Endpoint Manager

• Introduction To Endpoint Manager
  • Key Concepts
  • Best Practices
  • Quick Start
  • Login Into The Admin Console
• The Admin Console
• The Dashboard
• Devices And Device Groups
  • Manage Device Groups
    • Create Device Groups
    • Edit A Device Group
    • Assign Configuration Profiles To A Device Group
    • Remove A Device Group
    • Run Procedures On Customer Groups
  • Manage Devices
    • Add New Devices
    • Manage Windows Devices
      • View And Edit Device Name
      • View Summary Information
      • View Hardware Information
      • View Network Information
      • View Maintenance Windows Associated With Device
      • View And Manage Profiles Associated With A Device
      • View And Manage Applications Installed On A Device
      • View The Files On A Device
      • View Exported Configurations And Import Profiles
      • View MSI Files Installed On A Device Through Endpoint Manager
      • View And Manage Patches For Windows And 3rd Party Applications
      • View Antivirus Scan History
      • View And Manage Device Group Memberships
      • View Device Logs
    • Manage Mac OS Devices
      • View And Edit Mac OS Device Name
      • Summary Information Of Mac Device
      • View Installed Applications
      • View Quarantined Files On Mac OS Device
      • View And Manage Profiles Associated With A Device
      • View Packages Installed On A Device Through Endpoint Manager
      • View And Manage Device Group Memberships
      • View Mac Device Logs
    • Manage Linux Devices
      • View And Edit Linux Device Name
      • Summary Information Of Linux Device
      • View Network Information Of A Linux Device
      • View And Manage Profiles Associated With A Linux Device
      • View Linux Packages Installed On A Device Through Endpoint Manager
      • View And Manage Device Group Memberships
    • Manage Android Devices
      • View And Edit Device Name
      • View Summary Information
      • Manage Installed Applications
      • View And Manage Profiles Associated With A Device
      • View Sneak Peek Pictures To Locate Lost Devices
      • View The Location Of The Device
      • View And Manage Device Group Memberships
    • Manage IOS Devices
      • View And Edit Device Name Of An IOS Device
      • View Summary Information Of An IOS Device
      • View Applications Installed On An IOS Device
      • View And Manage Profiles Associated With An IOS Device
      • View The Location Of An IOS Device
      • View And Manage Group Memberships Of An IOS Device
    • View User Information
    • Remove A Device
    • Remote Management Of Windows And Mac OS Devices
      • Transfer Items To / From The Remote Computer
    • Remotely Manage Folders And Files On Windows Devices
    • Manage Processes On Remote Windows Devices
    • Manage Services On Remote Windows Devices
    • Use The Command Prompt On Remote Windows Devices
    • Apply Procedures To Windows And Mac Devices
    • Remotely Install And Manage Packages On Windows Devices
    • Remotely Install Packages On Mac OS Devices
    • Remotely Install Packages On Linux Devices
    • Send Enrollment Link To IOS Devices
    • Install Apps On Android/iOS Devices
    • Generate An Alarm On Android Devices
    • Remotely Lock Mobile And Mac OS Devices
    • Wipe Selected Mobile And Mac Devices
    • Assign Configuration Profiles To Selected Devices
    • Set / Reset Screen Lock Password For Mobile Devices
    • Update Device Information
    • Send Text Messages To Mobile Devices
    • Restart Selected Windows Devices
    • Shutdown Windows Devices
    • Wake Offline Device
    • Change A Devices Owner
    • Change The Ownership Status Of A Device
    • Add Custom Notes And Tags On Devices
    • Generate Device List Report
  • Bulk Enrollment Of Devices
    • Enroll Windows, Mac OS And Linux Devices By Installing The Communication Client
      • Enroll Windows Devices Via AD Group Policy
      • Enroll Windows, Mac OS And Linux Devices By Offline Installation Of Agent
      • Enroll Windows Devices Using Auto Discovery And Deployment Tool
    • Enroll The Android And IOS Devices Of AD Users
  • Download And Install The Remote Control Tool
• Users And User Groups
  • Manage Users
    • Create New User Accounts
      • Manually Add Users
      • Import Users From A CSV File
    • Enroll User Devices For Management
      • Enroll Android Devices
      • Enroll IOS Devices
      • Enroll Windows Endpoints
      • Enroll Mac OS Endpoints
      • Enroll Linux OS Endpoints
    • View User Details
      • Update The Details Of A User
    • Assign Configuration Profiles To A Users Devices
    • Remove A User
    • Generate New Password For A User
    • Reset Two Factor Authentication Token For A User
    • Run Procedures On User Devices
  • Manage User Groups
    • Create A New User Group
    • Edit A User Group
    • Assign Configuration Profiles To A User Group
    • Remove A User Group
    • Run Procedures On Group Devices
  • Configure Role Based Access Control For Users
    • Create A New Role
    • Manage Permissions And Users Assigned To A Role
    • Remove A Role
    • Manage Roles Assigned To A User
• Configuration Templates
  • Create Configuration Profiles
    • Profiles For Android Devices
    • Profiles For IOS Devices
    • Profiles For Windows Devices
      • Create Windows Profiles
        • Associated Devices Settings
        • Antivirus Settings
        • Communication Client And Xcitium Client - Security Application Update Settings
        • File Rating Settings
        • Firewall Settings
        • HIPS Settings
        • Containment Settings
        • Maintenance Window Settings
        • VirusScope Settings
        • Global Proxy Settings
        • Client Proxy Settings
        • Agent Discovery Settings
        • Communication Client And Xcitium Client - Security Application UI Settings
        • Logging Settings
