Endpoint Manager

• Introduction To Endpoint Manager
  • Key Concepts
  • Best Practices
  • Quick Start
  • Login Into The Admin Console
• The Admin Console
• The Dashboard
• Devices And Device Groups
  • Manage Device Groups
    • Create Device Groups
    • Edit A Device Group
    • Assign Configuration Profiles To A Device Group
    • Remove A Device Group
    • Run Procedures On Customer Groups
  • Manage Devices
    • Add New Devices
    • Manage Windows Devices
      • View And Edit Device Name
      • View Summary Information
      • View Hardware Information
      • View Network Information
      • View Maintenance Windows Associated With Device
      • View And Manage Profiles Associated With A Device
      • View And Manage Applications Installed On A Device
      • View The Files On A Device
      • View Exported Configurations And Import Profiles
      • View MSI Files Installed On A Device Through Endpoint Manager
      • View And Manage Patches For Windows And 3rd Party Applications
      • View Antivirus Scan History
      • View And Manage Device Group Memberships
      • View Device Logs
    • Manage Mac OS Devices
      • View And Edit Mac OS Device Name
      • Summary Information Of Mac Device
      • View Installed Applications
      • View Quarantined Files On Mac OS Device
      • View And Manage Profiles Associated With A Device
      • View Packages Installed On A Device Through Endpoint Manager
      • View And Manage Device Group Memberships
      • View Mac Device Logs
    • Manage Linux Devices
      • View And Edit Linux Device Name
      • Summary Information Of Linux Device
      • View Network Information Of A Linux Device
      • View And Manage Profiles Associated With A Linux Device
      • View Linux Packages Installed On A Device Through Endpoint Manager
      • View And Manage Device Group Memberships
    • Manage Android Devices
      • View And Edit Device Name
      • View Summary Information
      • Manage Installed Applications
      • View And Manage Profiles Associated With A Device
      • View Sneak Peek Pictures To Locate Lost Devices
      • View The Location Of The Device
      • View And Manage Device Group Memberships
    • Manage IOS Devices
      • View And Edit Device Name Of An IOS Device
      • View Summary Information Of An IOS Device
      • View Applications Installed On An IOS Device
      • View And Manage Profiles Associated With An IOS Device
      • View The Location Of An IOS Device
      • View And Manage Group Memberships Of An IOS Device
    • View User Information
    • Remove A Device
    • Remote Management Of Windows And Mac OS Devices
      • Transfer Items To / From The Remote Computer
    • Remotely Manage Folders And Files On Windows Devices
    • Manage Processes On Remote Windows Devices
    • Manage Services On Remote Windows Devices
    • Use The Command Prompt On Remote Windows Devices
    • Apply Procedures To Windows And Mac Devices
    • Remotely Install And Manage Packages On Windows Devices
    • Remotely Install Packages On Mac OS Devices
    • Remotely Install Packages On Linux Devices
    • Send Enrollment Link To IOS Devices
    • Install Apps On Android/iOS Devices
    • Generate An Alarm On Android Devices
    • Remotely Lock Mobile And Mac OS Devices
    • Wipe Selected Mobile And Mac Devices
    • Assign Configuration Profiles To Selected Devices
    • Set / Reset Screen Lock Password For Mobile Devices
    • Update Device Information
    • Send Text Messages To Mobile Devices
    • Restart Selected Windows Devices
    • Shutdown Windows Devices
    • Wake Offline Device
    • Change A Devices Owner
    • Change The Ownership Status Of A Device
    • Add Custom Notes And Tags On Devices
    • Generate Device List Report
  • Bulk Enrollment Of Devices
    • Enroll Windows, Mac OS And Linux Devices By Installing The Communication Client
      • Enroll Windows Devices Via AD Group Policy
      • Enroll Windows, Mac OS And Linux Devices By Offline Installation Of Agent
      • Enroll Windows Devices Using Auto Discovery And Deployment Tool
    • Enroll The Android And IOS Devices Of AD Users
  • Download And Install The Remote Control Tool
• Users And User Groups
  • Manage Users
    • Create New User Accounts
      • Manually Add Users
      • Import Users From A CSV File
    • Enroll User Devices For Management
      • Enroll Android Devices
      • Enroll IOS Devices
      • Enroll Windows Endpoints
      • Enroll Mac OS Endpoints
      • Enroll Linux OS Endpoints
    • View User Details
      • Update The Details Of A User
    • Assign Configuration Profiles To A Users Devices
    • Remove A User
    • Generate New Password For A User
    • Reset Two Factor Authentication Token For A User
    • Run Procedures On User Devices
  • Manage User Groups
    • Create A New User Group
    • Edit A User Group
    • Assign Configuration Profiles To A User Group
    • Remove A User Group
    • Run Procedures On Group Devices
  • Configure Role Based Access Control For Users
    • Create A New Role
    • Manage Permissions And Users Assigned To A Role
    • Remove A Role
    • Manage Roles Assigned To A User
• Configuration Templates
  • Create Configuration Profiles
    • Profiles For Android Devices
    • Profiles For IOS Devices
    • Profiles For Windows Devices
      • Create Windows Profiles
        • Associated Devices Settings
        • Antivirus Settings
        • Communication Client And Xcitium Client - Security Application Update Settings
        • File Rating Settings
        • Firewall Settings
        • HIPS Settings
        • Containment Settings
        • Maintenance Window Settings
        • VirusScope Settings
        • Global Proxy Settings
        • Client Proxy Settings
        • Agent Discovery Settings
        • Communication Client And Xcitium Client - Security Application UI Settings
        • Logging Settings
