Comodo Help
Find the desired product help
Comodo Endpoint Security Manager

Comodo Endpoint Security Manager

CIS Configuration Guide v 1.6

English

Print Help Download Help
Deploy Preset Configuration
  • Introduction To Comodo Internet Security Configuration Editor
  • Prerequisites To Deploying A CIS Configuration
  • Deploy Preset Configuration
  • The Custom Configuration Editor
    • Firewall Overview
      • Common Tasks
        • My Port Sets
        • My Network Zones
        • My Blocked Network Zones
      • Advanced Tasks
        • Network Security Policy
        • Predefined Firewall Policies
        • Attack Detection Settings
        • Firewall Behavior Settings
    • Defense+ Overview
      • Common Tasks
        • My Protected Files
        • My Blocked Files
        • My Protected Registry Keys
        • My Protected COM Interfaces
        • My Safe Files List
        • My Trusted Software Vendors
      • The Sandbox
        • The Sandboxing Process
        • Sandbox Settings
        • Applications Running Inside Sandbox
      • Advanced Tasks
        • Computer Security Policy
        • Predefined Security Policies
        • Image Execution And Control Settings
        • Defense+ Settings
    • Antivirus Overview
      • Virus Scanner
      • Exclusions
    • Common
      • File Groups
      • Registry Keys
      • COM Groups
    • Miscellaneous Overview
      • Settings
  • About Comodo

Deploy Preset Configuration

 

CIS ships with five Predefined Configurations containing preset security settings and also allows Administrators to manually define their own custom configurations.

 

Note 1: For more details on CIS Preset configurations refer to 'The Sequence Manager Window > Table of Actions' section in the main CESM Administrator Guide.

Note 2: For more details on CIS Manual Configuration refer to the CIS Configuration Editor User Guide.



 Important Note: A configuration can be implemented in any endpoint machine only if CIS has already been deployed to it. To know how to deploy CIS to endpoint machines, click here.



You can set protection for CIS in two ways.

 

Method 1 – Through shortcut in Right click options

  1. Right click on the target computer (previously installed with CIS) from the list of computers in the Computers window.

  1. Point to 'Internet Security' > 'Configuration' and select the required action parameter from the context sensitive menu as shown below.




OR

Method 2 – By creating a new task

 

To set protection for CIS, you need to create a new task with a sequence, containing the action 'CIS – Set predefined Config' and the required action parameter.

  1. Click the link 'New Task' on the 'Start Page'.


  1. Type a name (mandatory) and a description (optional) for the new task in the 'Task Properties' dialog and click 'Next'.



  1. Select whether the new task has to be executed on to individual computers or a group of computers and then select the computers or groups from the displayed computer tree.



  1. Select the radio button 'Create new sequence of actions' in the next step.



  1. Select 'Set Predefined Config' under Internet Security category from the list of predefined actions displayed in the left pane of 'Task Actions' dialog, move it to the right pane by clicking the right arrow and click 'Next'.



  1. Select the CIS Preset Config parameter in the next step.




  1. Click at the right end of the 'Predefined Config' text field and select the required Predefined Configuration from the four options in the drop-down menu and click 'Next'.


CIS - Predefined Configurations

Option

Description

COMODO – Endpoint Security

COMODO - Endpoint Security - This profile has been especially designed to provide the perfect combination of security and usability for endpoint computers.

  • Firewall is set to “Safe mode”

  • Defense+ is set to “Safe mode”

  • Image Execution Control is set to “Normal”

  • Computer Monitor/Disk/Keyboard/DNS Client access/Window Messages are monitored

  • Defense+ is tuned to prevent infection of the system

  • Antivirus is fully enabled

  • Untrusted applications are automatically sandboxed

COMODO - Antivirus Security

Note - 'Antivirus Security' is a legacy profile that will only work with CIS 3.x. If you have CIS 4.x installed then do not use this profile (the task will fail).

 

This profile is recommended if you chose to install only the antivirus component of CIS 3.x on a target machine while configuring the ‘Install Package’ Action (more specifically, if you left the Argument field blank for the CIS package). See 'The Package Management Window’ if you would like to read more about Packages.

 

This configuration of CIS implements the following settings:

  • Optimum protection settings for Defense+

  • Image Execution Control is disabled.

  • Computer Monitor/Disk/Keyboard/DNS Client access/Window Messages are NOT monitored.

  • Only commonly infected files/folders are protected against infection.

  • Only commonly exploited COM interfaces are protected.

  • Defense+ is tuned to prevent infection of the system while creating least number of Defense+ pop-up alerts.

  • Antivirus is fully enabled

COMODO - Firewall Security

This profile is recommended if only the firewall component of CIS needs to be installed on a target machine while configuring the ‘Install Package’ Action.

 

TThis configuration of CIS implements the following settings:

  • Firewall is set to Safe mode

  • Optimum protection settings for Defense+

  • Image Execution Control checks only applications that are not started manually by the user.

  • Computer Monitor/Disk/Keyboard is NOT monitored.

  • Only commonly infected files/folders are protected against infection.

  • Only commonly exploited COM interfaces are protected.

  • Defense+ is tuned to prevent infection of the system and detect Internet access request leaks even if it is infected.

Untrusted applications are not sandboxed. They will still be blocked at the point of execution but will generate a Defense + alert instead of being sandboxed.

COMODO - Internet Security

This profile is recommended if the full CIS product (both Firewall and Antivirus components) needs to be installed on a target machine while configuring the ‘Install Package’ Action.

 

This configuration of CIS implements the following settings:

  • Firewall is set to ‘Safe’ mode

  • Defense+ is set to ‘Safe’ mode

  • Image Execution Control is disabled.

  • Computer Monitor/Disk/Keyboard/DNS Client access/Window Messages are NOT monitored.

  • Only commonly infected files/folders are protected against infection.

  • Only commonly exploited COM interfaces are protected.

  • Defense+ is tuned to prevent infection of the system.

  • Untrusted applications are automatically sandboxed

COMODO - Proactive Security

This configuration provides the highest level of protection for endpoint machines by enabling all possible security features within the suite. This profile is recommended to enable the highest security settings.

 

This configuration of CIS implements the following settings:

  • Firewall is set to Safe mode

  • Maximum protection settings for Defense+. All possible protections are activated and all critical COM interfaces and files are protected

  • Antivirus is fully enabled

  • Untrusted applications are automatically sandboxed


  1. Schedule the task (optional). If you wish to timetable this task to run at regular intervals (or to delay it's execution until a later time) then select one of the options from the drop down menu. On the last step of the wizard, you will be given the opportunity to run the task immediately in addition to any schedule you may have set up here. To skip this stage, select 'Do not use schedule' from the drop-down menu and click 'Next'.



  1. Click 'Next' on the confirmation dialog to confirm your choices up until this point and to create the Task. After clicking 'Next', the Task will be saved and can be accessed at any time in the future via the Task Manager window. Click 'Next' to continue to Task finalization.


  1. To immediately execute this task, leave the 'Run task now' checkbox selected and click 'Finish'. This will install CIS with the maximum security, 'Proactive Defense' configuration on the selected endpoints. If you do not wish to run it immediately, deselect the box and click 'Finish'.

 

 

 

Comodo Endpoint Security Manager | © 2010 Comodo Security Solutions Inc. | All Rights Reserved.
Terms and Conditions Privacy Policy

© Comodo Group, Inc. 2013. All rights reserved.