        • Client Access Control
        • External Devices Control Settings
        • Monitors
        • Procedure Settings
        • Remote Control Settings
        • Remote Tools Settings
        • Miscellaneous Settings
        • Script Analysis Settings
        • Data Loss Prevention Settings
        • Patch Management Settings
        • Performance Settings
      • Import Windows Profiles
    • Profiles For Mac OS Devices
      • Create A Mac OS Profile
        • Antivirus Settings For Mac OS Profile
        • Certificate Settings For Mac OS Profile
        • Restrictions Settings For Mac OS Profile
        • VPN Settings For Mac OS Profile
        • Wi-Fi Settings For Mac OS Profile
        • Remote Control Settings For Mac OS Profile
        • External Device Control Settings For Mac OS Profile
        • Valkyrie Settings For MacOS Profile
        • Procedure Settings For Mac Profiles
        • Monitor Settings For Mac OS Profile
    • Profiles For Linux Devices
      • Create A Linux Profile
        • Antivirus Settings For Linux Profile
        • Communication Client And Comodo Client - Security Application Update Settings For Linux Profile
        • User Interface Settings For Linux Profile
        • Logging Settings For Linux Profile
        • Clients Access Control Settings For Linux Profile
        • Valkyrie Settings For Linux Profile
  • View And Manage Profiles
    • Export And Import Configuration Profiles
    • Clone A Profile
  • Edit Configuration Profiles
  • Manage Default Profiles
  • Manage Alerts
    • Create A New Alert
    • Edit / Delete An Alert
  • Manage Procedures
    • View And Manage Procedures
    • Create A Custom Procedure
    • Combine Procedures To Build Broader Procedures
    • Review / Approve / Decline New Procedures
    • Add A Procedure To A Profile / Procedure Schedules
    • Import / Export / Clone Procedures
    • Change Alert Settings
    • Apply Procedures To Devices
    • Edit / Delete Procedures
    • View Procedure Results
  • Manage Monitors
    • Create Monitors And Add Them To Profiles
      • Monitors For Windows Devices
      • Monitors For Mac OS Devices
    • View And Edit Monitors
  • Data Loss Prevention Rules
    • Create DLP Discovery Rules And Add Them To Profiles
    • View And Edit DLP Discovery Rules
    • Create DLP Monitoring Rules And Add Them To Profiles
    • View And Edit DLP Monitoring Rules
• Security
  • Endpoint Security Status
    • Run Antivirus And/or File Rating Scans On Devices
    • Handle Malware On Scanned Devices
    • Update Virus Signature Database On Windows, Mac OS And Linux Devices
  • Security Events
    • View Security Events By Time
    • View Security Events By Files
    • View Security Events By Device
    • View Android Threat History
  • View And Manage Blocked Threats
  • View And Manage Quarantined Threats
  • View Contained Threats
  • HIPS Events
  • Firewall Events
  • View And Manage Autorun Alerts
  • Manage File Trust Ratings On Windows Devices
    • File Ratings Explained
  • View List Of File Verdicts
  • View History Of External Device Connection Attempts
  • Data Loss Prevention Scans
    • DLP Logs
    • DLP Quarantined Files
• Network Management
  • Create And Run Network Discovery Tasks
  • Manage Profiles For Network SNMP Devices
  • Manage Network Devices
    • Manage SNMP Devices
      • SNMP Device Details Interface
    • Discovered Devices
  • Manage Network Monitors
• Application Store
  • IOS Apps
    • Add IOS Apps And Install Them On Devices
    • Manage IOS Apps
  • Android Apps
    • Add Android Apps And Install Them On Devices
    • Manage Android Apps
  • Windows Apps
    • Install Windows Apps On Devices
• Applications
  • View Applications Installed On Android And IOS Devices
    • Blacklist And Whitelist Applications
  • Patch Management
    • Manage OS Patches On Windows Endpoints
    • Install 3rd Party Application Patches On Windows Endpoints
      • EM Supported 3rd Party Applications
  • View And Manage Applications Installed On Windows Devices
    • Uninstall A Windows Application From Selected Devices
    • Uninstall A Windows Application From All Devices
  • Vulnerability Management
• License Management
  • Manage Your Licenses
  • Manage License Allocation
  • Bill Forecast
• Configure Endpoint Manager
  • Email Notifications, Templates And Custom Variables
    • Configure Email Templates
    • Configure Email Notifications
    • Create And Manage Custom Variables
    • Create And Manage Registry Groups
    • Create And Manage COM Groups
    • Create And Manage File Groups
    • View And Manage Pattern Variables
    • View And Manage Keyword Groups
  • Endpoint Manager Portal Configuration
    • Import User Groups From LDAP
    • Configure Communication And Security Client Settings
    • Configure The EM Android Client
      • Configure Android Client General Settings
      • Configure Android Client Antivirus Settings
    • Add Apple Push Notification Certificate
    • Configure Windows Clients
      • Configure Communication Client Settings
      • Configure Client Security Settings
    • Manage Endpoint Manager Extensions
    • Configure Endpoint Manager Reports
    • Device Removal Settings
    • Account Security Settings
    • Set-up Administrators Time Zone And Language
    • Configure Audit Log Settings
  • Integrate Apple Business Manager With Endpoint Manager
    • Link Endpoint Manager With Apple Business Manager
    • Manage Apple Business Manager Devices
    • Manage Apple Business Manager Profiles
    • Configure Apple Business Manager Notifications
  • View Version And Support Information
• Appendix 1a - Endpoint Manager Services - IP Nos, Host Names And Port Details - EU Customers
• Appendix 1b - Endpoint Manager Services - IP Nos, Host Names And Port Details - US Customers
• Appendix 2 - Endpoint Manager License Types
• Appendix 3 - Pre-configured Profiles
• About Comodo Security Solutions

