hard drive partition in a computer and allows the user to store files in it. Two types of virtual drives can be created. Memory Drive - The memory drive is created in the system memory, i.e. a portion of RAM is set up to act as a hard drive partition. The memory drive has fast read/write access. Because of the volatile nature of the system memory, the memory drive will last only till the system is powered-off. Memory drives can be used while working with a decrypted copy of an encrypted document and to hold larger files like image files for shorter period of times, e.g. when working on several images using image editing softwares. File Drive - The file drive is created as single disk image file at any location of your choice in your hard drive. This file acts as a disk image, resembling a separate hard drive partition. You can set any drive letter of your choice to this virtual drive partition and encrypt with any hash and encryption algorithms. The virtual drive will be displayed as a hard drive partition in My Computer Explorer window. You can format this drive and store your data to be protected in it for permanent storage. Required Parameters: Selection of the drive letter for the virtual drive to be mounted from the drop-down options. Specification of the size (in MB) of the virtual drive to be mounted. Password for authentication. Selection of the Encryption and Hash algorithms to be used for the encryption of the virtual drive to be mounted, from the drop-down options. Selection of storage mode (Memory Drive or Physical (File) drive) for the virtual drive from the drop-down options. Specification of path of the storage location of virtual drive in the managed computer, in case File drive is chosen. Specification of Disk Label for the virtual drive. Selection of the cluster size for the virtual drive from the drop-down options (default, 512 bytes bytes) Selection of file system(fat, FAT32 and NTFS) for the virtual drive from the drop-down 185

186 Table of Actions - Definitions and Usage Action name Description options. Note: Further Information regarding the configuration of CDE is available in the dedicated CDE help guide at: CDE - Mount Existing Virtual Drive The 'CDE - Mount Existing Virtual Drive' Action allows the administrator to mount an existing Virtual Drive but unmounted previously (the drive is hidden in Windows Explorer of the managed Computer) using the 'CDE - Unmount Existing Virtual Drive' action, in the managed Computer. Note permanently deleted virtual drives cannot be remounted. Required Parameters: Specification of the drive letter of the virtual drive to be restored. Authentication password. Specification of the path of the storage location of the virtual drive in the managed computer, in case File drive is chosen. Specification of whether the virtual drive is 'Read Only' or not, from the drop-down options. Note: Further Information regarding the configuration of CDE is available in the dedicated CDE help guide at: CDE - Unmount Existing Virtual Drive The 'CDE - Unmount Existing Virtual Drive' Action allows the administrator to remove an existing Virtual Drive from the drives list of drives, meaning the selected drive is hidden in the managed computers' Windows Explorer. Required Parameters: Specification of the drive letter of the virtual drive partition to be removed. Specification of whether or not the drive to be deleted permanently from the managed computer from the drop-down options. Note: Further Information regarding the configuration of CDE is available in the dedicated CDE help guide at: CDE - Edit Virtual Drive The 'CDE - Edit Virtual Drive' Action allows the administrator to change the authentication password and the encryption settings of an existing and mounted virtual drive. On changing the settings, the virtual drive will be re-encrypted with the newly selected algorithms. Required Parameters: Specification of the drive letter of the virtual drive to be re-encrypted. Authentication password. Specification of the new password if the pass word has to be changed. Selection of new Encryption and Hash algorithms to be used for re-encrypting the drive partition from the drop-down options. Note: Further Information regarding the configuration of CDE is available in the dedicated CDE help guide at: CDE - Backup Drive Settings The 'CDE - Backup Drive Settings' Action allows the administrator to preserve the encryption settings like password, selected algorithms of the encrypted logical drives, as a backup in a secure location 186

187 Table of Actions - Definitions and Usage Action name Description within the managed computer. The backed up encryption settings can be restored at any time, to avoid the situation where important information stored in an encrypted drive could not be accessed, just because the administrator has forgot the password and the other encryption settings. Required Parameters: Authentication password. Specification of the path of the storage location for the backup file. Note: Further Information regarding the configuration of CDE is available in the dedicated CDE help guide at: CDE - Backup Virtual Drive Settings The 'CDE - Backup Virtual Drive Settings' Action allows the administrator to preserve the encryption settings like password, selected algorithms of the virtual drives, as a backup in a secure location within the managed computer. The backed up encryption settings can be restored at any time, to avoid the situation where the virtual drive could not be accessed, just because the administrator has forgot the password and the other encryption settings. Required Parameters: Specification of the drive letter of the virtual drive (selected from the drop-down options). Authentication password. Specification of the path of the storage location for the backup file. Note: Further Information regarding the configuration of CDE is available in the dedicated CDE help guide at: CFP - Set Config The 'CFP Set Config' Action allows the administrator to roll out a specific configuration of Comodo Firewall Pro settings to individual or multiple computers in a network. These settings can be deployed at any point after the CFP package has been installed on those target machines. Required Parameters: Administrator must specify the CFP configuration settings in the 'Settings Editor' Select the Action or Actions you wish to include in the Sequence. In the example below we have chosen to add four 'Discover Data' Actions to the Sequence. For each of these 'Discover Data' Actions, we have selected a different 'Discovery Profile' by modifying the control in the 'Discovery Parameters' control to the right. 187

Click 'Save' to confirm your choices. This new Sequence can be viewed and/or modified via the 'Sequence Manager' Window: This Sequence is now available to be used as a Sequence (of Actions) in a Task.

9 The 'Task Manager' Window A CESM 'Task' is comprised of a Sequence of Action(s) that is executed on a Managed Computer.

188 Click 'Save' to confirm your choices. This new Sequence can be viewed and/or modified via the 'Sequence Manager' Window: This Sequence is now available to be used as a Sequence (of Actions) in a Task. It is during the creation of a Task that the target computers for the Actions specified in the Sequence are chosen. Please see the next section The 'Task Manager' for more details. 3.9 The 'Task Manager' Window A CESM 'Task' is comprised of a Sequence of Action(s) that is executed on a Managed Computer. The Task Manager window allows the administrator to execute any Task - thereby deploying the Actions defined in the Sequence in that Task (including sequences designed to install Comodo packages; install 3rd party.msi packages; implement Comodo Internet Security configuration settings on all Managed network items; discover and control Windows services on those computers and more.) A Task cannot be created or executed without a Sequence first being added to that Task. It is preferable to have at least one Sequence before attempting to create a task, but it is possible to create a new sequence in the process of creating a new task. Executing a Task on a computer or group of computers means executing the Action or Actions that are contained in that Task's 'Sequence'. Tasks can be executed immediately or can be scheduled to run at a predetermined time (Daily, Weekly, Monthly, Once). A Task can only be executed on a Managed Computer which has the CESM Remote Agent installed upon it. A single Task may be executed on any Imported Network item - including individual computers; entire Active 188

Directory Domains; entire Workgroups or all computers in a CESM 'Group' (of computers). The success or failure of a Task can be viewed in real-time from the Task Result Manager window.

189 Directory Domains; entire Workgroups or all computers in a CESM 'Group' (of computers). The success or failure of a Task can be viewed in real-time from the Task Result Manager window. This window also contains a history of the results of all Tasks run in the past Opening the Task Manager Window Administrators can open the 'Task Manager' window in the following ways: Via the File Menu. Select ' View > Task Manager' to open the 'Task Manager' window. Via the shortcut toolbar button: Icon to access 'Task Manager' tab Via keyboard shortcut. Press 'CTRL + ALT + T' to open the 'Task Manager' window. The Task Manager - Window Specific Controls Menu Element Element Icon Description Add Enables the administrator t to add a new task to the list. Opens the 'Add New task' dialog. Delete Deletes the selected Task. Edit Enables the administrator to edit task's parameters such as Name and Description and/or action, schedule. Execute Runs the Task on the network items that were specified during the creation of the Task. Refresh Updates the list of displayed Tasks to reflect changes such as newly added Task; removed Tasks or modifications to existing Tasks. Clone item Enables the administrator to 'copy' the currently open Task and use it for the basis of a new Task. This is useful if you want to change one or two settings on a particular Task (e.g. Run the same sequence of Actions but on different computers; Run a different set of Actions on the same computers etc ) 189

Right clicking on any selected Task in the 'Task Manager' window will open a context sensitive menu that contains the same controls as outlined above: 3.9.

190 Right clicking on any selected Task in the 'Task Manager' window will open a context sensitive menu that contains the same controls as outlined above: Creating and Executing a Task Prerequisites. Before creating a CESM Task, administrators are advised to first: Ensure that all Network Structures have been imported and that target computers have 'Managed' status and have the CESM Remote Agent Installed. A Task can only be executed on Managed computers that are connected to the CESM Central Service via the CESM Remote Agent. For a tutorial explaining how to import network structures, see Importing Network Structure. For more details on managing computers using the administrative console, see The 'Computers' and 'Group Manager' Windows. For more details on assigning managed status to computer, see Preparing Imported Computers for Remote Management. Ensure the appropriate Comodo Packages (or third party packages) have been uploaded to the CESM Administrative interface. (This is required for certain Actions such as Install Package'). To create a new Task: Open the 'Task Manager' window using one of the methods outlined earlier. This windows displays all existing Tasks that have been created. To begin adding a new Task, click the green 'Add' symbol (shown below). This will open the 'New Task' dialog. Firstly create a Name and Description for the Task. Task Names are mandatory Descriptions are optional. It is good practice to choose Task Names that accurately describe the purpose of the Task (or more accurately, the purpose of the Action(s) within the sequence of that Task). 190

Secondly, add the Sequence (of Actions) that this Task should implement. (If you haven't done so already, you should first create a Sequence and define Actions within that Sequence.

This stage also allows you to create a new sequence of actions for adding to this task. To create a new sequence, click the 'New Sequence...' button at the bottom left of the list of existing sequences.

191 Secondly, add the Sequence (of Actions) that this Task should implement. (If you haven't done so already, you should first create a Sequence and define Actions within that Sequence.) To select a Sequence, click the ellipsis button (...) at the end of the 'Sequence' field. This will open a list of existing Sequences: Select the sequence that this task should implement. This stage also allows you to create a new sequence of actions for adding to this task. To create a new sequence, click the 'New Sequence...' button at the bottom left of the list of existing sequences. A 'New Sequence' window will open. You can create a new sequence with a name and a set of actions from this window. Click here for more details on creating a new sequence. Next, choose the Target computers for the Task. Target computers can be selected using the 'Computers' panel at the lower left of the 'New Task' dialog. Alternatively, administrators can select a predefined CESM 'Group' of machines as the target for the task: 191

execution of the Task by accessing the 'Schedule' tab of the 'New Task'

192 Schedule the Task (optional). Administrators have the option to schedule a time and date for the execution of the Task by accessing the 'Schedule' tab of the 'New Task' dialog: The following table contains more detailed descriptions of each of the Actions available within a Sequence. 192

Table of Parameters Form element Description Enable Enables scheduling of the task. Administrators must select this box in order to implement the Scheduling feature for the Task.

193 Table of Parameters Form element Description Enable Enables scheduling of the task. Administrators must select this box in order to implement the Scheduling feature for the Task. Type Tasks can be scheduled to execute: Daily - task is executed daily Weekly - task is executed weekly Monthly - task is executed monthly Once - task is executed single time at specific time and date. Every (day): The Task is executed once every specified number of days. For example, if '2' is chosen then the Task is performed every 2 days at the specified time. Start from: Task execution start date. Time: Task execution time. Day of Month Task is executed at specified day of a month. Order of Weekday Task is executed at specified week of a month. Day of Week Task is executed at specified day of a week. Month Task is executed at specified months of year. Estimated few next runs at: Shows the timetable of the estimated next runs of the task. Default: 10 After successfully creating the Task, click 'Save' to execute the Task later or at scheduled time. For executing the Task instantly, click the drop-down button beside 'Save'. You have the following options: Save - Saves the created Task for execution at a later time or at scheduled time. Save and Close - Saves the created Task for execution at a later time or at scheduled time and closes the New Task dialog. Save and Execute - Saves the created Task and executes it instantly Save, Execute, Close - Saves the created Task, executes it instantly and closes the New Task dialog Once the administrator has successfully created and saved the new task, it becomes available in the Task Manager window: 193

After executing a Task, Administrators can check it's success or failure by opening the 'Task Result Manager'. Please see the next section for more details. 3.

