Prerequisites to Deploying a CIS Configuration
Step 1: Import the Network and Choose Which Computers to Manage
To control any computer or network, first import it into the CESM console. Next, designate 'Managed' computers and install the CESM Remote Agent on them.
To start importing the computers:
-
Open Start Page (Click 'View > Start Page' if it is not already visible). Click the 'Add Computers' link to initiate the import computers wizard.
-
Choose import from Active Directory, Workgroup or by IP address and click 'Next'.
-
Active Directory - Either Import from the current domain or manually specify another domain. Leave 'Use Advanced Import Settings' enabled to filter the type of computers that are imported
-
Workgroup - Select from the list of detected Workgroups
-
IP Address – Manually specify the IP or range of IP addresses / DNS Names
-
Click 'Next' to begin the import. CESM detects and automatically import computers according to the administrator preferences. The results are displayed as the final step of the wizard.
|
Note: Leaving the 'Manage imported computers' checkbox enabled automatically assigns 'Managed' status to ALL imported computers. A computer needs to be 'Managed' in order to install the Remote Agent on it. A 'Managed' computer is colored blue and automatically uses one of the licenses. Alternatively, it may be disabled and 'Managed' status can be assigned later by right clicking on specific computers. |
Step 2: Install the Remote Agent
The next step is to install the Remote Agent on the Managed Computers. This allows the endpoint to communicate with CESM central service and the Administrative console.
To install the Remote Agent:
-
Click 'Install Agents' link in the 'Start Page'.
-
Select the Managed computers in which the remote agent is to be installed. Select all computers in a domain or Workgroup by selecting the checkbox next to the domain or Workgroup name. Click 'Next'.
-
To install the Agent on the endpoints, enter the User Name and Password of a local administrator. If you imported the workstation(s) from Active Directory then you can use the AD administrator user-name and password instead. Click 'Next' to continue.
-
The wizard runs a diagnostics check to make sure there are no problems that prevents the installation. If problems are discovered then a message stating the nature of the problem is displayed to take corrective actions. If no problems are detected then a 'Ready to Install' status message is displayed.
-
Select the computers in which the Agent is to be installed then click 'Next'. Finally, click 'Install'.
-
After installation, the Agent attempts to connect to the Central Service. If the connection attempt is successful then the color of the icon representing those machines changes from Blue (Managed but not connected to Central Service) to Green(Managed and successfully connected to CESM Central Service). The 'Computers' window in the CESM console displays the imported computers of the network with icon colors indicating their status as shown below:
|
Icon Image |
Status |
|---|---|
|
|
Unmanaged Computers |
|
|
Managed but not connected to CESM Central Service. CESM remote agent must be installed. |
|
|
Managed and connected to CESM Central Service. |
|
|
Managed, connected to CESM Central Service and CESM Warranty is enabled. |
In the example below, the machine color of MANAGED ENDPOINT 5 had changed from blue to Green after it is successfully connected to CESM Central Service.
 |
|
|
Managed but Agent not installed |
Managed. Agent installed and connected |
Then Comodo security products can be installed and tasks can be deployed on them.
Step 3: Upload Installation Package
CESM 'Packages' are installer files for Comodo security applications such as CIS and CDE and come in the form of .msi files. First upload the appropriate Package to CESM for installing the application to the required endpoints remotely.
To upload an installation package:
-
Right click on a managed computer in the computers window, point to 'Control' and select 'Install Agent' from the context sensitive menu or click 'New Installation Package' link in the 'Start Page'.
-
Type a name (mandatory) and a description (optional) for the new package in the respective fields in the 'New Package' dialog.
-
To specify the package to be uploaded, click the ellipsis button beside the 'File:' text box, browse to the local or network location which contain comodo.msi files and select the package file. The selected file is displayed with the path in the 'File:' text field.
-
Click 'Save' to complete the process.
The package file is now uploaded and ready for installation to the endpoints.
Step 4: Install CIS on Target Machines
Next, to install CIS on to the endpoints, create a task containing sequence of actions to be executed on the managed computers using the 'Products Installation Wizard'.