Antivirus Settings

The antivirus settings screen lets you configure real-time monitoring, custom scans and scan exclusions.

• Tip. Add a 'Miscellaneous' section to the profile if you want to setup registry monitoring. See Miscellaneous Settings for more details.

Configure Antivirus settings

• Click 'Assets' > 'Configuration Templates' > 'Profiles'
  

• Open the profile you want to work on

• Click the 'Antivirus' tab then 'Edit', if it has already been added to the profile

OR

• Click 'Add Profile Section' > 'Antivirus' if it hasn't yet been added

You can use the default AV settings or import them from a predefined profile:

• The default settings differ slightly from those in the various profiles. For example, 'Show antivirus alerts' is disabled in the security level 1 profile but is enabled in the default settings.
  

• In either case, you can always modify the AV settings later as required.
  

• Make your selection then click 'Ok'.

The AV settings screen opens:

• Real Time Scan - Configure the 'always-on' virus monitor. This is the core antivirus scanner that continuously protects your endpoints against malware.
  

• Scans - Create a custom scan profile. Custom scan profiles let you choose which areas you want to scan. You can also create a scan schedule. You can add multiple scan profiles to a device profile.
  

• Exclusions - Files and folders that should be skipped on devices to which the profile is applied. Items you add here are excluded from real-time scans and any custom scans.
  