194 After executing a Task, Administrators can check it's success or failure by opening the 'Task Result Manager'. Please see the next section for more details The Task Result Manager Window The 'Task Result Manager' window enables the administrator to view whether a Task executed on a target computer, network or CESM group was successful or not. If a Task failed for any reason, then the administrator can use this window to identify which particular Actions have failed and on which specific computers the fails occurred. Furthermore, administrators can quickly create a custom Task to re-run only those failed actions on the affected computers. The current status of any task(s) under execution is displayed as progress bar with the percentage of completion - allowing administrators to check the ongoing progress of a task and to estimate how much time remains before task completion Opening the Task Result Window Administrators can open the 'Task Result' window in the following ways: Via the File Menu. Select ' History > Task Result' to open the 'Task Result' viewer. Via the shortcut toolbar button: Icon to access 'Task Result' tab Via keyboard shortcut. Press 'CTRL + SHIFT + T' to open the 'Task Result' viewer. 194

195 Every Task is represented as a row with the Task name, its success, failure or progress status, its start and end time and other details. Expanding the tree hierarchy will reveal the target computers within the Task and the Actions that have been, are being or will be executed on those target computers. Task Result Manager - Table of Columns, Controls and Icons Control name Details Description Selecting an successfully completed task entry in the list and clicking 'Details' button opens a right hand side 'Details' pane containing the details concerning to the action, e.g. the discovered details if the action is 'Discover Data'. Results Column Icon Description Task Status = Succeeded. Entire Task, including all component Actions in the Task's Sequence, were executed successfully on all target machines. Task Status = Executing. Task is currently being executed. This means at least one component Action on at least one target Machine in the Task has yet to be completed. Task Status = Failed. At least one Action on one target computer was not executed successfully. Target Computer Status = Succeeded. All Actions on the named target computer were successfully executed. Target Computer Status = Executing. At least one Action on the named target computer is currently being executed. Target Computer Status = Failed. At least one Action on the named target computer has failed to execute successfully. Action Status = Succeeded. The named Action has been executed successfully on the target computer. 195

196 Action Status = Pending. Can have two meanings. (1) CESM has not attempted to execute this action on the target computer because of the failure of an Action that preceded it. (2) This action is currently queued and will be executed after successful execution of the Action(s) that precede it in the Sequence. Action Status = Executing. This Action is currently being executed on the target computer. Action Status = Failed. This Action has failed to execute successfully on the target computer. CESM will not attempt to execute any subsequent Actions that may have been listed in this task. All subsequent Actions will Automatically be given a status of 'Pending'. Column Name Description Displays the status of the Task, Target Computer or Action listed in the results column: Status Actions that were successfully completed have a status of 'Succeeded'; Actions finished with an error have a status of 'Failed' ; Actions that are currently being executed will be displayed as progress bar with the percentage of completion of the task; Actions awaiting execution in a queue have a status of 'Pending'. Message An explanatory message associated with the Result. Started Displays the time that CESM began executing the Task or Action named in the 'Result' column. Completed Displays the time that CESM completed execution of the Task or Action named in the 'Result' column. Result Code Actions that failed to successfully execute will generate a specific error code. The administrator can reference this result code to help diagnose the problem. Actions that successfully executed always generate the code '0x ' The following graphic shows a simple example of a Task result as viewed through the Task Result Manager window: As can be seen in the example above, the failure of a single Action on one target computer will mean that Task is given a status of 'Failed'. Right clicking on any Task, Target Computer or Action listed in the 'Task Result Manager' window will open a context sensitive menu that provides further administrative options. 196

197 This context sensitive menu shown above allows the administrator to create a custom Task that is designed to (1) Run only on those machines that failed the original Task and (2) Run only those Actions that originally failed on those machines. Task Result Manager - Context Sensitive Menu Menu Option Right Click on: Create task with failed computers Any Task with a status of 'Failed' Description Enables the user to create a new Task with only the target computers for which Task execution was not successful. Opens the 'Add New task' dialog, with the 'failed' computers automatically pre-selected as the target machines. The new Task will not include any computers that passed the original task. Having addressed the issue causing the error, administrators can use this functionality to quickly roll out the same Sequence of actions to only those computers that were affected by the original issue without having to re-deploy to the entire network. Create sequence with failed action Any Target Enables the user to create a new Sequence consisting of only those Actions from the Computer with a original Task that returned a status of 'Failed' or 'Pending'. Selecting this option will status of 'Failed' open a new Sequence with those Actions already populated. The new sequence will not include any Actions which were successfully executed during the original Task. This feature can be used in combination with 'Create task with failed computers' to create a highly targeted Task that implements only those Actions that failed and only on those computers in the network which were affected by those fails. For example: An administrator wishes to deploy a Task on an Active Directory network containing 150 workstations. This Task contains a Sequence which consists of four actions. The first three are 'Install Package' Actions whilst the fourth is a 'Reboot' Action. On 145 of the workstations the Task is executed successfully. However, on the remaining 5, only the first two Actions successfully executed while the third failed (thus also preventing the execution of the fourth Action). Once the administrator has identified * and fixed the issue causing the error he or she can, using the 'Create Sequence with failed Action' feature, create a sequence consisting of just those third and fourth actions. This Sequence can then be added to a Task that was created using the 'Create Task with failed computers' feature. This task can then be deployed to execute only the previously 'failed' actions on only the 5 affected computers (out of the 150 in the network). This can be a great time saver in large networks. Tip: To help identify problems on the target workstation, the administrator may wish to consider running one or more Discovery Profile Actions on those machines The Notification Monitor Window The 'Notification Monitor' enables the administrator to view (and react to) all service status messages sent by CESM Central Service. 'Notifications' are messages sent to the CESM Administrative Console by the CESM Central Service in response to service related commands issued by the Administrative Console. A service related command issued by the CESM Administrative Console includes items such as installing or un-installing the CESM Remote Agent on a target machine and notifications on CIS events such as Antivirus database updates, completion of an on-demand or scheduled scan etc. The Notification Monitor window enables the administrator to view messages regarding the success or failure of commands issued to the CESM Central Service such as Install / Un-install CESM Remote Agent. The Monitor also displays warnings and critical messages sent by the Central Service regarding issues such as service connection status and service crashes. 197

Administrators should take care to differentiate the Notification Monitor from the Task Result window (which is used to monitor the success or failure of user-defined Tasks such as the installation

198 Administrators should take care to differentiate the Notification Monitor from the Task Result window (which is used to monitor the success or failure of user-defined Tasks such as the installation of Comodo Internet Security on target computers). Administrators will find the Notification Monitor especially useful when troubleshooting any issues relating to the installation of the CESM Remote Agent on target computers. The Notification Monitor is intended to quickly inform the administrator of the latest events. Once individual Notifications have been viewed/and or dealt with, the administrator has the option to clear them from the list. The Notification History window is a permanent archive of all Notification messages and can be referenced should the administrator wish to view messages that were removed from the Notification Monitor Opening the Notification Monitor Administrators can open the 'Notification Monitor' window in the following ways: Via the File menu. Select 'View > Notification Monitor' to open the 'Notification Monitor' viewer. Via the shortcut toolbar button: Icon to access 'Notification Monitor' tab Via keyboard shortcut. Press 'CTRL + ALT + N' to open the 'Notification Monitor' viewer. The Notification Monitor - Table of Columns, Controls and Icons Item Name Type Icon Notifications that are classified as 'Messages' typically inform the administrator of the successful completion of a command on a target machine. For example, the successful installation of the Comodo Remote Agent on the computer that is named in the 'Computer' column. Icon Notifications that are classified as 'Warnings' alert the administrator to potential network issues that may impair CESM's ability to deploy Tasks and monitor Requests. Icon Notifications that are classified as 'Errors' inform the administrator of the failure of CESM Central Service to execute a command on a target computer. For example, an 'Error' notification will be generated if CESM Central Service was not able to complete the installation of the CESM Remote Agent on the computer that is named in the 'Computer' column. Icon Notifications that are classified as 'Critical' alert the administrator to high severity errors that may or have already prevented CESM from functioning normally. For example, a critical application crash. Column header A text description of the specific notification. In the case of notifications classified as 'Error' or 'Critical' (error), the description will also contain an error code and a precise description of the (Message) (Warning) (Error) (Critical) Description Description 198

199 The Notification Monitor - Table of Columns, Controls and Icons Item Name Type Description reason for the error. Created Column header Shows the time and date that the notification was generated by the CESM Central Service. Received Column header Shows the time and date that the CESM Administrative Console received the notification from the CESM Central Service Computer Column header The name of the workstation to which the notification pertains. Clicking on the target computer's name will open the 'Computers' window - allowing the administrator to quickly view details about the computer in question and/or issue further commands to that computer. Product Name Column header Displays the name of the CESM product or service that generated the notification. In most cases this will be the CESM Central Service. Product Version Column header Displays the version number of the product named in the 'Product Name' column. Control The 'I See' button allows the administrator to mark the selected notification as 'viewed' and will remove the notification from the list. Notifications that are removed from the 'Notification Monitor' can, if needed, be accessed via the 'Notification History' window (which keeps a permanent record of all notifications). Filter Clicking the 'Messages' button enables the administrator to add all 'Message' notifications to the list of displayed notifications. Filter Clicking the 'Warnings' button enables the administrator to add all 'Warning' notifications to the list of displayed notifications. Filter Clicking the 'Errors' button enables the administrator to add all 'Error' notifications to the list of displayed notifications. Filter Clicking the 'Criticals' button enables the administrator to add all 'Critical' notifications to the list of displayed notifications The Notification History Window The Notification History window is a permanent record of all notifications that have been received by the CESM Administrative Console. Messages removed from the Notification Monitor can still be viewed using the Notification History window. Administrators can open the 'Notification History' window in the following ways: Via the File Menu. Select ' View > Notification History' to open the 'Notification History' viewer. Via the shortcut toolbar button: Icon to access ''Notification History' tab Via keyboard shortcut. Press 'CTRL + SHIFT + N' to open the 'Notification Monitor' viewer The Request Monitor The 'Request Monitor' window enables administrators to view and react to alerts from Comodo Packages that have been installed and are running on Managed computers ('Packages' include CESM controlled Comodo applications such as Comodo Internet Security). Each request contains information sent by a Comodo product which requires the administrator's attention. Administrators can simply allow or block an activity or choose a predefined policy for the application which generated the activity. 199

200 All answers supplied by the administrator are saved as rules on the target computer that originally generated the request meaning there is no need to answer the same request many times. The administrator can also deal with requests in 'batches' by providing the same answer simultaneously to multiple requests. If a request is missed for any reason then the request will expire and the application or action will be temporarily blocked. A request of the same nature on the same computer will be reported to the administrative console as another request. In summary: When an Administrator responds to a request, the response is saved as a rule on the target computer that originally generated the request. In future, this answer will be automatically applied in response to actions of the same nature on the same computer and no request will be sent to the CESM console. Each request has an expiration period. If administrators do not respond to a request before that request expires then the action or application will be blocked. A request of the same nature on the same computer will be reported to the administrative console as another request. An archive of all requests can be viewed in the 'Request History' window Opening the Request Monitor Window Administrators can open the 'Request Monitor' window in the following ways: Via the File Menu. Select ' View >Request Monitor' to open the 'Request Monitor' viewer. Via the shortcut toolbar button: Icon to access ''Request Monitor' tab Via keyboard shortcut. Press 'CTRL + ALT + R' The Request Monitor - Table of Parameters Column Name Description Description Enables the administrator to view detailed information about the request. Computer Enables the administrator to view the computer from which the request was received. Created Enables the administrator to view the date and time that the request was propagated on the computer listed in the 'Computer' column. Expired At Enables the administrator to view the time at which the request expired. Received Enables the administrator to view the date and time that the request was received by the CESM Administrative Console Product Name Enables the administrator to view the name of product that sent the request. (for example, Comodo Internet Security) Product Version Enables the administrator to view the version of product that sent the request. 200

The Request Monitor - Table of Parameters Column Name Description Control Description Enables the administrator to remove expired requests from the list by selecting the 'Clear Expired' button.

201 The Request Monitor - Table of Parameters Column Name Description Control Description Enables the administrator to remove expired requests from the list by selecting the 'Clear Expired' button. Clear Expired Note: Requests that are removed from the Request Monitor can still be viewed in the 'Request History' window. Response pane Enables the administrator to react to the received request by selecting a preset response. The 'Allow' and 'Block' responses are always available for any request. There may also be additional response choices listed under the default 'Allow' and 'Block' responses. The additional responses that are available for any one request are dependent on the nature of the request and on the product that propagated the request The Request History Window The 'Request History' window is an archive of all received requests including all requests that the administrator has removed from the Request Monitor window. Administrators can open the 'Request History' window in the following ways: Via the File Menu. Select 'History >Request History' to open the 'Request History' viewer. Via the shortcut toolbar button: Icon to access 'Request History' tab Via keyboard shortcut. Press 'CTRL + SHIFT + R' to open the 'Request History' viewer. Request History - Table of parameters The column structure and information available in the Request History window are similar to those in the Request Monitor window with the following two additions: Column Name Description Answer Enables the administrator to view the response that the administrator supplied in the Request Notification window. If the Request expired before a response was supplied then this cell will be blank. Answered Enables the administrator to view the time and date that the response identified in the 'Answer' column. If the Request expired before a response was supplied then this cell will be blank. Administrators can update the list of currently displayed requests by right clicking anywhere in the 'Request History' window and selecting 'Refresh' Reports CESM Reports are highly informative, graphical summaries of the security and status of managed 201

endpoints. Each type of report is fully customizable and can be ordered for anything from a single machine right up to the entire managed environment.

- General information about target endpoint(s) such as operating environment and hardware details.

202 endpoints. Each type of report is fully customizable and can be ordered for anything from a single machine right up to the entire managed environment. Administrators can choose the type of report they wish to generate by clicking 'Reports' on the file menu then making a selection from the drop down menu: Available report types are: Computer Details - General information about target endpoint(s) such as operating environment and hardware details. Malware Statistics - Statistical information on the malware detected at various AV scans run on the target endpoint, with the actions taken against them. Antivirus Database Updates - A summary of Antivirus updates on selected endpoint(s). For maximum protection against the very latest, zero-hour, threats it is essential that CIS has the latest signatures. Click the links above to find out more about each report type. Reports can be printed and exported using the controls at the top of the display interface: If multiple reports are generated then administrators can use the document map to easily switch between reports: 'Computer Details' report If you have not done so already, please initiate this wizard by selecting 'Reports > Computer Details...' from the file menu. Your first choice is to choose which machines you wish to generate reports for. You can select individual or multiple endpoints or even the entire domain/workgroup. Individual reports will be generated for all selected machines: 202

you have specified. If it is correct then click 'Next' to begin report generation.