-
Start the wizard by clicking 'Install Packages' on the Start page
-
Type a name (mandatory) and a description (optional) for the new task in the 'Task Properties' dialog and click 'Next'.
-
Select to execute the new task on to individual computers or a group of computers and then select the computers or groups from the displayed computer tree.
-
Remove incompatible products.Before commencing the installation of Comodo packages, the wizard will first check for any incompatible products and offer to uninstall them for you. This includes items such as third party antivirus/firewall products. CESM may need to reboot the endpoint machine(s) to complete the uninstall process. The user of the remote endpoint will be notified of this with a pop-up message on their desktop. They will be offered the opportunity to postpone the reboot for 10 minutes or initiate the reboot immediately. If the user takes no action then their machine will automatically reboot after a 3 minute count-down.
-
Check if newer software is available. The wizard now offers to contact Comodo servers to check whether the packages that have been uploaded to the CESM Console are the latest versions. Click 'Check for updates' to do this. If newer packages are discovered you should click the 'Update' button to download the latest versions. Click 'Next' to continue.
-
Select packages and configure installation options. The next part of the wizard allows you to choose which products to install and to specify installation preferences:
-
CESM 'Packages' are the installer files for Comodo security applications such as CIS and CDE and come in the form of .msi files. The names and version numbers of packages that are available for installation are clearly listed. In the example above we have chosen to install the 32 bit version of CIS (filename ends with '_x86.msi). If you wish to install on 64 bit Windows systems then choose filenames ending in 'x64.msi').
-
At this point, you also have the opportunity to upload additional packages by clicking 'Upload Package...'. Any new packages you add will be immediately uploaded and added to the list.
To modify CIS installation options click on the blue underlined text in the 'Arguments' column. You can choose to install all components (both firewall and AV) or just the firewall or antivirus components. The default is to 'Install all components'.
If you chose to install 'All Components' then you next need to select a security profile for CIS:
A CIS 'Profile' is predefined security configuration designed for a range of deployment scenarios. 'Endpoint Security' is the default profile and has been specifically designed for centrally managed endpoints. It delivers a great marriage of security and ease of administration is recommended for most networks. 'Proactive Security' turns all security settings to their highest levels but Administrators may experience a trade-off in the higher number of alerts/requests that are generated.
Background Note: Even after deployment, each of these presets can be re-configured by the Administrator according to their specific needs. For more details on CIS configurations, refer to the section 'The Sequence Manager Window > Table of Actions' in the CESM Administrator Guide.
Once you have chosen your profile, click 'Next' to continue.
7. Finalization. The last part of the wizard is simply to review and confirm your installation options then initiate the installation process:
If you wish, you can click 'Previous' to go back and change any settings. Clicking 'Next' will install CIS on your target endpoint machines.
Note:The process outlined above is the easiest, but not the only way, to install CIS. Administrators can also install CIS by right-clicking on target machines and selecting 'Install' or by manually creating a new Task. Please refer to the full administrator's guide if you would like to know more about these alternatives.
Note on 'partial' installation options for Comodo Internet Security
Administrators have the option to install only the firewall or only the antivirus components of Comodo Internet Security (CIS). This is done by typing a small command into the 'Arguments' field in the 'Installation Parameters' pane whilst configuring a Sequence with the 'Install Package' Action with CIS as the package to be installed.
To effect one of the options above, the administrator has to enter a command into the 'Arguments' field. The command can be entered by clicking the ellipsis button on the right end of the Arguments Field and typing the command in the Command Line Arguments text dialog:
-
To Install Firewall and Defense+ BUT NOT Antivirus type the following in the command line arguments: INSTALLFIREWALL=1INSTALLANTIVIRUS=0
The command is displayed in the Arguments fields.
-
To Install the full CIS suite (Antivirus, Firewall and Defense+), type the following in the command line arguments:
INSTALLFIREWALL=1 INSTALLANTIVIRUS=1
The command is displayed in the Arguments fields.
-
To install the full Antivirus only, simply leave the argument field empty (do not type anything - this is the default setting).
Comodo Endpoint Security Manager | © 2010 Comodo Security Solutions Inc. | All Rights Reserved.