Realtime Scan settings

Realtime Scan Settings - Table of Parameters
Form Element	Description
Enable Realtime Scan	The realtime scanner ensures your devices are constantly protected from malware. The scanner inspects files whenever they are created, opened or copied. Choose whether of not to enable real time scanning. (Default = Enabled)
Enable Scanning Optimizations	Various techniques to improve antivirus scan performance and reduce resource use. Choose whether or not to enable scan optimization. (Default = Enabled)
Do not show auto-scan alerts	Choose whether or not to show a notification to end-users when an external device is connected to the endpoint. XCS can automatically scan external devices whenever they are connected. Example devices include external HDD's, USB sticks etc. Show alerts - End user can choose whether or not to scan the device from the alert Don't show alerts - You have a choice of default responses that XCS should take: Ignore - The device will not be scanned Scan - The device will be scanned for viruses (Default = Enabled with 'Ignore' option)
Run cache builder when computer is idle	The antivirus cache builder runs whenever the computer is idle to boost the speed of real-time scans. (Default = Disabled) Applies only to XCS versions 8.3 or lower.
Scan computer memory after the computer starts	If enabled, XCS will scan system memory for threats after a re-boot. (Default = Disabled)
Show antivirus alerts	Configure whether or not to show alerts on the endpoints when malware is discovered. Disabling will minimize disturbance to the end-user but at some loss of user awareness. If you choose not to show alerts then you have a choice of default responses that XCS should automatically take: Quarantine threats - Moves detected threat(s) to quarantine for assessment. Block threats - Prevents the file from running (Default = Enabled with 'Quarantine threats' option)
Decompress and scan archive files of extensions	The antivirus will open and scan archive files such as .jar, RAR, ZIP, ARJ, WinARJ and CAB. If enabled, you can choose which types of archive should be decompressed and scanned. Click the 'Extensions' link to view existing extensions and add new extensions. (Default = Disabled)
Set new on-screen alert timeout to (secs)	Specify how long an alert should stay on the screen at an endpoint. (Default = 120 seconds)
Set new maximum file size to (MB)	Specify the maximum file size that the antivirus should attempt to scan. Files larger than the size specified here will not be not scanned. (Default = 40 MB)
Set new maximum script size limit to (MB)	Specify the maximum size of a script that the antivirus should attempt to scan. Files larger than the size specified here are not scanned. (Default = 4 MB)
Use heuristic scanning	Enable or disable heuristics scanning and define the scan level. The scan level determines how likely the scanner is to classify an unknown file as a threat. Low - Lowest sensitivity to detecting unknown threats / generates fewest false positives. The 'low' setting combines an extremely high level of security and protection with a low rate of false positives. Xcitium recommends this setting for most users. (Default) Medium - Detects unknown threats with greater sensitivity than the 'Low' setting but with a corresponding rise in the possibility of false positives. High- Highest sensitivity to detecting unknown threats / increased possibility of false positives. (Default = Enabled with 'Low ' option) Background Note: Heuristic techniques identify previously unknown viruses and Trojans. 'Heuristics' describes the method of analyzing a file to ascertain whether it contains code typical of a virus. It is about detecting attributes which resemble a virus, rather than looking for a signature that matches a signature on the virus blacklist. This allows the engine to predict the existence of new viruses - even if they are not in the current virus database.
Block all Microsoft Office documents containing macro script	Block files containing macro script except the specified files/folders so that you can prevent the damage of harmful macros in word files. You can define exclusions so the necessary files/file groups are excluded from blocking When this setting is enabled, the portal should send configurations to XCS so that XCS can block files containing macro scripts. (Default = Disabled) Click 'Exclusion'. The 'Manage Exclusions' dialog will appear with a list of defined exclusions under two tabs: Exclusion Paths - Enter the location of an individual item that you want to exclude. Contained files can write to the files/folders you specify here. You can add multiple files by clicking 'Add' again. Click 'Add' then 'Path' or 'File Group' as required: Exclusion Groups - Allow contained apps to access apps and files in a particular group. A file group is a collection of file types which have similar attributes, scope, or functionality. For example, 'Executables', 'Metro Apps', or 'Windows System Applications'. Xcitium ships with a set of pre-defined file groups. You can create custom file groups from the 'Settings' > 'Settings' > 'System Templates' > 'File Groups Variables' interface. See Create and Manage File Groups for more details. Click 'Add' then 'Path' or 'File Group' as required: Click 'OK' to save your settings. You can edit or remove the exclusions using the respective buttons in the 'Action' column in the File/Folders interface.