203 Each report can also include details of the software that is on the endpoint. Select this checkbox if you want your report to include these details: The next screen summarizes the report(s) that you have specified. If it is correct then click 'Next' to begin report generation. Click 'Previous' if you wish to alter any details. Once CESM has finished generating the reports you will see a 'Success' message which includes another summary. Click 'Finish' to view the reports. 203

204 The screenshot below shows an example 'Computer Details' report with 'Software Details' included. If you generated reports for multiple machines then use the 'Document Map' button at the top-left to navigate the available reports Reports can be exported to pdf or excel spreadsheet by clicking the disk button. 204

Tip: The 'Computers Details' Report can also be generated for a selected endpoint by right-clicking on the endpoint from the Computers window, selecting 'Properties' from the context sensitive menu

205 Tip: The 'Computers Details' Report can also be generated for a selected endpoint by right-clicking on the endpoint from the Computers window, selecting 'Properties' from the context sensitive menu and clicking the link Show Report at the bottom left corner of the 'Properties' dialog Malware Statistics For an endpoint to communicate Malware statistics it must: Be managed and connected. A computer is in this state if it is colored green in the 'Computers' window - Have Comodo Internet Security 4.0 or above installed and at least one on-demand or Scheduled AV Scan should have been run. To start the Malware Statistics Report Creation Wizard, select 'Reports > Malware Statistics...' from the file menu. Your first choice is to choose which machines you wish to generate reports for. You can select individual or multiple endpoints or even the entire domain/workgroup. Select the period for which you wish the report to be created. Annual - Generates statistics from the beginning of the current year (1st January YYYY) Monthly - Generates statistics from the beginning of the current month (1st MM YYYY) Weekly - Generates statistics for the past seven days, for any week by selecting the week from a calendar or by specifying the week number of the year. Daily - Generates statistics for the current day. 205

Selecting the checkbox 'Use Custom report settings' allows you to choose a custom time period (specific year, month, week or day) corresponding to the option selected above.

206 Selecting the checkbox 'Use Custom report settings' allows you to choose a custom time period (specific year, month, week or day) corresponding to the option selected above......and to choose whether you wish to have a report summary or a detailed report. Select 'Summary' if you want a graphical comparison of discovered Malware on selected endpoints Select 'Details' if you want a detailed Malware statistics report on each selected endpoint. Click 'Next'. The next screen summarizes the report that you have specified. If it is correct then click 'Next' to begin report generation. Click 'Previous' if you wish to alter any details. 206

207 Once CESM has finished generating the reports you will see a 'Success' message which includes another summary. Click 'Finish' to view the reports. The screenshot below shows an example of 'Malware Statistics' Summary Report. 207

208 'Deleted', 'Ignored' and 'Quarantined' are the decisions taken by CIS in reaction to each piece of detected malware. The first chart indicates that a total of 10 malware alerts were generated in the time period. The 2nd chart breaks down those 10 alerts by the decisions taken by CIS. The Screenshot in the next page shows an example of 'Malware Statistics' Detailed Report. The detailed report shows the comparison graphs and details on the malware identified from the selected endpoints. 208

209 209

3.13.3 Antivirus Database Updates For an endpoint to communicate its update status it must: Be managed and connected.

210 Antivirus Database Updates For an endpoint to communicate its update status it must: Be managed and connected. A computer is in this state if it is colored green in the 'Computers' window - Have Comodo Internet Security 4.0 or above installed. Earlier versions will not communicate update status. To start the Antivirus Updates Report Creation Wizard, select 'Reports > Antivirus Database Updates...' from the file menu. Your first choice is to choose which machines you wish to generate reports for. You can select individual or multiple endpoints or even the entire domain/workgroup. The next screen summarizes the report that you have specified. If it is correct then click 'Next' to begin report generation. Click 'Previous' if you wish to alter any details. Once CESM has finished generating the reports you will see a 'Success' message which includes another summary. Click 'Finish' to view the reports. 210

211 The screenshot below shows an example 'Antivirus Updates' report. Summary Chart Description Indicates the number of endpoints which are using the latest virus database. Indicates the number of managed and connected endpoints which are using a database older than the 211

212 most recent. Examples of why this situation could occur include difficulties with the connection to the update server; delays because of high network traffic or because CIS has just been installed and is awaiting its first signature update. If any endpoints are listed as 'Outdated' for extended periods of time then administrators are advised to: Update the virus database by right-clicking on the target computer from the 'Computers Window' and select Internet Security > Update Antivirus Bases OR Create and run a task which contains the action, 'CIS Update (Virus Database/Programs)'. Run this task on all 'Outdated' machines. To do this, Click 'New Task' on the 'Start' page. Choose a name for the new task and select the target computers. Create a new Sequence of Actions then select 'Internet Security > CIS Update...' as the specific Action. If automatic updates are already enabled then you do not need to set a schedule and should click 'Next'. Make sure 'Run the task now' is selected at the final confirmation and click 'Finish' to execute the task. Investigate the idea of setting up a local update server to accelerate the speed at which updates are distributed to endpoints machines. For more details, see 'Setting up a local update server' If you still have problems with endpoints receiving updates then contact livepcsupport to speak to a Comodo technician about the issue. The livepcsupport button can be found at the bottomright of the 'Start' page. Indicates the number of endpoints whose update status cannot be determined because: The endpoint is unmanaged. Imported but not controlled by CESM () The endpoint is managed but does not have the agent installed () The endpoint is managed, has the agent installed, but is not online (also) Administrators should check that all network endpoints that they intend to be protected by CESM are in the 'green' state - indicating managed and connected ( )This is the state an endpoint must be in for it to communicate it's update status to the graphics on the CESM 'Start' page 3.14 The machine is managed and connected but it does not yet have Comodo Internet Security 4.0 installed. Administrators can install CIS on target endpoints by either (a) right clicking on the desired machines in the 'Computers' window and selecting 'Install Package' (b) Creating a new Task to install CIS on the endpoint. The 'Tools' Options The 'Tools' menu item contains the following items: 'Add Computers...' - Opens the wizard for importing network computers into CESM Administrative console. Click here to view the description on this wizard. 'Install Agents...' - Opens the wizard for installing CESM Remote Agent on managed computers. Click here to view the description on this wizard. 'Create Agent Installation Package...' - Opens a wizard for the creation of custom installation packages 'New Task...' - Opens the wizard for creating a new task. Click here to view the description on this wizard. 'Install Products...' Opens the 'Install Packages' wizard. Click here to view the help page on this wizard 'Import and Export Settings...' - Opens the import/export settings wizard 212

3.14.1 Create Agent Installation Package The 'Create Agent Installation Package' wizard allows administrators to create a convenient folder containing Agent and software installation packages.

This folder will contain: The latest version of the CESM Agent The Administrators choice of Comodo Software. The 'Local Installation' wizard. This is a single executable called 'Setup.exe'.

213 Create Agent Installation Package The 'Create Agent Installation Package' wizard allows administrators to create a convenient folder containing Agent and software installation packages. This folder can then be copied over to local machines and, by running the 'Local Installation' wizard contained in the folder, will install all required components. This folder will contain: The latest version of the CESM Agent The Administrators choice of Comodo Software. The 'Local Installation' wizard. This is a single executable called 'Setup.exe'. Running 'Setup.exe' will start a wizard that will offer to install the packages that are in the folder - meaning the Agent and any Comodo packages that were selected during this wizard. Software packages will be installed with the specific configuration for the chosen software (for example, the CIS security profile). Once created, the custom packages can be added to Tasks via the 'New Task' wizard or to the 'Install Packages' wizard. Most networks have a range of different machines that require slightly different installation plans. With this in mind, administrators may find it useful to create more than one custom folder and name those folders accordingly. For example '32_bit_CIS_Proactive_Security ' could be the name of a folder that contains everything that needs to be installed on a 32 bit Windows system - namely the Agent and the 32 bit version of CIS with the 'Proactive Security' profile. The packages in this folder can then be referenced whenever the Administrator needs to perform similar tasks. To begin, open the CESM Administrative console and click 'Tools > Create Installation Package...'. This will open stage 1 of the wizard: Path Selection: The default path is to save a new folder on the desktop called 'CESM Agent'. Administrators may want to use the 'Browse...' button to create a folder with a more descriptive name. Next, administrators need to select which packages they wish to include in the new folder: 213

Use the checkboxes on the left to select the packages you wish to install; The latest version of the Agent is automatically added to the folder and is therefore not one of the choices; The example

214 Use the checkboxes on the left to select the packages you wish to install; The latest version of the Agent is automatically added to the folder and is therefore not one of the choices; The example above lists the 32 and 64 bit versions of the CIS installation package and the CDE installation package (same.msi can be used on 32 and 64 bit operating systems); Arguments - click the blue underlined text to open a menu that will allow you to select configuration options that you would like to be installed when the package is run. The choices for CIS are: Install all components (Default. This will install both the Antivirus and Firewall components) Install firewall components only Install antivirus components only Click 'Upload package...' if you would like to upload a different.msi installer; Click 'Next' when you are happy with your selection. If you chose to install 'All Component' in the previous stage then you next need to select a security profile for CIS. If you chose to install only the Firewall or only the Antivirus then this stage is skipped. If you chose 'Firewall Only' as the Argument in the previous stage then the 'Firewall Security' profile is automatically implemented. If you chose 'Antivirus Only' as the Argument in the previous stage then the 'Antivirus Security' profile is automatically implemented If you chose 'All Components' as the Argument in the previous stage then you can choose from 'Endpoint Security', 'Firewall Security', 'Internet Security' and 'Proactive Security' configuration profiles. Sequence Manager > Table of Actions contains more in-depth descriptions of security profiles (use the 'Back' button on the top-left of this guide to jump back here afterward.) When you run the.msi package, it will install CIS with the security profile chosen here. Click 'Next' to confirm your choice and proceed. A confirmation screen will prompt you to create your new custom packages and installation folder. The final screen offers a summary of the location and composition of your new package folder. 214

215 Leave the 'Open folder with the package' box checked and click 'Finish' to view your new folder. After copying the folder to the required endpoint, open the folder at the target endpoint and double click on the file setup.exe to start the CESM Agent Setup Wizard. CESM Agent Setup Wizard The first stage of the installer is the introduction screen. Click 'Next >' to continue. Before commencing the installation of Comodo Agent Package, the wizard will check for any incompatible products. This includes items such as third party antivirus/firewall products. The wizard will list any discovered products that are incompatible and offer you the opportunity to uninstall them (highly recommended): 215

Select the checkbox next to the name of the product(s) you wish to remove then click 'Uninstall'. The computer may need to be rebooted to complete the uninstallation.

216 Select the checkbox next to the name of the product(s) you wish to remove then click 'Uninstall'. The computer may need to be rebooted to complete the uninstallation. The next stage is to install CIS and the Agent. The installer will first check whether any of these items are already installed. You must first uninstall any older versions of CIS or the Agent that are detected. To commence the installation, ensure both products are selected in then click 'Install'. The computer will need to be rebooted to finalize installation Opening the Import and Export Settings Wizard Selecting 'Import and Export Settings...' from the 'Tools' menu allows the user to import, export or reset the following configuration data: CESM console settings related to layout configuration; CESM server authorization settings; Active Directory import settings. Administrators can open the 'Import and Export Settings Wizard' window by selecting 'Tools > Import and Export Settings': 216

a file, that can be used later as source file for importing saved configurations. It can be used at any time on any computer.

217 There are three possible scenarios of the process: i. Export selected environment settings - Choosing this option will save all current CESM console settings related to layout configuration, CESM server authorization and import from active directory in a file, that can be used later as source file for importing saved configurations. It can be used at any time on any computer. Specify setting file's name and location, click 'Finish' to finalize the process. ii. Import selected environment settings - Choosing this option will import previously exported CESM console settings related to layout configuration, CESM server authorization and import from active directory from a file. Additionally, the administrator can save all current CESM console settings by ticking off the corresponding ratio button. 217

218 Specify the needed and press 'Next'. Browse source export file and click 'Finish' to finalize the process. iii. Reset all settings - Choosing this option will restore all setting to default values. 218

Click 'Finish' to finalize the process. 3.

219 Click 'Finish' to finalize the process The 'Help' Options This section of the interface provides administrator with access to the following areas: Help - Opens this internal help guide which takes the administrator through the organization, configuration and use of CESM; Support - allows the administrator to submit a support ticket at the Comodo support portal at (requires registration); livepcsupport... starts the livepcsupport client, allowing administrators to chat and raise issues with a Comodo support technician; Upgrade license - starts the Upgrade License Wizard - enables the administrator to purchase new licenses, load an existing license and enter a CESM activation code; About... a summary of version number and license information. Also allows the admin to upgrade the license The 'Help' Window Clicking the 'Help' link in the 'Help' section of file menu opens the internal help guide. Each area has its own dedicated page containing detailed descriptions of the application's functionality. Note: Content of the internal help guide duplicates the content of this guide Support The 'Support' link will open the Comodo support portal at After registering for a free account, 219

220 customers can submit support tickets that will be handled by our professional and experienced product experts. The support portal also contains a product knowledge base and other useful links that can help to solve some of the most common queries about the product. Administrators are also encouraged to register at the Comodo community messageboards (Sign up at : More information about the forums is available here). The FAQ section of this guide can also help to solve many of the most common problems. This help guide contains detailed advice on every area of CESM. Administrators are advised to consult the guide before contacting support Live PC Support Live PC Support offers the quickest, most comprehensive way of getting help with problems surrounding your CESM deployment. All CESM license holders receive unlimited access to livepcsupport services. LivePCsupport is delivered via a secure chat window and can be started in any of the following ways: Click the 'Live PC Support' link in the 'Support' area of the 'Start' page Click 'Help > Live PC Support...' from the CESM file menu From the Windows Start Menu - Click All Programs > COMODO > livepcsupport > Comodo livepcsupport Starting the service in any of the ways described above will open the following login dialog: 220

Select the type of service you need: Other - Select if you need assistance in setting up and managing endpoints and other Windows/System related problems; Virus Infection - Select if you need

221 Select the type of service you need: Other - Select if you need assistance in setting up and managing endpoints and other Windows/System related problems; Virus Infection - Select if you need assistance in removing viruses, malware etc. from your server/endpoints. So that you will be connected to the technician skilled in the specific area. Clicking any of the options will open the registration screen. Try Now - The easiest and fast way to get the services is by clicking the 'Try Now!' link. Within seconds, a Comodo Support Technician will respond in a chat window and ask you to describe the problem. 221

222 Explain the problem in the server/managed endpoint and also provide the IP address of the endpoint in which the problem has arisen. The technician will access the server/endpoint through a remote desktop and fix the problems. The trial service does not require a subscription. Register - Clicking the 'Register' link will take you to the LivePCSupport trial sign-up page. Follow the sign up procedures. Your subscription ID will be sent to you by

Sign-in - Click this button if you already have a subscription ID. At the login box: Enter the Subscription ID you received through email.