        • Client Access Control
        • External Devices Control Settings
        • Monitors
        • Procedure Settings
        • Remote Control Settings
        • Remote Tools Settings
        • Miscellaneous Settings
        • Script Analysis Settings
        • Data Loss Prevention Settings
        • Patch Management Settings
        • Performance Settings
      • Import Windows Profiles
    • Profiles For Mac OS Devices
      • Create A Mac OS Profile
        • Antivirus Settings For Mac OS Profile
        • Certificate Settings For Mac OS Profile
        • Restrictions Settings For Mac OS Profile
        • VPN Settings For Mac OS Profile
        • Wi-Fi Settings For Mac OS Profile
        • Remote Control Settings For Mac OS Profile
        • External Device Control Settings For Mac OS Profile
        • Valkyrie Settings For MacOS Profile
        • Procedure Settings For Mac Profiles
        • Monitor Settings For Mac OS Profile
    • Profiles For Linux Devices
      • Create A Linux Profile
        • Antivirus Settings For Linux Profile
        • Communication Client And Comodo Client - Security Application Update Settings For Linux Profile
        • User Interface Settings For Linux Profile
        • Logging Settings For Linux Profile
        • Clients Access Control Settings For Linux Profile
        • Valkyrie Settings For Linux Profile
  • View And Manage Profiles
    • Export And Import Configuration Profiles
    • Clone A Profile
  • Edit Configuration Profiles
  • Manage Default Profiles
  • Manage Alerts
    • Create A New Alert
    • Edit / Delete An Alert
  • Manage Procedures
    • View And Manage Procedures
    • Create A Custom Procedure
    • Combine Procedures To Build Broader Procedures
    • Review / Approve / Decline New Procedures
    • Add A Procedure To A Profile / Procedure Schedules
    • Import / Export / Clone Procedures
    • Change Alert Settings
    • Apply Procedures To Devices
    • Edit / Delete Procedures
    • View Procedure Results
  • Manage Monitors
    • Create Monitors And Add Them To Profiles
      • Monitors For Windows Devices
      • Monitors For Mac OS Devices
    • View And Edit Monitors
  • Data Loss Prevention Rules
    • Create DLP Discovery Rules And Add Them To Profiles
    • View And Edit DLP Discovery Rules
    • Create DLP Monitoring Rules And Add Them To Profiles
    • View And Edit DLP Monitoring Rules
• Security
  • Endpoint Security Status
    • Run Antivirus And/or File Rating Scans On Devices
    • Handle Malware On Scanned Devices
    • Update Virus Signature Database On Windows, Mac OS And Linux Devices
  • Security Events
    • View Security Events By Time
    • View Security Events By Files
    • View Security Events By Device
    • View Android Threat History
  • View And Manage Blocked Threats
  • View And Manage Quarantined Threats
  • View Contained Threats
  • HIPS Events
  • Firewall Events
  • View And Manage Autorun Alerts
  • Manage File Trust Ratings On Windows Devices
    • File Ratings Explained
  • View List Of File Verdicts
  • View History Of External Device Connection Attempts
  • Data Loss Prevention Scans
    • DLP Logs
    • DLP Quarantined Files
• Network Management
  • Create And Run Network Discovery Tasks
  • Manage Profiles For Network SNMP Devices
  • Manage Network Devices
    • Manage SNMP Devices
      • SNMP Device Details Interface
    • Discovered Devices
  • Manage Network Monitors
• Application Store
  • IOS Apps
    • Add IOS Apps And Install Them On Devices
    • Manage IOS Apps
  • Android Apps
    • Add Android Apps And Install Them On Devices
    • Manage Android Apps
  • Windows Apps
    • Install Windows Apps On Devices
• Applications
  • View Applications Installed On Android And IOS Devices
    • Blacklist And Whitelist Applications
  • Patch Management
    • Manage OS Patches On Windows Endpoints
    • Install 3rd Party Application Patches On Windows Endpoints
      • EM Supported 3rd Party Applications
  • View And Manage Applications Installed On Windows Devices
    • Uninstall A Windows Application From Selected Devices
    • Uninstall A Windows Application From All Devices
  • Vulnerability Management
• License Management
  • Manage Your Licenses
  • Manage License Allocation
  • Bill Forecast
• Configure Endpoint Manager
  • Email Notifications, Templates And Custom Variables
    • Configure Email Templates
    • Configure Email Notifications
    • Create And Manage Custom Variables
    • Create And Manage Registry Groups
    • Create And Manage COM Groups
    • Create And Manage File Groups
    • View And Manage Pattern Variables
    • View And Manage Keyword Groups
  • Endpoint Manager Portal Configuration
    • Import User Groups From LDAP
    • Configure Communication And Security Client Settings
    • Configure The EM Android Client
      • Configure Android Client General Settings
      • Configure Android Client Antivirus Settings
    • Add Apple Push Notification Certificate
    • Configure Windows Clients
      • Configure Communication Client Settings
      • Configure Client Security Settings
    • Manage Endpoint Manager Extensions
    • Configure Endpoint Manager Reports
    • Device Removal Settings
    • Account Security Settings
    • Set-up Administrators Time Zone And Language
    • Configure Audit Log Settings
  • Integrate Apple Business Manager With Endpoint Manager
    • Link Endpoint Manager With Apple Business Manager
    • Manage Apple Business Manager Devices
    • Manage Apple Business Manager Profiles
    • Configure Apple Business Manager Notifications
  • View Version And Support Information
• Appendix 1a - Endpoint Manager Services - IP Nos, Host Names And Port Details - EU Customers
• Appendix 1b - Endpoint Manager Services - IP Nos, Host Names And Port Details - US Customers
• Appendix 2 - Endpoint Manager License Types
• Appendix 3 - Pre-configured Profiles
• About Comodo Security Solutions