• Click the 'Save' button at the bottom.

Custom Scans

The 'Scans' pane allows you to view, edit, create and run custom scan profiles. Each scan profile is a collection of scanner settings that tell XCS:

• Where to scan (which files, folders or drives should be covered by the scan)
  

• When to scan (you have the option to specify a schedule)
  

• How to scan (options that let you specify the behavior of the scan engine when running this profile
  

• You can add multiple scan-profiles to a device profile.

Xcitium ships with four scan profiles:

• Full Scan - XCS scans every drive, folder and file on the target device. External devices like USB drives and digital camera will also be scanned.
  

• Quick Scan - XCS scans important areas which are most prone to attack from malware. Scanned areas include system memory, auto-run entries, hidden services, boot sectors and other significant areas.
  

• Unrecognized Files Scan - XCS only scans files which have an 'unknown' trust rating. XCS will obtain the file's latest trust rating from the our master online database.
  

• Quarantined Files Scan - XCS only scans files which are currently quarantined. XCS will obtain the file's latest trust rating from the our master online database.

Click the 'Edit' icon  beside a profile name to modify which items are scanned, and to set up a scan schedule. For details on the parameters, see the explanation below.

Create a custom scan profile

• Open the 'Antivirus' section of your profile.
  

• 'Assets' > 'Configuration Templates' > 'Profiles' > open the target profile
  

• Open the 'Antivirus' section, or click 'Add Profile Section' > 'Antivirus'
  

• Click the 'Scans' tab.
  

• Click the 'Add' button:

• Enter the name of the custom scan in the 'Scan name' field
  

• Choose the files, folder or regions you want to scan

Target items are shown as follows:

Next, choose your scan options:

• Click the 'Options' bar
  

• See the table below the screenshot for a description of each option:

Scan Options - Table of Parameters
Form Element	Description
Enable scanning optimizations	The antivirus will employ various optimization techniques like running the scan in the background in order to speed-up the scanning process (Default = Enabled). Applies only to XCS versions 8.3 or lower.
Decompress and scan compressed files	The antivirus will open and scan archive files. Supported formats include RAR, WinRAR, ZIP, WinZIP ARJ, WinARJ and CAB archives (Default = Enabled).
Use cloud while scanning	Augments the local scan with a real-time look-up of Xcitium's online signature database. The cloud database is the most up-to-date version of our virus database, so antivirus scans are more accurate. With 'Cloud Scanning' enabled, XCS is capable of detecting zero-day malware even if the local database is out-dated. (Default = Enabled).
Automatically clean threats	XCS will automatically take action against detected threats instead of showing the results screen with a list of threats. You can choose the action to be taken from the drop-down. The available options are: Disinfect Quarantine (Default = Enabled with Disinfect option)
Show scan results window	Displays a results window at the end of a virus scan. The results windows shows all threats identified by the scan. (Default = Disabled)
Use heuristic scanning	Enable or disable heuristics scanning and define the scan level. The scan level determines how likely the scanner is to classify an unknown file as a threat. Low - Lowest sensitivity to detecting unknown threats / generates fewest false positives. The 'low' setting combines an extremely high level of security and protection with a low rate of false positives. Xcitium recommends this setting for most users. (Default) Medium - Detects unknown threats with greater sensitivity than the 'Low' setting but with a corresponding rise in the possibility of false positives. High- Highest sensitivity to detecting unknown threats / increased possibility of false positives. (Default = Enabled with 'Low ' option) Background Note: Heuristic techniques identify previously unknown viruses and Trojans. 'Heuristics' describes the method of analyzing a file to ascertain whether it contains code typical of a virus. It is about detecting attributes which resemble a virus, rather than looking for a signature that matches a signature on the virus blacklist. This allows the engine to predict the existence of new viruses - even if they are not in the current virus database
Apply this action to suspicious autorun entries	XCS will inspect auto-run entries, Windows services, startup items and scheduled tasks during each scan. You can apply one of the following actions to services started by unrecognized or malicious processes: Quarantine and Disable: The service will be stopped and permanently disabled. The file that started the service will be quarantined on the device. Terminate and Disable - The service will be stopped and permanently disabled. If required, the service can be enabled manually. (Default) Terminate - The service will be stopped for the current session. Ignore -The detection will be logged but the service allowed to run normally. Applies only to XCS versions 10.7 or higher.
Limit maximum file size to	Specify the maximum file size that the antivirus should attempt to scan.(Default = 40 MB).
Run this scan with	Set the Windows priority for the scan. Choices are high, medium, low and run in the background. (Default = Enabled with Background option)
Update virus database before running	Makes XCS to check for virus database updates before a scan. Available updates will be downloaded prior to the scan. (Default = Enabled).
Detect potentially unwanted applications	XCS also scans for applications that (i) a user may or may not be aware is installed on their computer and (ii) may functionality and objectives that are not clear to the user. Example PUA's include adware and browser toolbars. PUA's are often installed as an additional extra when the user is installing an unrelated piece of software. Unlike malware, many PUA's are 'legitimate' pieces of software with their own EULA agreements. However, the 'true' functionality of the software might not have been made clear to the end-user at the time of installation. For example, a browser toolbar may also contain code that tracks a user's activity on the Internet (Default = Enabled).