223 Sign-in - Click this button if you already have a subscription ID. At the login box: Enter the Subscription ID you received through and click 'Next'. Within seconds, a Comodo Support Technician will respond in a chat window and ask you to describe the problem. 223

224 Explain the problem in the server/managed endpoint and also provide the IP address of the endpoint in which the problem has arisen. The technician will access the server/endpoint through a remote desktop and fix the problems. Apart from answering routine support questions, livepcsupport technicians are also on hand to perform any of the following services: Virus Diagnosis / Removal - If required, any endpoint is thoroughly checked for viruses and spyware. If any are discovered they are expertly removed and your computer restored to it's pre-viral state. PC Tune Up - Expert evaluation of issues affecting your computer's performance. Fine Tuning key areas and improving speed and stability. Internet Login Protection - Activating the basic security settings of a computer to prevent loss of sensitive data and identity theft. Account Set Up -Setting up any Internet-based account for an endpoint any provider, any account. Software Installation - Installing your Comodo products and customizing configuration for maximum security protection and efficiency. Technicians can also identify and remove any software that is not compatible with Comodo products. Green PC - Optimization of power management settings. Technicians can do this on a per endpoint basis or can help configure power settings through the CESM console. Computer Troubleshooting - Check for basic hardware conflicts in Windows The 'About' Window Clicking the 'About' option in the 'Help' section of file menu opens the 'About' information dialog. 224

225 The following table contains more detailed descriptions of each of the form elements: The 'About' Window- Table of Parameters Form Element Description License Displays the start and expiry date of the current license and the number of endpoints covered by the license. ID Displays the unique serial number of the license. Machine key Displays the unique machine key of the server. The purchased license is allocated with the server with such machine key. Start Displays the date from which the current license is valid Expired Displays the expiration date of the current license (in case if the license is limited). Managed computers Displays the number of managed computers for current license. Description Displays the description of license file, for example: 'Trial License', etc. Products Displays the number of licenses currently held for a specific product. 225

226 Licenses summary Contains a detailed summary of all licenses that have been purchased. If the administrator has loaded several licenses, then licenses summary area displays how many endpoints the Administrator can manage in each time period. For example, if the administrator has two licenses with the first license for 5 endpoints from 3/1/2010 to 3/1/2011 and second license for 10 endpoints from 5/15/2010 to 5/15/2011, then the Licenses summary section will display: 3/1/2010 : 5/15/ endpoints 5/15/2010 : 3/1/ endpoints 3/1/2011 : 5/15/ endpoints For more details on merging of additional licenses, click here. Upgrade license Opens the CESM Upgrade License wizard that enables administrator to load a new license file or to register on and get/enter an activation code. OK The 'OK' button confirms your choices and saves the changes The CESM Upgrade License Wizard The 'CESM License Wizard' enables the administrator to purchase a new license, load an existing license and to enter a CESM activation code. If additional licenses are required for more endpoints then these will be merged with the existing license. Click here for more details on purchasing additional licenses. The administrator can start the wizard by selecting one of the following: The link Upgrade License from the 'System Status' area in the Start Page Help > Upgrade License... Help > About then click the 'Upgrade license' button in the 'About' window I have a valid activation code. Choose this if you have already received your CESM activation code via

Copy and paste the activation key from your confirmation email into the space provided: Click the 'Next' button when done. The 'License preview' window appears.

227 Copy and paste the activation key from your confirmation into the space provided: Click the 'Next' button when done. The 'License preview' window appears. Check that the license details are correct then click the 'Finish' button to activate. I have a valid license file. If you have already purchased a license and wish to load it then select 'I have a valid license file'. For help with this, see How to Load a New License. Click the link Comodo Accounts Management if you wish to: Purchase a brand new license 227

Upgrade from trial to full license Purchase coverage for more endpoints. Note: You should purchase a new license for just the additional endpoints that you require.

228 Upgrade from trial to full license Purchase coverage for more endpoints. Note: You should purchase a new license for just the additional endpoints that you require. Your existing and new licenses will be merged to cover all endpoints. Click here to read more. Clicking the Comodo Accounts Management link will take you to CESM's online order form to make your purchase - so make sure you are connected to the Internet. Existing Comodo account holders should select 'Yes - I am an existing customer' and enter their Comodo username and password. This will ensure the CESM purchase is correctly associated with your account. If you do not have a Comodo account yet then select 'No'. You must now create a unique Username and Password and fill out your contact details so that we can create an account for you. See 'How to Purchase a New License' if you need help to complete this form. After successful completion of your purchase, you will receive an containing (1) A link to download your license file (2) A CESM activation code. You should download the license then save it to a secure location on your local drive. Once done, restart this wizard and select the 2nd option, 'I have a valid activation code' How to Load a New License To load a new license the administrator should launch the 'CESM Upgrade License' wizard: 1. In the file menu click 'Help' > 'Upgrade License...' or 'Help' > 'About COMODO Endpoint Security Manager ' > Upgrade License...'. 228

229 This action will open the 'CESM Upgrade License' wizard: 2. Select the second option, 'I have a valid license file' and click 'Next': Browse to the location of your license file and click 'OK': 229

230 3. Click the 'Next' button when done. Tip: On purchase of licenses, the license files are imported to the following locations by default: For Windows 2003 server, the license file will be available at C:\Documents and Settings\All Users\Application Data\COMODO\ESM For Windows 2008 server, the license file will be available at C:\ProgramData\COMODO\ESM The 'License preview' window appears. Check that the license details are correct then click the 'Finish' button to finalize the process. 230

3.15.5.2 How to Purchase a New License As an alternative to using the License Upgrade Wizard, administrators can purchase a new license direct from the Comodo website: 1. 2.

231 How to Purchase a New License As an alternative to using the License Upgrade Wizard, administrators can purchase a new license direct from the Comodo website: Open your web browser at Click 'Log in' (if you are an existing Comodo account holder) Click 'Register' (if you do not yet have a Comodo account) Existing users: Log into your account and switch to the 'My Account' tab. From the list of available products select 'Endpoint Security Manager' from the list of available products. New users: Select 'Sign Up to Endpoint Security Manager Service' from the list of available products. 231

Period' column. 'Yearly $ per endpoint' is calculated with a sliding scale of discounts based on the number of users and the license period duration.

232 3. This will open the CESM order form (this form can also be accessed directly at: License Configuration. First choose whether you want an Enterprise License or Trial License: Enterprise customers should specify the number of endpoints in the 'Users' column and the duration of the license in the 'License Period' column. 'Yearly $ per endpoint' is calculated with a sliding scale of discounts based on the number of users and the license period duration. You receive a lower per endpoint price both for increasing the number of endpoints covered and/or for increasing the duration of the license. 'Total' price is displayed in the right hand column and is calculated as #users * Yearly $ Per Endpoint * License Period Account Creation / Log into your account. Next. select whether you are an existing Comodo Account holder. 232

233 Existing Comodo account holders should select 'Yes - I am an existing customer' and enter their Comodo username and password. This will ensure the CESM purchase is correctly associated with your account. If you select this option then some fields become grayed out as we already have those details on file. Forgotten your password? Please visit: If you do not have a Comodo account yet then select 'No'. You should now create a unique username and password and fill out your contact details so that we can create an account for you. Mandatory fields are marked *. Billing details Next, specify your payment preferences: 233

234 We accept Paypal and all major credit cards. Please take care to fill out the card name exactly as it appears on your credit card. If you wish your billing details to be the same as the contact details you supplied earlier then select the checkbox 'The same as contact information'. All details submitted using this form will be securely transmitted over a 128/256 bit encrypted SSL connection. Communication Options, License Agreement and Finalization. 234

Communication Options. Enabling this option will place you on the Comodo communications mailing list - a great way to keep abreast of the latest news, special offers and upgrades Terms and Conditions.

235 Communication Options. Enabling this option will place you on the Comodo communications mailing list - a great way to keep abreast of the latest news, special offers and upgrades Terms and Conditions. Please read the End User License and Subscriber Agreement. You must select 'I accept the Terms and Conditions' in order to submit your order Sign Up. Once you have filled out the form to your satisfaction and have accepted the TOC, click the 'Sign Up' button to submit the form If the order was successful, you will receive an containing: (i) A link to download your license file (ii) A CESM activation code. You should download the license then save it to a secure location on your local drive. Once done, start the 'License Upgrade Wizard' to load and activate your new license Purchasing Additional Licenses In order to extend the number of managed endpoints, the administrator can purchase and activate additional licenses as explained above. On activating the additional licenses they will be merged to the existing licenses and the number of computers that can be managed will be increased to number of computers allowed by the existing license + number of computers allowed by the new license. If the existing license expires, the additional licenses are valid for their full term and the administrator can manage the computers allowed by the new/active license. 235

236 4 Workstation / Workgroup Management 4.1 Managing Computer tree items Right-clicking on any computer or Workgroup in the Computer or Group Manager Windows will open a context sensitive menu that allows the administrator to directly manage that item: Context Management Menu - Table of Parameters Action's name Control Description Manage - Assigns 'Managed' Status to the selected item Unmanage - Removes 'Managed' status from the selected item Enable Warranty - Sets the status of the computer as 'Warranted' Disable Warranty - Removes the 'Warranted' status of the computer Install Agent - Will initiate the CESM Remote Agent installation procedure on the selected item Uninstall Agent - Will initiate the CESM Remote Agent uninstallation procedure on the selected item Update Agent - Will initiate the CESM Remote Agent update procedure on the selected item, enabling to update to the latest version of Agent. Uninstall Agent - Will initiate the CESM Remote Agent uninstallation procedure on the selected item Show Hidden computers can be made visible at Computers' panel again by clicking the 'Show all' button. Hide Hides the selected item so that it is not displayed in the tree. This is handy, for example, should an administrator wish to hide unmanaged computers and only view 236

Action's name Description 'Managed' computers. Note: Computers can not be deleted from the tree, but in case they are not needed at the moment - they can be hidden.

237 Action's name Description 'Managed' computers. Note: Computers can not be deleted from the tree, but in case they are not needed at the moment - they can be hidden. Open Discovered data Allows the administrator to view 'discovered' data about the selected item. Discovered data is fetched by running a task that includes a CESM 'Discovery Profile' on the item. Available Discovery Profiles include: OS version, Windows service list, Installed product list and Comodo Internet Security Configuration (CIS Config), Comodo Disk Encryption Configuration (CDE Config), Comodo Firewall Pro Configuration (CFP Config) and more. For an general understanding of Discovery Profiles, see The Discovery Profiles Window. For a table listing all the types of data that can be discovered, see the Table of Discovery Profiles. Click here to learn how to use the Discovery Profiles Window and learn more about each profile type. Click here to view an example of how the 'CIS Config' Discovery Profile could be used. Power Control Allows the Administrator to remotely execute the following power tasks on target endpoints: Shut down - Shuts down the selected workstation; Restart - Restarts the selected workstation; Stand by -Drives the selected workstation to stand-by state; Hibernate - Hibernates the selected workstation. Note: This option is available only for managed workstations in which Remote Agent is installed and connected to the CESM console. Send Message... Allows the Administrator to send a text message to the user(s) of the selected workstation, unit or group. On clicking the Send Message... option, a Send Message dialog will appear. Note: This option is available only for managed workstations in which Remote Agent is installed and connected to the CESM console. The message will be displayed at the endpoint only if the user has logged in to it. Command Prompt... Allows the Administrator to open the Command Prompt window of the selected workstation. The Administrator can execute the Command Line Controls instantly and directly on the managed workstation from the CESM console. Note: This option is available only for managed workstations in which Remote Agent is installed and connected to the CESM console. 237

238 Action's name Remote desktop connection Description Allows the Administrator to directly connect to the desktop of a target endpoint through Remote Desktop connection. Note: The target endpoint computer should have the Remote Desktop access enabled on it. Also the Administrator needs to enter the login credentials for the machine to gain access. Tip: The Remote Desktop access can be enabled by clicking Start > Control Panel > System > System Properties > Remote tab and selecting the checkbox 'Allow users to connect remotely to this computer' at the target endpoint. Install Allows the administrator to install a Comodo (or 3rd party) package (.msi or.exe) onto the target computers or group of computers For example, this option can be used to install the Comodo Internet Security or Comodo Disk Encryption packages. For more details on how to install the applications from the right click options see the section The Computers and Group Manager Windows > Context Sensitive Menu Installing Applications. Note: This option is available only for managed workstations in which Remote Agent is installed and connected to the CESM console. Internet Security Allows the Administrators to run an on-demand Antivirus scan on the endpoint, view Antivirus, Firewall and and Defense + logs, to configure Comodo Internet Security, update antivirus database and to set a local mode password for the endpoint instantly. See the section The 'Computers' and 'Group Manager' Windows > Context Sensitive Menu - Internet Security for more details. Note: This option is available only for managed workstations in which Remote Agent is installed and connected to the CESM console. Create Task Opens the New Task dialog with the selected workstation, unit or group preselected. Show notifications Opens the Notification Monitor window and displays a list of the notifications generated for the selected endpoint. Show requests Opens the Request Monitor window and displays a list of the requests generated by the CESM controlled Comodo applications such as Comodo Internet Security, from the selected endpoint. Properties Opens the 'Properties' dialog for the selected object and allows the Administrator to view details for the selected object such as Name, Guid, Sid, Creation date, Date of last modification, DNS (for workstations only), Status (for workstations only), and view and manage discovered data such as Windows Services, Installed Products, currently running Windows processes, created Windows Restore Points and Power Options. See the section The 'Computers' and 'Group Manager' Windows > Context Sensitive Menu - Properties for more details. Most of the actions in the table above are also available for tree nodes, which means that the Action will be applied to every computer in the branch below. The number of simultaneously managed computers is limited by CESM License. Use the 'Expand all' 4.2 and 'Collapse all' buttons to make exploring the Computers tree even more convenient. Managing groups of computers If you need to perform any actions on a set of workstations, especially if you need this set more than once - the best way is to create a group. Note: If a group of computers is changed it will be reflected in existing tasks scheduled for this group. 238

239 4.2.1 Creating groups You can create your own groups of desired computers and assign them as a target for: Execution of tasks Setting status of computers to managed Installation of CESM Agent. To create new group: i. Switch to the Group Manager tab. ii. Right-click anywhere in the groups pane to open the context sensitive actions menu iii. iv. Select 'Add...'. This will open the 'New Group' dialog box. Fill out the form that appears, specifying the new group's name and description: v. To begin adding computers to this new group, click the green 'Add Computer' symbol: 239

vi. Check off those workstations, controllers, domains and/or Workgroups you want to combine in this group then click the 'Add' button to the right.