Create a Custom Procedure

 

Endpoint Manager lets you create custom script/patch procedures to achieve specific tasks. Click the following links to find out more:

• Create a custom Windows / Mac OS script procedure

• Create a custom Windows patch procedure

• Create a custom Windows 3rd Party application patch procedure
  

Create a custom Windows / Mac OS script procedure

• Click 'Configuration Templates' > 'Procedures' > 'Create' > 'Create Windows Script Procedure' or ‘Create macOS Script Procedure’

The process to create script procedure for Windows and Mac OS is the same. Windows script procedure creation is explained below.

 

• Procedure name - Create a label which describes the purpose of the procedure.

• Description - Add background comments and notes about the procedure.

• Folder - Specify where it should be saved

Click ‘Create’.

• You are taken to the procedure configuration screen:

• Click 'Edit' to modify the basic settings:

 

• Default Alert - You can view the settings of the default alert in 'Configuration Templates' > 'Alerts'. You can create custom alert settings if required from this interface. Make sure the alert is active to receive notifications.

• Click 'Save' to apply your settings.

• Click the 'View Procedure' tab followed by 'Edit' to define a Python script for your procedure. The built-in text editor lets you to compose your script:

• You can include variable whose values are populated when the procedure runs.

• To define variable parameters in the script:

• Click the 'View Procedure' tab followed by 'Edit'

• In the text editor, type the parameter name and enter the value as itsm.getParameter('parameter name'). Examples:

• Age = itsm.getParameter('age')

• Year = itsm.getParameter('year')

• The variables will become available in the 'Parameters' tab. You can define the type, label and default values for them. An example is shown below:

Configure the following for each parameter:

• Type - Choose the category of variable. The supported types are:

• Integer

• Double

• String

• List

• EM Label - Enter a name for the variable
  

• Default Value – Enter a value for the parameter to be taken when no value is input during run-time

• Click 'Save' to save the script.
  