The next step is to schedule when the custom scan should be run.

• Click 'Schedule'

Schedule Settings - Table of Parameters
Form Element	Description
Frequency	Do not schedule this task - The scan is not run automatically at a set time. The scan is saved after you click 'Ok' and is available for manual, on-demand scans. Every hour(s) - Run the scan once every n hours. For example, once every 3 hours. Enter the number of hours between scans in the box provided. Every Day - Runs the scan every day at the time specified Every Week - Runs the scan weekly on the days and time you specify. Every Month - Runs the scan monthly on the days and time you specify. Selected days of month - Run the scan on specific days and weeks in a month. Select the weeks and days from the menus.
Run only when computer is not running on battery	Runs the scan only if the computer is connected to the mains supply. This is useful if you are using a laptop or any other battery driven portable computer.
Run only when computer is idle	Scans will run only if the computer is in idle state. Select this if you do not want to be disturbed, or if you are running resource intensive programs and do not want the scan to take processing power.
Turn off computer if no threats are found at the end of the scan	Powers down your computer if no threats are found during the scan. For example, this is useful if you have scans which are scheduled to run at night.

• Click 'OK' to save the custom scan settings

The added scan profile will be listed in the screen.

• Use the switches to enable or disable a scan-profile.
  

• To change the settings for the custom scan, click the edit button , edit the parameters and click 'OK'
  

• To remove a custom scan from the list, select it and click 'Remove'

Exclusions

The 'Exclusions' screen under the Antivirus setting has three sub sections that allow you to add a list of paths, list of applications/files and 'File Groups' which should be excluded from the antivirus scan.

• Click 'Exclusions'

Add excluded paths

By default the 'Excluded Paths' screen will be displayed:

• Click 'Add'

The 'Add Excluded Path' dialog will appear:

• Enter the full path that should be excluded from scanning and click 'OK'.

The added excluded path will be included in the list.

• Repeat the process to include more paths
  

• To change the path, click the edit button , edit the parameters and click 'OK'
  

• To remove a path from the list, select it and click 'Remove'

Add excluded applications

• Click 'Excluded Applications'
  
  

• EDR agent will add as Exclusions in Windows Default profile.

• Click 'Add'
  
  

• Enter the full path including the application that should be excluded from scanning and click 'OK'
  

• Repeat the process to include more applications
  
  

• To change the application path, click the edit button , edit the parameters and click 'OK'
  

• To remove an application from the list, select it and click 'Remove'
  
  

Add Excluded Groups

File groups make it easy to exclude an entire class of file types. Click 'Settings' > 'Settings' > 'System Templates' > 'File Group Variables' to view/edit/create file groups. See File Groups if you need more help.

• Click 'Excluded Groups'

• Click 'Add'.

The 'Add Group' dialog opens:

• Choose the group from the 'Group' drop-down and click 'OK'.

The group will be added to the exclusions.

• Repeat the process to add more file groups
  

• Click the 'Save' button at the bottom to save the antivirus settings.
  

• Click 'Delete' to remove the antivirus settings section. See Edit Configuration Profiles for more details about editing the parameters.