240 vi. Check off those workstations, controllers, domains and/or Workgroups you want to combine in this group then click the 'Add' button to the right. The list of computers you selected as members of this group will be displayed in the list of group members: vii. Next, click the 'Save' button or select one of the following Save options: Tip: The 'Save' button has smart saving ability. Administrators that are familiar with the Administrative Console can select 'Save, Create Task, Close' to immediately begin the Task creation process with this Group preselected as the target. 240

241 viii. This new group appears in the Group Manager pane. It can now be referenced as the target of new tasks when creating or editing new tasks. 4.3 Preparing Imported Computers For Remote Management In order to manage remote computers from the CESM Administrative Console, each computer must be assigned 'Managed' status and have the CESM Remote Agent Installed upon it. A CESM 'Managed' computer means that Central Service can send and receive data to and from the CESM Agent installed on it Assigning Managed Status to Imported Computers Once imported, assigning Managed status to a computer, Domain, Workgroup or user-defined CESM Group of computers is simply a case of right-clicking on the item you wish to manage and selecting 'Control > Manage': 241

Assigning 'Managed' status to a machine will change the color of the icon representing that machine from Grey to Light Blue: Entire Domains / Workgroups or user-defined groups of computers can be

Similarly, Managed items can be stripped of their status by right clicking on the item(s) and selecting 'Unmanage' It is only possible to manage as many computers as are specified by your license

242 Assigning 'Managed' status to a machine will change the color of the icon representing that machine from Grey to Light Blue: Entire Domains / Workgroups or user-defined groups of computers can be assigned 'Managed' status by selecting the name of the domain or Workgroup at the top of the tree, right-clicking and selecting 'Manage'. Similarly, Managed items can be stripped of their status by right clicking on the item(s) and selecting 'Unmanage' It is only possible to manage as many computers as are specified by your license agreement. CESM will warn and prevent you if you attempt to manage more items than are permitted by your license. Important: After assigning 'Managed' status to a computer, Administrators still need to ensure that they have installed the Comodo Remote Agent on that computer to establish control of the item. See Installing Remote Agents for more 242

243 details Installing CESM Remote Agent Installing the CESM remote agent is the second step towards managing a remote computer using the Administrator interface (the first being to designate that computer as a Managed Computer). The CESM Agent component must be installed on every remote computer that you wish to manage. This section describes how to install the agents onto managed PC's directly from the Administrator interface. The Remote Agent can be installed in two ways: Through the CESM Console; Manually on the managed computer; Updating CESM Remote Agents Installation through CESM Console You must also remember, that having Central Service installed on Windows 2008 server and Remote Agent - on Windows XP, means you need to change the default Local Security Policies for Windows XP to establish connection to a target workstation. If your organization has Group Security Policies that override Local Policies, then you should modify the Group Policies instead. This can be done by selecting: Start -> Control Panel -> Administrative Tools -> Local Security Policy -> Local Policies -> Security Options. Change 'Network security; LAN Manager authentication level' to suit to your network environment, for example: 'Send LM & NTLM - use NTLMv2 session security if negotiated'. 243

Another Reminder: CESM Remote Agent should only be installed only on computers that have been successfully designated as a 'Managed Computer' in the CESM Administrative Console.

244 Another Reminder: CESM Remote Agent should only be installed only on computers that have been successfully designated as a 'Managed Computer' in the CESM Administrative Console. If you haven't done so already, you first need to assign 'Managed' status to the computer(s) you wish to control. For more details, please refer to the section Assigning Managed Status to Imported Computers. To install the CESM Remote Agent on a Managed computer: i. ii. iii. iv. Open the CESM Administrative Console. Right-click on the Managed Computer (or group) that you wish to install the agent on From the context sensitive menu, select Control > Install Agent. The Agent Wizard will start with the target computer(s) preselected in the computer tree. If you want to install the agent to other computers, domains or the workgroups in addition to the target computer, check the boxes next to them. A computer with a blue icon is managed but does not have the agent installed (so is therefore not connected to the central service yet). The icon will turn green once the agent is installed and the connection is made. Unmanaged computers have a black icon. You will need to first assign managed status to these computers before you can install the agent (Right click on target computer > Control > Manage). Click 'Next' once you have selected your target machines. 244

245 v. Next, you need to provide administrator login credentials for the target machine vi. Enter the local administrator login name and password for the target Managed Computer (use the format in the 'user' field for computers imported with Active Directory). For successful installation of the Agent, the user (whose user name and password was entered in the dialog shown above) should have administrator privileges on the remote Managed computer. Each Agent is bound to the Central Service that executed its installation. It is not possible to manage computers through Agents that were installed by another instance of CESM Central Service. Click 'Next' to login to the local machine and proceed to the next step of the wizard. vii. After successfully logging in to the target machine, CESM will make an initial check for agent installation status. If there is no agent installed then you will see a 'Ready to Install' status message: 245

246 - Select the check-boxes next to the computers you wish to install the agent on and click 'Next' to move to the installation dialog. - Click 'Previous' if you wish to review your steps so far. - Click 'Cancel' if you do not wish to install at this time. viii. At the install dialog box you have another chance to select or deselect which computers you wish to install the agent on. Once you have confirmed your choice, click the install button (highlighted) to begin the installation process. If the installation is successful, you will see the following confirmation message: The wizard is now complete. Click 'Finish to return to the main console interface. After the CESM Agent has been installed onto the target machine(s), the Agent will attempt to establish connectivity with the CESM Central Service. If the connection attempt is successful then the color of the icon representing those machines will change from Blue (Managed but not connected to Central Service) to Green (Managed and successfully connected to CESM 246

247 Central Service). Managed. Agent not installed or not connected Managed. Agent installed and connected If you want to start installing Comodo products on the endpoint immediately, leave the check box 'Run products installation wizard' checked and click 'Finish' If you wish to Installation Wizard at a later time, deselect 'Run products installation wizard' and click 'Finish'. Click here for more details on the Products Installation Wizard Manual Installation of a Remote Agent The folder containing the Remote Agent installation files can be exported to the location of the Administrators choice by clicking the 'Export Agent Installation Files' button in the task bar of the Computers window. The folder can be transferred onto media such as DVD, CD, USB memory so that the agent can be installed manually onto target machines rather than via the CESM interface. A single copy of the installation files can be used to install the agent on any number of target machines. Note: The target should have been assigned 'Managed' status before installing the Remote Agent Updating CESM Remote Agents If you are upgrading to CESM version 1.6 from a previous version then the Remote Agents installed on the endpoint computers are also need to be updated. To update the Remote Agent on an endpoint computer, simply select the computer from the Computer(s) Window, right click and select 'Update Agent' from the context sensitive menu. 247

248 4.3.3 Uninstalling CESM Remote Agents CESM Agents can be uninstalled by right clicking on the computer (or group of computers) and selecting 'Control > Uninstall Agent' : A confirmation dialog will be displayed. 248

Uninstalling the Agent from a computer will mean Comodo products installed on that computer will no longer be manageable from the CESM Administrative Console - even if the computer retains it's

249 Uninstalling the Agent from a computer will mean Comodo products installed on that computer will no longer be manageable from the CESM Administrative Console - even if the computer retains it's 'Managed' status. All tasks scheduled to that computer will also fail. The CESM Administrator Console will, however, continue to attempt to run any tasks scheduled to that computer until such time as those tasks are deactivated. 5 Managing Computers Using the CESM Administrative Console This section takes the form of a tutorial explaining how an administrator can install then monitor installations of Comodo Internet Security on networked computers. The step-by-step walk-through is intentionally high level and is intended as a complement to the more detail explanations provided in the Administrative Console section. Installation and Management of Comodo Internet Security using CESM Prerequisites; Step 1. Run a set of Discovery Profiles on the Managed Computers; Step 2. Upload the Comodo Internet Security Installation Package to the CESM Console; Step 3. Create a Sequence of Actions to install the Comodo Internet Security Package on Managed computers; Step 4. Add the Sequence to a Task and execute that Task on Managed Computers; Step 5. Managing Requests (Alerts) from Comodo Internet Security on Managed Computers. Note: This tutorial can be used equally to explain the installation of any package. For example, if you needed to install Comodo Disk Encryption (CDE), simply replace the package uploaded in step 2 with the CDE package and rename the Sequence and Tasks appropriately. 5.1 Prerequisites The Central Service and the Administrative Console have been installed. (See Installing Comodo Endpoint Security Manager for more details). If the administrator intends to manage more than the 5 machines allowed under the trial license, that a license that permits the management of the number of machines required by the administrator has been purchased and loaded. (For more details, see 'The CESM License Loader', 'How to purchase a New License', and 'How to Load a New License' sections.) The Network structure has been imported. (See Importing Network Structure for more details). To imported computers has been assigned status 'Managed'. (See Assigning Managed Status to Imported Computers for more details). The remote Agent on target workstations has been installed. (See Installing CESM Remote Agent for more details). All target computers have been powered on. Any versions of Comodo products, that were not designed to be managed by Comodo Endpoint Security Manager have been manually uninstalled from target machines. (This includes the.exe versions available for download from, 249

for example, http://www.personalfirewall.comodo.com). CESM is designed to manage Comodo products that have been installed using a.msi installer. Note: Since CESM version 1.

250 for example, CESM is designed to manage Comodo products that have been installed using a.msi installer. Note: Since CESM version 1.4, alternatives to the procedures shown in this page are available. These alternatives are noted inline where applicable. However, here is a list of those alternatives in full: 1. The data available using Discovery Profiles can now be retrieved by simply right-clicking on the target machine and selecting 'Properties' 2. New packages can be uploaded by clicking on the 'New Installation Package' wizard on the Start page. 3. New Sequences can be created by clicking on the 'New Task' wizard on the Start page. 4. New Tasks can be created by clicking on the 'New Task' wizard on the Start page. 5. The uploaded packages like CIS and CDE can be installed by right clicking on the target computer from the Computers Window and Selecting Install... from the context sensitive menu. Click here for more details. 5.2 Step 1. Run a set of Discovery Profiles on the Managed Computers While not essential to the deployment of Comodo Internet Security, running a Discovery Profile Sequence on imported, Managed computers will provide administrators with very important configuration information about the computers they are about to manage using CESM. For a full description of Discovery Profiles, see section The Discovery Profiles Window. Note: Since CESM version 1.4, much of the data available using Discovery Profiles can now be done by simply right-clicking on the target machine and selecting 'Properties'. To run a set of Discovery Profiles: Open the 'Sequence Manager' window by selecting ' View > Sequence Manager' Click the 'Add New Sequence' Icon (highlighted below) This will open the 'Add New Sequence' dialog. At this stage, you should create an appropriate Name and Description for the sequence you are about to create. In the example shown below, we have chosen to name the Sequence 'Discover Profiles'. 250

..) at the Discovery Parameter panel on the right (as shown below).

251 Next, choose the type of Discovery Profile. (The red exclamation mark indicates that you cannot save this Sequence until a 'Discovery Parameter' has been chosen.) Select a Discovery Profile type from the drop-down list by clicking the ellipsis button (...) at the Discovery Parameter panel on the right (as shown below). The 'Windows Service list' Discovery Data Action has now been added to the Sequence. Repeat this procedure for the other four main types of Discovery Profile Note: You can specify all types of profiles. This depends on kind of information you wish to discover. 251

The completed Sequence containing five Discover Data Actions should look similar to the graphic below: Click 'Save': Next we need to add this Sequence to a Task that will

252 The completed Sequence containing five Discover Data Actions should look similar to the graphic below: Click 'Save': Next we need to add this Sequence to a Task that will execute the Discovery Profile Actions on the Target Computers. Open the 'Task Manager' tab by selecting 'View > Task Manager'. Click the 'Add New Task' Icon (highlighted below). 252

This will open the 'Add New Task' dialog (shown below).

This will open the 'Choose Sequence' dialog.

253 This will open the 'Add New Task' dialog (shown below). At this stage, you should create an appropriate Name and (optional) Description for the Task you are about to create. Next, click the browsing a sequence button to the right of the 'Sequence' field (highlighted above). This will open the 'Choose Sequence' dialog. Choose the 'Discover Profiles' Sequence you created earlier and click 'OK': This will return you to the 'New Task' dialog where the name of the Sequence will now be displayed in the 'Sequence' field: Select the target Managed workstations, controllers, domains and/or Workgroups you want to discover data for. 253

Open the 'Task Result Manager' ( History > Task Results) to check whether the Task executed successfully or not.

