Comodo Endpoint Security Manager

• Introduction To Endpoint Security Manager – SME
  • Software Components And System Requirements
  • Removing Incompatible Products
  • Installing And Configuring The Service
  • Key Concepts
  • Best Practices
  • Quick Start Guide
• The Administrative Console
  • Logging-in To The Administrative Console
  • The Dashboard Area
    • Adding And Re-configuring Tiles
    • Quick Actions Tiles
    • Policy Status Tile
    • Endpoint Updates Tile
    • Endpoint Infections Tile
    • Connectivity Tile
    • Getting Started Tile
    • System Status Tile
    • License Status Tile
    • Software Tile
  • The Computers Area
    • Adding Endpoint Computers To ESM
      • Importing Computers By Automatic Installation Of Agent
      • Adding Computers By Manual Installation Of Agent And CIS
      • Updating Comodo Software On Managed Computers
    • Creating Endpoint Groups
    • Viewing Endpoints
    • Updating Endpoints
  • The Policies Area
    • Viewing Policies
    • Creating A New Policy
  • The Reports Area
    • Reports Gallery
      • Computer Details Report
      • CIS Configuration Report
      • Computer Infections Report
      • Quarantined Items Report
      • Antivirus Updates Report
      • CIS Log Report
      • Policy Compliance Report
      • Policy Delta Report
      • Malware Statistics Report
      • Top Ten Malware Report
    • Report Explorer
    • Report Settings
  • About
  • Logging Out Of ESM Console
• How To... Tutorials
  • How To Connect CIS To CESM At The Local Endpoint
  • How To Configure CIS Policies - An Introduction
  • How To Set Up External Access From The Internet
  • How To Install CIS
• Appendix 1 - The Service Configuration Tool
  • Start And Stop The ESM Service
  • Main Settings
  • Server Certificate
  • Internet And Mail Settings
  • Caching Proxy Settings
  • Viewing Database Event Log
• About Comodo

Best Practices

1. In ESM, security policies should be applied to 'groups' of computers rather than individual endpoints. So the administrator should first create computer groups that mirror their organization from the administrative console, before importing policy. See Creating Endpoint Groups for explanation on creating new groups.

2. It is recommended to maintain the default group 'Unassigned' with the policy 'Locally Configured' until all the required endpoints in the network are imported. This will prevent ESM from overwriting existing CIS security settings on a new endpoint at the instant it becomes managed after deploying the agent.

3. Policy is implemented in a typical PC environment “imaging” strategy - just as a PC is 'imaged' for replicating it to others. A policy can be created or edited at an endpoint and tested to ensure it works as required before creating an image. The image can then be imposed on other endpoints. The purpose of the administrative console is to alert, centrally deploy software and enforce policy.

4. If the policy of a remote computer is to be changed, it can be pushed to a special test/imaging PC or any nearby PC. The CIS on the test/imaging computer can be set to local administration mode in order to edit its configuration. The configuration can be then and imported as a new policy for application to remote computers. If needed the test/imaging computer can be reverted to its original policy.

5. An endpoint serving as a test/imaging computer can be left in 'Local Administration Mode' so that administrators can easily use it to create/modify and import new policies. Even if the PC has an assigned policy other than 'Locally Configured', the endpoint will not be overwritten with policy from the ESM console until it is returned to remote management mode (even if the PC reboots).

6. Regardless of whether the agent and CIS are installed automatically from the administrative console or manually at the endpoints using the 'Manage this Endpoint' feature of CIS 2012 or offline deployment, they should be updated only through ESM.  

Next:

Quick Start Guide