• After saving your script you need to approve it before it can be deployed in a profile.

• You can create a schedule for a procedure when you add it to a profile. See Add a Procedure to a Profile / Procedure Schedules for more details.

• The execution log will get populated after the procedure has successfully run on end-points. You can view the history of execution of this procedure at anytime by selecting this procedure from the Procedures interface and clicking the 'Execution Log' tab.

• Note 1. Comodo runs a free script library at https://scripts.comodo.com/ which contains Python scripts covering a wide range of tasks. Feel free to try any script that fits your needs.  You can also use this site to request a new script for a particular task you think will be useful. You can contribute your own scripts to the MSP forum at https://forum.mspconsortium.com/forum/script-library.

• Note 2. You can also use the Import and Clone features if you wish to create a new procedure using an existing procedure as a starting point

Create a custom Windows patch procedure

Windows only.

• Click 'Configuration Templates' > 'Procedures' > 'Create' > 'Create Patch Procedure'

• Enter a name and description and specify the folder where it should be saved. If required, you can create new sub-folders under 'My Procedures' in the 'Procedures' area.

• Click ‘Create’ to open the configuration screen:

Procedure Configuration

• To configure patch options for your procedure, click the 'Execution Options' tab followed by the 'Edit' button. You can select the Microsoft software updates required for the procedure from the options.

• Click the link 'Read the definitions from Microsoft website' link to view patch details

• Choose which types of patch the procedure should install and click 'Save'

• Click the 'Restart Control' tab followed by the 'Edit' button to configure restart options for the endpoint after the procedure has run successfully.

• You can choose to:

• Continue the operation of the endpoint without restart by selecting 'Suppress the reboot'

• Force restart the endpoint a certain period of time after the procedure has completed.

OR

• Display a warning to the user and let them postpone the restart. Type a message for the user if you choose this option.

• The 'Schedule' tab will be auto-populated once you add the procedure to a configuration profile and schedule its execution. See Add a Procedure to a Profile / Procedure Schedules for more details.

• The 'Execution Log' will be auto-populated after the procedure has been successful executed as part of a profile. You can view a history of executions at anytime by selecting this procedure in the 'Procedures' interface and clicking the 'Execution Log' tab.

• After saving, your patch procedure will be automatically approved, added to the 'Procedures' list and can be deployed in a profile.

Important Note: Patches that are hidden by administrators will not be executed. See 'Manage OS Patches on Windows Endpoints' for more details.

Create a custom 3^rdparty patch procedure

• Click 'Configuration Templates' > 'Procedures' > 'Create' > 'Create Windows 3rd Party Patch Procedure'

• Enter a name and description for your procedure and specify the folder in which you want to save it.

• Click ‘Create’ to open the procedure configuration screen:

• To configure patch options for your procedure, click the 'Execution Options' tab followed by the 'Edit' button. You can select the applications to be updated from the options.

• Select 3rd party software to update - Allows you to choose whether all upgradable applications identified at the endpoint to be updated or only specific application(s) is/are to be updated.

• Update all applications - Select this option if you want all outdated applications in the endpoint to be updated on running the procedure

• Update only the selected applications - Select this option if you want only specified applications are to be updated on the endpoint, then specify the applications to be updated.

• Start entering the first few characters of the application. The upgradable applications identified from all managed endpoints and matching the search criteria will be displayed as options

• Select the application from the list

• Click 'Save'

• Click the 'Restart Control' tab followed by the 'Edit' button to configure restart options for the endpoint after the procedure has run successfully.

• You can choose to:

• Continue the operation of the endpoint without restart by selecting 'Suppress the reboot'

• Force restart the endpoint a certain period of time after the procedure has completed.

OR

• Display a warning to the user and let them postpone the restart. Type a message for the user if you choose this option.

• The 'Schedule' tab will be auto-populated once you add the procedure to a configuration profile and schedule its execution. See Add a Procedure to a Profile / Procedure Schedules for more details.

• The 'Execution Log' will be auto-populated after the procedure has been successful executed as part of a profile. You can view a history of executions at anytime by selecting this procedure in the 'Procedures' interface and clicking the 'Execution Log' tab.

• After saving, your patch procedure will be automatically approved, added to the 'Procedures' list and can be deployed in a profile.