254 Click the 'Save' button to confirm and save the new Task. Open the 'Task Manager' window (View > Task Manger ). Select the task you have just created and click the 'Execute' icon as shown below: This will execute the Task on the target computers. Open the 'Task Result Manager' ( History > Task Results) to check whether the Task executed successfully or not. More details on the Task Result window can be found in section The Task Result Manager Window. To view the discovered data about the target machines you need to open the 'Discovery Profiles' window ( View > Discovery Profiles). The Discovery Profiles window lists the four types of profile. Clicking any of the profiles will open a list of computers upon which that profile has been run. The graphic below shows a typical 'Windows Services' list: To the right of this list of computers is the results panel for the selected machine. Clicking the ellipsis button (... ) on the right hand side of this panel will display those details. In the case of the 'Windows Service list' profile shown above, it will display the Name, Version, Publisher, Date (of installation) and Location of all Comodo and 3 rd party Packages present on the machine at the time the Action was run. Similarly, the OS Version profile will inform the administrator of the exact version of Windows that is running on the target computer. For more details on the functionality, operation and uses of Discovery Profiles, see section The Discovery Profiles Window. 254

255 5.3 Step 2. Upload the Comodo Internet Security Installation Package to the CESM Console Note: Since CESM version 1.4, new packages can be uploaded by clicking on the 'New Installation Package' wizard on the Start page. The next step is to upload the Comodo Internet Security installation.msi package to the CESM Administrative console so that it can be installed on target computers. Switch to the 'Package Manager' window ( View > Package Manager ) and click the 'Create a new package' icon. This will open the 'Add New Package' dialog (shown below). At this stage, you should create an appropriate Name and (optional) Description for the Package you are about to upload. Next, click the ellipsis button to the right of the 'MSI File:' field (highlighted above). This will open the standard Windows file browser: 255

This will return you to the 'New Package' dialog where the filename of the.

256 Browse to the local or network location to which you have saved Comodo.msi files. Select the appropriate file and click 'OK'. This will return you to the 'New Package' dialog where the filename of the.msi file will now be displayed in the 'MSI File:' field. Click the 'Save' button to confirm and save your new package: The newly created Package will be listed alongside any other packages in the 'Package Manager' window: 256

257 Once the Package' has been created, it can be specified as the Parameter of an 'Install package' Action or an 'Uninstall package' Action in a Sequence (see Step 3, below). For more details on the Package Manager, see section The Package Management Window. 5.4 Step 3. Create a Sequence of Actions to install the Comodo Internet Security Package on Managed computers Note: Since CESM version 1.4, the creation of a new Sequence can be initiated by clicking on the 'New Task' wizard on the Start page. Open the 'Sequence Manager' window ( View > Sequence Manager) Click the 'Add New Sequence' Icon This will open the 'Add New Sequence' dialog. At this stage, you should create an appropriate Name and (optional) Description for the Sequence you are about to create (for example, 'Install CIS'). Click the 'Add New Item' icon and select the Actions - 'Install package'. Click 'Add'. You now need to specify the parameters of this Actions from the panel to the right. 'Install package' - select the CIS.msi package you have uploaded: Click 'Save'. This Sequence of Actions can now be added to a Task to be deployed on the target machines (In fact it can be re-used in as many Tasks as required). Note: Administrators have the option to install just the Antivirus or just the Firewall components. See 'Note on 'partial' installation options for Comodo Internet Security' for more details. 257

258 5.5 Step 4. Add the Sequence to a Task and execute that Task on Managed Computers Note: Since CESM version 1.4, the creation of a new Task can be initiated by clicking on the 'New Task' wizard on the Start page. Open the 'Task Manager' window ( View > Task Manager) Click the 'Add New Task' Icon This will open the 'Add New Task' dialog. At this stage, you should create an appropriate Name and (optional) Description for the Task you are about to create. Next, add the Sequence (of Actions) that you created in step 3 to this new Task. To select the Sequence you just created, click the ellipsis button (...) at the end of the 'Sequence' field. Select the desired target computers in the 'Targets' field editor and save the Task. ( Alternatively, select a predefined CESM 'Group' of computers as the target of the Task.) You can execute the Task: Immediately by selecting 'Save and Execute' Manually at any time in the future by first saving then selecting the Task in the 'Task Manager' window then clicking the 'Execute' icon At a scheduled time by configuring your preferences using the 'Schedule' tab The progress (success or failure) of the Task can be checked using by viewing the Task Result Manager Window. Administrators must now specify and deploy a Comodo Internet Security settings configuration to by running a ' CIS Set - Config' Action on those computers. Alternatively, a Comodo predefined configuration can be rolled out by selecting the Action 'CIS - Set Predefined Config'. The installed software is not active/operational until one of these two Actions has been deployed. For a full explanation the above, see the 'Install Package' row of Sequence Manager Actions and the 'Important Note' in the same section. For more details on how to roll out a sequence, see section Example: Using 'CIS Config' Discovery Profile to roll out an existing CIS configuration onto other machines. For more details on the 'CIS - Set Config / Set Predefined Config' Actions, see the section Table of Actions - Definitions and Usage. If required, the administrator can also setup a local update server in the network to download AV database updates and binaries. CIS installations on managed computers can then be configured to download the updates from this local server. For more details see the section Appendix 1 Setting up a Local Update Server. More details about Tasks can be found in the section 'Task Manager' Window. 258

259 5.6 Step 5. Managing Requests (Alerts) from Comodo Internet Security on Managed Computers Comodo Internet Security is designed to protect computers from internal and external threats by combining a powerful packet filtering firewall, a host intrusion prevention system and strong antivirus protection. All these components will generate alerts on the target PC whenever software attempts to perform an action that is not permitted by the firewalls configuration settings. Comodo Endpoint Security Manager is designed to allow administrators to centrally manage these alerts using the 'Request Monitor'. Instead of the end user seeing the alerts, they are relayed to the CESM Administrative Console as 'Requests'. From here the administrator can allow or block the Request or respond with a product specific answer. If multiple computers generate the same request then the administrator has the option of applying his response to all those machines in a single action. This feature, in combination with the ability to quickly specify and roll out a secure firewall configuration policy across an entire distributed network, makes CESM one of the most powerful endpoint security management tools available. To view and react to requests from Managed Computers, first open the 'Request Monitor' by selecting 'File > Request Monitor'. The Request Monitor will display a list of all Requests generated by the computers upon which Comodo Internet Security has been installed. Having selected a particular Request, the administrator can provide his Response either from the pane to the left or by right-clicking and selecting a Response from the context sensitive menu. Alternatively, the administrator can group-select multiple Requests and issue the same response to all selected computers at once. Full details on using the Request Monitor can be found in section The Request Monitor. 6 FAQs 1. What is Endpoint Security Manager? 2. What method of payment can I use to purchase Endpoint Security Manager? 3. Is there a minimum or maximum amount of PCs a business must have to use Endpoint Security Manager? 4. What are the system requirements for Endpoint Security Manager? 5. Can Endpoint Security Manager be used on MAC and Linux OS? 6. Can Endpoint Security Manager be installed on Windows Server 2003/2008? 7. What support is provided for Endpoint Security Manager? 8. How do you set security policies and push them to different groups & globally? 9. Can you manage and monitor remote locations with Endpoint Security Manager? 10. How do you create groups of imported computers in Comodo Endpoint Security Manager? 11. How do you schedule events, such as virus scans at a certain time? 12. Is there a single management console for servers and clients? 13. Can you enable and disable Firewall/Anti-virus/Disk Encryption? 14. Can I view quarantine logs and take action on files within the quarantine that I may want to keep? 15. How is information integrated or pulled from Active Directory? 16. Will support help in removing old anti-virus client and deploying new client? 259

260 17. Can management server be run from a virtual server (VMWare)? 18. Can you manage the console through a web interface? 19. Does the CESM console deploy silently to client computers? 20. Can I execute tasks on the endpoints with no user logged in? 21. Are client computers automatically retrieved from Active Directory? 22. Can I add applications that I approve of to the Whitelist? 23. How are updates received and how are they pushed out? 24. How does Comodo Endpoint Security Manager differ from the competitors' endpoint solution? 25. When a new version of Endpoint Security Manager is released, how will I upgrade? 26. What languages is CESM available in? 1. What is Comodo Endpoint Security Manager? Comodo Endpoint Security Manager provides centralized management of Comodo's endpoint security software such as Comodo Internet Security and Comodo Disk Encryption for all networked PCs. With Endpoint Security Manager system administrators can centrally manage endpoint security policies and updates from a single console. Back to FAQ list 2. What method of payment can I use to purchase Endpoint Security Manager? Visa, Mastercard, American Express, Discover, Paypal and through a Purchase Order, PO, Wire, Money Order. Back to FAQ list 3. Is there a minimum or maximum amount of PCs a business must have to use Endpoint Security Manager? There is no minimum amount of PCs a business must have to use Endpoint Security Manager. Endpoint Security Manager can be used for any network environment; ESM has been tested to scale seamlessly up to 10,000 PCs and could scale up higher if needed. Back to FAQ list 4. What are the system requirements for Endpoint Security Manager? The system requirements for Endpoint Security Manager are: Central Service 32 Bit Processor: 1 GHz Intel Pentium III or equivalent Memory: 1 GB RAM minimum (2-4 recommended) Hard Disk: 4 GB (This incorporates the space required for the SQL server) Operating Systems: Windows Server 2008, Windows Server 2003 Additional Software: Microsoft.NET Framework 2.0, Microsoft SQL Server 2005 Express SP2 64 Bit Processor: 1 GHz Intel Pentium IV 64 bit processor or equivalent Memory: 1 GB RAM minimum (2-4 recommended) Hard Disk: 4 GB (This incorporates the space required for the SQL server Operating Systems: Windows Server 2008 x64, Windows Server 2003 x64 Additional Software: Microsoft.NET Framework 2.0, Microsoft SQL Server 2005 Express SP2 Endpoint Machines 32 Bit 260

261 Processor: 1 GHz Intel Pentium III or equivalent Memory: 64 MB RAM Operating Systems: Windows Server 2008, Windows Server 2003, Windows XP SP2, Windows Vista SP1, Windows 7 64 Bit Processor: 1 GHz Intel Pentium IV 64 bit processor or equivalent Memory: 64 MB RAM Operating Systems: Windows Server 2008 x64, Windows Server 2003 x64, Windows XP SP2 x64, Windows Vista SP1 x64, Windows 7 x64 For a comprehensive list of requirements, see 'System Installation Requirements'. Back to FAQ list 5. Can Endpoint Security Manager be used on MAC and Linux OS? No, we currently do not support MAC or Linux, but are looking to do so in the future. The operating systems we do support are: Windows XP Windows Vista Windows 7 Windows Server 2003 Windows Server 2008 Back to FAQ list 6. Can Endpoint Security Manager be installed on Windows Server 2003/2008? Yes. Click here to see full system requirements Back to FAQ list 7. What support is provided for Endpoint Security Manager? Comodo provides 24/7 livepcsupport for Comodo Endpoint Security Manager. Phone support is also available 24/7 at the following numbers: USA: International: Issues can also be submitted through our ticketing system at Back to FAQ list 8. How do you set sec+urity policies and push them to different groups & globally? Security polices are set by creating a Sequence which includes the 'CIS Set Config' action. This action should then be added to a task which is roll outed out to the target machines or groups of machines. Policies can also be set on a per machine while answering requests from CIS. Back to FAQ list 9. Can you manage and monitor remote locations with Endpoint Security Manager? Yes. We support IP based import so, if the remote PCs have a static IP address, it is possible to import them in CESM and manage them in the same manner as a local machine. Back to FAQ list 10.How do you create groups of imported computers in Comodo Endpoint Security Manager? Open the 'Group Manager' window by clicking 'View > Group Manager' The group manager pane will be displayed on the left hand side of the interface. 261

262 + Click the ' Add..' button at the top left of the group manager pane to open the 'New Group' configuration panel. This panel can alternatively be opened by clicking the 'New Computers Group' shortcut on the 'Start' page From here you can select which computers you want in your new group by clicking the Add' dropdown. Assign a name and description to the new group and click 'Save'. This group can now be selected as the target of any tasks you create. For a detailed explanation of the Group Manager, see 'The 'Group Manager' Window - Functionality and Purpose'. '+ Back to FAQ list 11.How do you schedule events, such as virus scans at a certain time? Any task can be scheduled using the internal scheduler. The task can be configured via Schedule button inside Task window. Back to FAQ list 12. Is there a single management console for servers and clients? Yes, but several consoles could be connected to one server by network. Back to FAQ list 13.Can you enable and disable Firewall/Anti-virus/Disk Encryption? Components of CIS such as Firewall and Antivirus could be changed only during installation stage via parameterization of installation sequence. Disk Encryption can be installed or uninstalled. Back to FAQ list 14.Can I view quarantine logs and take action on files within the quarantine that I may want to keep? Yes. The following steps are necessary: Create a Sequence with Action Discover data with parameters CIS Quarantined Items. Next a corresponding task with this sequence should be created an executed. Finally you need to right click on computer in computers window and select Open discovered data menu item. Select CIS Quarantined items in the opened list, click button. From that place it is possible to delete and restore quarantined items via CESM tasks. Back to FAQ list 15.How is information integrated or pulled from Active Directory? Information is integrated/pulled from Active Directory by importing computers from Active Directory to Endpoint Security Manager, which is accessible via the icon in computers tree window. Future releases will include a wizard to help with integrating/pulling from Active Directory. Back to FAQ list 16.Will support help in removing old anti-virus client and deploying new client? Of course - please contact your account manager to schedule assistance in this area. Back to FAQ list 17.Can management server be run from a virtual server (VMWare)? Yes. CESM has passed compatibility testing with: VMWare Server 1.0 and 2.0 VMWorkstation 5.0 Microsoft Hyper - V Back to FAQ list 18.Can you manage the console through a web interface? Not currently. It will be available in future updates. 262

263 Back to FAQ list 19.Does the CESM console deploy silently to client computers? Yes. CESM pushes tasks out to endpoint machines in the background. Endpoint users will see no alerts or warnings and will not have their work flow disrupted. Back to FAQ list 20.Can I execute tasks on the endpoints with no user logged in? Yes. You can execute certain actions on an endpoint even if the user has not logged in to it. Refer to Appendix 3 Behavior of Actions When No User is Logged in for more details Back to FAQ list 21.Are client computers automatically retrieved from Active Directory? Yes - Active Directory computers are automatically discovered and imported into CESM using the 'Add Computers' wizard on the home page. To refresh or update the list of AD computers, admins should re-run this wizard, selecting 'Use Advanced Import Settings' then subsequently selecting 'Import Changed Computers only' and / or 'Update Organizational Units' Back to FAQ list 22.Can I add applications that I approve of to the Whitelist? Yes. Application whitelists are stored on each individual machine. Each machine's whitelist must, therefore be updated with any new applications. Depending on their requirements, administrators should deploy a Task that contains one of the following Actions: CIS - Set Safe Files List CIS - Append to Safe Files List CIS - Remove from Safe Files List Click here to learn how to create a Task and add Actions to it. Back to FAQ list 23.How are updates received and how are they pushed out? Updates for CIS are received to a local server via the Comodo Offline Updater; which downloads updates from the Comodo servers. To push out the updates, the local installations of CIS need to be configured to contact the local server. For a complete walkthrough of this process, see 'Appendix 1 - Setting up a local update server' Back to FAQ list 24.How does Comodo Endpoint Security Manager differ from the competitors' endpoint solution? Auto - Sandboxing. The latest version of CIS heralds a major leap forward in security and usability with the introduction of the new Sandbox feature - an isolated operating environment for untrusted applications. Under default settings, unknown executables are now automatically sandboxed so that they cannot make changes to other processes, programs or data on the endpoint. Key benefits include: Even higher levels of protection - Comodo have integrated sandboxing technology directly into the security architecture of CIS to complement and strengthen the existing Firewall, Defense+ and Antivirus layers. Less noise for CESM administrators - CIS 4.0 generates far fewer alerts with absolutely no loss in security. Administrators looking to get on with more productive tasks can 'set it and forget it' with confidence A smoother experience for endpoint users - automatically sandboxing untrusted applications has the dual benefit of allowing 'unknown but ultimately safe' programs to run as they normally would while completely isolating 'unknown and malicious' programs where they can do no damage. By uniquely deploying 'sandboxing as security', CIS 4.0 increases the overall protection enjoyed by corporate networks, lowers administrative burden without compromising security and eliminates disruption to the workflows of endpoint users. livepcsupport -Administrators initiate real-time support chats with Comodo support by clicking a single button on the Start page. LivePCsupport is an always-on link to a human support operative who can answer questions, provide 263

264 guidance and even remote desktop into network machines to help resolve any issues. The Comodo Warranty -If any endpoint machine becomes damaged as a result of malware and Comodo support services cannot return it to a working condition then we'll pay the costs of getting it repaired. See terms and conditions for full details. Available to USA residents only. Back to FAQ list 25.When a new version of Endpoint Security Manager is released, how will I upgrade? Here are the steps to upgrade: CESM Server upgrade I. Download CESM 1.6 MSI installation file and store it on your CESM server machine. II. Stop Comodo ESM Server service. III. Backup CESM database using any MSSQL RDBMS management tool such as Microsoft SQL Server Management Studio Express. Please note: default name of CESM database is CrmData. IV. Follow the upgrade instructions for your version number: Upgrading CESM version to CESM version 1.6 Upgrading CESM version 1.5 to CESM version 1.6 Upgrading CESM version 1.4 to CESM version 1.6 Upgrading CESM version 1.3 to CESM version 1.6 Back to FAQ list 26.What languages is CESM available in? The CESM Administrative console is currently available in English and Chinese. To view or change language, open the console and select 'View > Languages' then make your selection. Back to FAQ list 264

265 Appendix 1 - Setting Up a Local Update Server Administrators can configure a network server to download and provision updates to managed computers. The Comodo Offline Updater utility can be installed on a local server (including the CESM server) and configured to periodically download database (AV signatures updates) and software updates for CIS from (default). Once downloaded, this local server can then act as the CIS update server for some or all of the managed machines on the network. Setting up a local update server often allows an organization to save time and bandwidth when rolling out updates to a large number of managed nodes. This utility is designed to provision updates to installations of Comodo Internet Security (CIS) that are running under the control of Comodo EndPoint Security Manager (CESM). Comodo Internet Security is the only CESM controlled product that can be serviced by this updater. Future versions will include support for Comodo Disk Encryption. Administrators can install the update utility on any server but should note that this machine must be available at all times to the managed computers it is set to provision. (n.b. it may be most convenient to install the utility on the same machine as the CESM Service). The update utility can be freely installed on 'managed' and 'non-managed' machines alike. Installing on a 'non managed' machine does not count towards your number of CESM licenses. The utility has its own graphical user interface which must be configured on the local machine. It is possible to configure the update utility from the CESM console if the administrator makes a remote desktop connection to the target machine. The default installation path is drive:\program Files\COMODO\Offline Updater. Double click 'OfflineUpdater.UI.exe' to open the interface and begin configuration. The utility is currently available in English and Chinese (Simplified) languages. The Administrators can change the interface language according to their wish. It is possible to install the utility remotely on managed machines by creating a Task that contains the 'Install Package' action. The package is named 'OfflineUpdater.Setup.<version_number>.msi. This may be useful for pushing the application out to multiple servers when, for example, load balancing is required. CESM Administrators must change the 'CIS Update Host List' on each required CIS installation to point to the URL of the local update server. Doing so will mean that the individual installations of CIS will check for and download updates from the local server instead of from The individual installations of CIS can be instructed to use the local server by using the 'CIS - Set Update Host List' Action. This Action, like all other CESM Actions, can be implemented on all required machines at the same time by selecting them as Targets during the creation of the Task. If you would like to see an explanation of Actions and Sequences then please read the section 'The Sequence Manager Window'. Tutorials on installing the updater utility on your server, please refer to 'Installing Comodo Offline Updater Utility' section. The configuration of the utility is explained at the end of this section. Comodo Offline Updater Utility - Interface Basics The offline updater interface allows the administrator to: View download logs of database and software updates View request logs from managed computers Configure the working folder and start or stop the service Configure port, proxy and update refresh rate settings Specify synchronization settings such as the download URL and folder path that the local server will contact to collect CIS updates from The Offline Updater utility can be started from the Windows 'Start' menu. Click Start > All Programs > Comodo > Offline Updater > Comodo Offline Updater The Comodo Offline Updater main interface will be displayed. 265

Persistent Navigational Elements -The File Menu and Shortcut Toolbar The File and Shortcut Toolbar provide access to all functional areas of the updater's functionality.

266 Persistent Navigational Elements -The File Menu and Shortcut Toolbar The File and Shortcut Toolbar provide access to all functional areas of the updater's functionality. The File Menu can be accessed at all times and consists of four areas: File, Edit, View and Help. The Shortcut Toolbar, positioned directly below, provides fast and easy access to many of the functions contained in the 'File', 'View' and 'Edit' areas of the the file menu. The following table contains a brief summary of these areas: 266

267 File Menu Element Equivalent Shortcut Toolbar Icon Description File Contains program commands relating to start or stop the Comodo Offline Updater service and shutdown. Start Starts the offline updates service. Note: This button is disabled if the service is already running. Stop Stops the offline updates service. Note: This button is disabled if the service is already stopped and not running. Restart Restarts the currently running offline updates service. Updates Information None Opens the 'Updates information' dialog that displays a log of update events of CIS Antivirus bases and a log of update events of CIS binaries. Exit None Closes down the application. Edit Contains shortcuts to select and copy log entries, search for entries in the log and specifying configuration settings for the Comodo Offline Updater utility. Copy None Copies the selected text contents from the log window to the clipboard. The log entries can also be copied to the clipboard by right clicking on the selected entry or entries and selecting 'Copy' from the context sensitive menu. Select All None Selects all the text contents in the log window for copying to the clipboard. Find Language Opens the 'Find' dialog for searching through the log entries with specific search keywords. None Allows the administrator to change the language of the Comodo Offline Updater utility. Currently available languages are English and Chinese (Simplified). Language changes will be applied only after restarting the utility. Settings Opens the 'Configurations Settings' dialog for specifying the configuration settings for the Comodo Offline Updater utility. See Configuration Settings for more details. Logs Contains shortcuts that open up the Download and Request Log windows. Clear Clears the current Logs. Save None Refresh Saves the current logs as.txt file. Updates the entire list of entries in the displayed log window so that the list incorporates the latest entries. Download Log None Opens the Download Log Window. The Download Log window can also be opened by clicking the 'Download Log' tab above the Log window. Request Log None Opens the Request Log Window. The Request Log window can also be opened by clicking the 'Request Log' tab above the Log window. Help About Contains shortcut that opens the 'About' dialog. None Opens the About dialog that displays the version number and copyright information of the Comodo Offline Updater utility. 267

Overview of Download Log and Request Log Windows 'Download Log' Window The Download Log window displays a list of status messages concerning the initiation, progress and success or failure of all

268 Overview of Download Log and Request Log Windows 'Download Log' Window The Download Log window displays a list of status messages concerning the initiation, progress and success or failure of all download activities (both binary and database downloads) alongside the time the message was generated. It can be viewed by clicking the 'Download Logs' tab or clicking View > Download Logs. 'Request Log' Window The Request Log window displays a list of download requests made by managed installations to the local update server. Information displayed includes the IP and Port number of the originating request, the location of the file that was requested; the time of the request and the agent that made the request (the 'agent' is usually the endpoint product such as Comodo Internet Security). The 'Request Log' window can be viewed by clicking the 'Request Logs' tab or clicking 'View > Request Logs'. 268

Download Logs and Request Logs Windows - Table of Columns, Controls and Icons Item Name Type Description Icon Log entries that are classified as 'Messages' typically inform the administrator of the

269 Download Logs and Request Logs Windows - Table of Columns, Controls and Icons Item Name Type Description Icon Log entries that are classified as 'Messages' typically inform the administrator of the successful completion of the events. For example - a notification that a download has been successfully completed or that a request has been received. Icon Log entries that are classified as 'Warnings' alert the administrator to potential network issues that may impair the activity, for example a download event or provisioning the update files for a received request from a managed computer. Icon Log entries that are classified as 'Errors' inform the administrator of the failure of the event. Description Column header A text description of the specific log entry. For example - a notification that a download has been successfully completed or that a request has been received. Time Column header Shows the time and date that the event was executed. For example the date and time at which the updates were downloaded or the date and time at which a request was received from a managed computer. Source Column header The IP address and port number of the managed computer from which the request originated. User Agent Column header Displays the name of the service responsible for generating the request. In almost all cases this will be the installed product on the end point machine (for example, Comodo Internet Security) Filter Clicking the 'Errors' button enables the administrator to view only the log entries that are classified as errors. (Message) (Warning) (Error) 269

Download Logs and Request Logs Windows - Table of Columns, Controls and Icons Item Name Type Description Filter Clicking the 'Warnings' button enables the administrator to to view only the log

270 Download Logs and Request Logs Windows - Table of Columns, Controls and Icons Item Name Type Description Filter Clicking the 'Warnings' button enables the administrator to to view only the log entries that are classified as Warnings. Filter Clicking the 'Messages' button enables the administrator to to view only the log entries that are classified as Messages. Configuration of the Comodo Offline Updater Utility The updater can be configured for the working folder in the server to store the downloaded AV database updates, download URL, and the proxy settings. The configuration settings interface can be accessed by clicking the 'Settings' button or Edit > Settings from the main interface. Synchronization Settings Remote Folders - The 'Remote Folders' section displays the location of the update files on the 'Download Server'. This is the path that the offline updater will attempt to connect to in order to download updates. This is specific to the domain stated in the 'Download server' field of this same interface. The default location is to download updates from There are two basic ways that remote folders can be configured - automatically or manually. There are also two 'types' of download, namely 'Bases' and 'Binaries' - each of which will usually have distinct remote folder paths. 270

271 Note: In most cases, there shouldn't be any reason for administrators to change the synchronization settings. Possible exceptions could include if the administrator needed to download files for uncommon/older versions of an endpoint product and knew the location of those files on the remote server; if Comodo communicated to the administrator that their download server and/or path has changed or if the administrator wants to download the updates to this server from another server in the local network. Remote Folders = Folders on the 'Download' server (download.comodo.com by default), that Offline Updater checks for AV bases and binary updates. Bases = Database updates (like antivirus signatures updates). This type of update is the most frequent Binaries = Endpoint Product Updates (software updates). This type of file will typically be downloaded less frequently than the (data) bases. Automatically detect remote folders from client requests = Automatically sets then synchronizes with the folder path on the server that has been specified in the requests from the clients. This is the default and highly recommended setting. To manually set the folder structure in the server, deselect the checkbox beside 'Automatically detect remote folders from client requests'' and add the path of the remote folder in the 'Remote Folder' column and the type of the data in the 'Type' column (see this note before changing this setting). Working Folder - The working folder text box allows the Administrator to specify the path of the local storage location for storing the downloaded AV updates and binaries. To change the destination folder, click 'Browse' and navigate to the desired location to store the updates. Download Server - The Download Server text box allows the Administrator to specify the URL from which the updates are to be downloaded. The default the download URL is This can be changed if the updates are available from any other server in the local network. Ports to Listen - Port 80 is the default port number that the utility will listen to for updates. Refresh Every (Secs) - This setting allows the Administrator to set the frequency the download server has to be checked for the latest updates. Proxy Settings The proxy settings allows the Administrator to configure how Comodo Offline Updater utility should connect to Comodo servers for receiving AV database updates. If a Proxy server is used in the network and if the Administrator wants the application to use the Proxy Server, the Proxy settings can be configured accordingly. To use a proxy server to receive the updates 1. Select the checkbox beside 'Use Proxy'. 2. Enter the proxy server IP address or name in the 'Server' text box. 3. Enter the port number in the 'Port' text box. 4. Type your Login ID and the Password for proxy server authentication. Click OK for your settings to take effect. 271

Pointing Managed Installations of CIS to the Local Update Server After the installation and configuration of the updater utility, the tasks can be assigned for the managed computers with a sequence

272 Pointing Managed Installations of CIS to the Local Update Server After the installation and configuration of the updater utility, the tasks can be assigned for the managed computers with a sequence containing the action 'CIS - Set Update URL'. The host address of the local CESM server should be specified as the Update URL parameter for the 'CIS - Set Update URL' action while configuring the sequence. Step 1 - Creating a New Sequence Containing the Action CIS - Set Update URL 1. Open the Sequence Manager Window by clicking 'View' > 'Sequence Manager' from the file menu or clicking the button from the toolbar. 2. Click the 'Add' 3. The 'Add New Sequence' dialog will be opened. At this stage, you should create an appropriate Name (for example, 'Set Update URL for CIS Installations') and (optional) Description for the Sequence (for example, 'Setting CIS Installations for offline update'). 4. Click the 'Add Action' 5. Specify the parameters of this Action from the panel to the right. Click the ellipses button (...) from the 'Host List' row. button to create a New Sequence. icon and select the Action 'CIS - Set Update Hosts List'. The 'Hosts List Editor' dialog will appear. Click 'Add' and type the URL in the 'URL' field. This can be entered as the hostname or IP address of the local update server. For example, if you have installed and configured the Comodo Offline Updater Utility in the CESM Server, type the hostname or the IP address of the CESM Server. Click 'OK'. 272

The precess moves to step 5 of the next stage 'Creating a New Task containing the Sequence with the action CIS - Set Update Hosts List'.

273 6. Click 'Save'. This Sequence of Actions can now be added to a Task to be deployed on the target machines. Alternatively, click the drop-down arrow beside 'Save' and select 'Save and Create Task' to create a task containing this sequence immediately. The precess moves to step 5 of the next stage 'Creating a New Task containing the Sequence with the action CIS - Set Update Hosts List'. Step 2 - Creating a New Task Containing the Sequence with the action CIS - Set Update URL 1. Open the Sequence Manager Window by clicking 'View' > 'Task Manager' from the file menu or clicking the button from the toolbar. 2. Click the 'Add' 3. The 'Add New Task' dialog will be opened. At this stage, you should create an appropriate Name (with references to the sequence of actions and the target computers. For example, 'Set Update URL for CIS on Vista Computers' or 'Set Update URL for CIS on Accounts Dept Computers') and (optional) Description for the Task you are about to create. 4. Add the newly created Sequence to the Task, by clicking the drop-down button at the end of the 'Sequence' field and selecting the newly created sequence from the drop-down list. 5. Select the desired target computers or a predefined CESM 'Group' of computers for which the Update URL has to be set, in the 'Targets' field editor. button to create a New Task. 273

6. Execute the Task: Immediately by selecting 'Save and Execute' Manually at any time in the future by first saving then selecting the Task in the 'Task Manager' window then clicking the 'Execute'

'Task Result Manager' Window, which can be accessed by clicking History > Task Result or Task Result Manager button from the toolbar.

274 6. Execute the Task: Immediately by selecting 'Save and Execute' Manually at any time in the future by first saving then selecting the Task in the 'Task Manager' window then clicking the 'Execute' icon At a scheduled time by configuring your preferences using the 'Schedule' tab Once the Task is executed, the Administrator can check the progress (Success or Failure) of the Task through the 'Task Result Manager' Window, which can be accessed by clicking History > Task Result or Task Result Manager button from the toolbar. Tip: You can also select the computer(s) from the Computers window, right click on them and select 'Create Task' from the context sensitive menu. You can create a new task for setting the update URL list for the selected computer(s) with a sequence containing the action 'CIS - Set Update Host List' and execute the task on the computer(s). Additional Notes: The Administrator can find the current Update URL for any computer by assigning a Task with a Sequence containing the Action 'Discovery Data'. The parameter for the Discovery Data should be specified as 'CIS - Update Hosts List'. To check the current update URL for any computer 1. Create a new sequence by selecting the Action as 'Discover Data ' 274

275 2. Specify the Discovery parameter as 'CIS - Update Hosts List' and click the drop-down arrow beside 'Save' and select 'Save and Create Task'. 3. Specify the computer for which the current Update URL has to be found. 4. Execute the Task by clicking the drop-down button beside 'Save' and selecting 'Save and Execute'. 5. Once executed, open 'Discovery Profiles' Window by clicking View > Discovery Profiles from the file menu or clicking 275

276 the Discovery Profiles icon 6. from the toolbar. Double click on the 'CIS - Update Hosts List' profile in the 'Discovery Profiles' Window or right click on the 'CIS Update Hosts List' profile and select 'Open Discovered Data' from the context sensitive menu. The list of computers on which the 'Discover Data' action with the Discovery Profile 'CIS - Update Hosts List' will be displayed. Click the ellipses (...) button from the results panel on the right hand side of the list of computers, the Update URL list configured for the respective computer will be displayed in the 'Host List Editor' dialog. Alternatively, after executing the Task with a Sequence containing the Action 'Discovery Data' with Discovery Profile 'CIS Update Hosts List', right click on the desired computer in the Computer Tree in the Computers Window and select 'Open Discovered data' from the context sensitive menu. 276

The discovery profiles for the selected computer will be displayed. Select CIS - Update Hosts List and click the ellipses (...) button from the results panel on the right hand side.

277 The discovery profiles for the selected computer will be displayed. Select CIS - Update Hosts List and click the ellipses (...) button from the results panel on the right hand side. The Update URL list configured for the respective computer will be displayed in the 'Host List Editor' dialog. Shortcut Method for Creating a New Discovery Sequence Alternatively, a new Discovery Sequence can be created from the context sensitive menu of 'CIS Update URL' Profile in the 'Discovery Profiles' Window. 1. Open 'Discovery Profiles' Window by clicking View > Discovery Profiles from the file menu or clicking the Discovery Profiles icon 2. from the toolbar. Right click on the 'CIS - Update URL' profile and select 'Create Discovery Sequence' from the context sensitive menu. An 'Add New Sequence' dialog with a preset Sequence containing the the Action 'Discover Data' and Discovery Profile 'CIS Update Hosts List' will be opened. 277

278 3. At this stage, you should create an appropriate Name and (optional) Description for the Sequence and save the Sequence. The Administrator can create a new Task using this sequence and, after specifying the target computer(s), execute the Task to check the current Update URL configured for the selected computer(s). 278

Appendix 2 - The Service Configuration Tool The Service Configuration Tool enables the administrator to start and stop the CESM central service, change server and agent ports settings, change

To open the Service Configuration Tool, Click Start > All Programs > COMODO > Endpoint Security Manager > CESM Configuration Tool. The main interface of the tool will be opened.

279 Appendix 2 - The Service Configuration Tool The Service Configuration Tool enables the administrator to start and stop the CESM central service, change server and agent ports settings, change database connection settings and view a log of database events. The tool is installed as a separate application and can be accessed from the Windows Start Menu. To open the Service Configuration Tool, Click Start > All Programs > COMODO > Endpoint Security Manager > CESM Configuration Tool. The main interface of the tool will be opened. It contains three areas: Service Status Area - Indicates the current service CESM status and allows administrator to start or stop the service; Language - Enables the administrator to change the language of the Configuration tool; Settings - Enables the administrator to view and modify the connection and port settings; Event Log - Enables the administrator to view the log of database events. 279

Start and Stop the CESM Service The Service Status area at the top of the interface displays the current running status of the CESM Service as 'Running' or 'Stopped'.

Change the Language of the Configuration Tool The service configuration tool is currently available in English and Chinese (Simplified).

280 Start and Stop the CESM Service The Service Status area at the top of the interface displays the current running status of the CESM Service as 'Running' or 'Stopped'. To stop the running service, simply click the 'Stop' button. To start the service, simply click the 'Start' button. Change the Language of the Configuration Tool The service configuration tool is currently available in English and Chinese (Simplified). To change the language of the tool, click the Language button and select the language from the drop-down options. Language changes will be applied after restarting the configuration tool. After changing language, all message boxes, controls, menus, requests and the notifications will be displayed in the chosen language. Settings The Settings area can be accessed by clicking the 'Settings' tab (this area is displayed by default). From this area, the administrator can: Edit the Connection Settings of the server; 280

281 Edit the Server connection port and Agent connection port settings. Edit the Connection Settings of the server The connection settings of the server to the data source (sqlexpress database) is displayed as a string in the 'Connection String' field of the interface Click here for more details. To view and/or modify the connection settings, click the 'Edit' button beside the 'Connection String' text box. The 'Connection Properties' dialog will be displayed. The dialog displays the following connection parameters under different categories and also allows the administrator to modify them if required. Connection Parameter Data type Description Advanced Multiple Active Results Sets Boolean When set to 'True', multiple active results can be returned by the database and read using a (True/False) single connection Network Library Drop-down Specifies the network library used to establish connection to the SQL Server combo box Packet Size Numerical Type System Version Text Specifies the size of network packets for communication to SQL sever (in bytes) Specifies the system type of the server that the data provider will allow the data reader to extract data. Context Application Name Text Specifies the name of the data provider application 281

282 Workstation ID Text Specifies the name of the workstation that connects to the SQL server Data Connection String Text Indicates the connection string for connection to the data source, specifying parameters such as Data Source, Initial Catalog, Integrated Security, Multiple Active Results Sets and Connection Timeout, separated by semi colons. The values are automatically populated from the parameters set through this 'Connection Properties' dialog and the administrator need not specify these values in this field manually. The currently used connection string is displayed in the Connection String text box of the Service Configuration tool main interface. Selecting the check box 'Secure Connection Strings' will automatically save every connection string populated on every connection configuration and makes them available for reusage as a drop-down in this setting. Initialization Asynchronous Processing Connection Timeout Current Language Boolean When 'True', enables using Asynchronous data transfer in.net Framework Data Provider. (True/False) Numerical Text Specifies the time period (in seconds) to wait for reconnection to the server when the connection is lost and attempting to reconnect, before terminating the connection attempt. Specifies SQL Server Language record name Pooling Connection Reset Boolean When set to 'True', enables to reset the connection state when the connection is removed (True/False) from pool Enlist When set to 'True', the connection sessions in a component services (or MTS, in case of Boolean Microsoft Windows NT) environment are automatically enlisted in a global transaction where (True/False) required. Load Balance Time out Numerical Specifies the timeout period (in seconds) for the connection to stay in the pool before being removed from the pool. Max Pool Size - Numerical Specifies the maximum number of connections that can be allowed in a pool. Min Pool Size Numerical Specifies the minimum number of connections required for pooling. Pooling Boolean Enables connections to be added to a pool or withdrawn from a pool only when set to 'True'. (True/False) Replication Replication Boolean Specifies whether are not to allow SQL Server replication. (True/False) Security Encrypt Boolean When set to 'True', enables SQL Server to use SSL encryption for all data transfer between (True/False) client and server, if the server has a certificate installed. Integrated Security Boolean Specifies whether or not the connection is encrypted. (True/False) Password Text The password to be entered for connection to the database Persist Security Info Boolean When set to 'False', security sensitive information such as password will not be returned as (True/False) a part of communication if the connection is open or has ever been in an open state. Trust Server Certificate When set to 'True' (in combination with Encrypt = True) enables SQL Server to use the SSL Boolean encryption for all data transfer between the server and the client, without validating the (True/False) server certificate. User ID Text The username of the administrator required for connection to the database Source 282

283 Attach Database Filename Text Specifies the primary database file with the full path, of an attachable database, Clicking the ellipses (...) button at the left end of the textbox opens the standard Windows Open 'dialog' to specify the file. Context Connection Boolean When set to 'True', makes the connection only from the SQL Server context. Available only (True/False) when running in the SQL Server process. Data Source Drop-down Specifies the name of the database server to connect to. The drop-down displays a list of combo box database servers connected in the network to select from. Failover Partner Drop-down Specifies the name or IP address of standby SQL Server that acts as a failover partner. combo box Initial Catalog Drop-down Specifies the name of the initial catalog/database of the data source combo box User Instance Drop-down When set to 'True', the connection will be redirected to connect to an instance of SQL combo box Server running under the user account with the Username specified in User ID Tip: The entries in the dialog can be sorted in alphabetical order by clicking by clicking the sorting buttons at the top. Sorts the entries in Alphabetical order Sorts the entries into Hierarchical structure Test Connection - After making necessary settings/changes to the connection properties, the administrator can test the connection by clicking the 'Test Connection' button. If the connection is successful, a confirmation dialog will be displayed. The settings will take effect only after clicking 'OK' in the Connection Properties dialog and clicking 'Apply' in 'Settings' area. Edit Server Connection Port and Agent Connection Port Settings The Server Port and Agent Port fields in the Settings interface, allow the administrator to view/modify the port settings. The settings will take effect only on clicking Apply in the 'Settings' area. Viewing Database Event Log The 'Event log' contains a list of notifications from CESM central service that may assist administrators to troubleshoot problems. 283

284 The type of alerts that are displayed can be filtered by clicking the 'Errors', 'Warnings' and 'Information' buttons. Alternatively, type a specific search term into the text field then click the 'Apply Filter' button. Each cell can be individually selected by left - clicking. Multiple cells can be selected whilst holding down the 'Shift' or 'CTRL' keys and left-clicking on target cells. Cells can be copied to the clipboard by clicking the 'Copy' button. Column Types / Format Definition / Description Error - 'Errors' are those events whereby the CESM Central Service failed to execute a command. Warning - High severity errors that may (or already have) prevented the CESM service from connecting to the data source. For example, a critical application crash. Type (of event) Information - 'Information' events typically inform the administrator of the successful completion of task by the CESM service. Time MM/DD/YYY Displays the precise time that the event was generated on the endpoint machine. HH:MM:SS Contains a description of the event. Message Text Control Use the control to view the full message. Use the control to view a condensed version of the message (this is the default view). Use the control to copy the contents of the message to the clipboard. Control Type Description Filter by event Click this button to add or remove events of type 'Error' from the displayed list. Filter by event Click this button to add or remove events of type 'Warning' from the displayed list. Filter by event Click this button to add or remove events of type 'Information' from the displayed list. 284

Comodo Endpoint Security Manager Business Edition Software Version 2.0

Comodo Endpoint Security Manager Business Edition Software Version 2.0 Administrator Guide Guide Version 2.0.020212 Comodo Security Solutions 525 Washington Blvd. Jersey City, NJ 07310 Table of Contents