Comodo Help
Find the desired product help
Comodo Endpoint Security Manager

Comodo Endpoint Security Manager

Administrator Guide v 2.1

English

Print Help Download Help
The Administrative Console > The Computers Area > Viewing Endpoints
  • Introduction To Endpoint Security Manager – SME
    • Software Components And System Requirements
    • Removing Incompatible Products
    • Installing And Configuring The Service
    • Key Concepts
    • Best Practices
    • Quick Start Guide
  • The Administrative Console
    • Logging-in To The Administrative Console
    • The Dashboard Area
      • Adding And Re-configuring Tiles
      • Quick Actions Tiles
      • Policy Status Tile
      • Endpoint Updates Tile
      • Endpoint Infections Tile
      • Connectivity Tile
      • Getting Started Tile
      • System Status Tile
      • License Status Tile
      • Software Tile
    • The Computers Area
      • Adding Endpoint Computers To ESM
        • Importing Computers By Automatic Installation Of Agent
        • Adding Computers By Manual Installation Of Agent And CIS
        • Updating Comodo Software On Managed Computers
      • Creating Endpoint Groups
      • Viewing Endpoints
      • Updating Endpoints
    • The Policies Area
      • Viewing Policies
      • Creating A New Policy
    • The Reports Area
      • Reports Gallery
        • Computer Details Report
        • CIS Configuration Report
        • Computer Infections Report
        • Quarantined Items Report
        • Antivirus Updates Report
        • CIS Log Report
        • Policy Compliance Report
        • Policy Delta Report
        • Malware Statistics Report
        • Top Ten Malware Report
      • Report Explorer
      • Report Settings
    • About
    • Logging Out Of ESM Console
  • How To... Tutorials
    • How To Connect CIS To CESM At The Local Endpoint
    • How To Configure CIS Policies - An Introduction
    • How To Set Up External Access From The Internet
    • How To Install CIS
  • Appendix 1 - The Service Configuration Tool
    • Start And Stop The ESM Service
    • Main Settings
    • Server Certificate
    • Internet And Mail Settings
    • Caching Proxy Settings
    • Viewing Database Event Log
  • About Comodo

Viewing Endpoints

 

The 'View All Computers' interface plays a key role by providing system administrators with the ability to view and manage networked computers and their groups that have the agent installed. The interface displays all defined groups and the managed endpoints within each group.  See Adding Endpoint Computers to CESM for help deploying the Agent.

 

From this interface the administrator can:

  • Create a new group

  • Edit a group (add / remove endpoints, change default security policies)

  • View and manage individual endpoints (security policies, CIS management mode and quarantined items)

  • Remove groups or endpoints

  • Launch antivirus scans on groups or individual endpoints

  • Launch database updates on groups or individual endpoints

 

To access the 'View All Computers' interface, click the 'view' tile from the 'computers' area.

 

 

 

The 'View All Computers' interface will open.


 

 

 

 

The left hand column contains a list of pre-set and user defined groups. Clicking on any group will display all endpoints in that group. The preset groups are:

  • All Computers - Displays the list of all the endpoints managed by ESM in the right hand side (RHS) pane.

  • Online - Displays a list of endpoints that are currently online and connected to ESM console.

  • Outdated Bases - Displays a list of endpoints in which virus database is outdated. This is useful to initiate virus database updates only onto the outdated endpoints.

  • Infected - Displays a list of endpoints in which malware and virus are discovered during AV scans.

  • Non-Compliant - Displays a list of endpoints in which CIS installations are currently non-compliant with the policy applied for the groups they belong to.

  • Groups - Displays the list of only the member endpoints of the group.

 

You can filter the list of endpoints by clicking the icon next to the column label. For example, clicking the filter icon in the 'name' column will allow you to search for a particular endpoint. Clicking the filter icon in the ‘status’ column allows you to display only those endpoints that have 'Online', 'Offline', 'Infected' or 'Outdated' status:

 

 

 

  • Click ‘Apply’ to implement your chosen filter or click ‘Reset’ to clear the filter.




View All Computers Interface – Table of Column Descriptions

 

 

Column Heading

 

Description

 

name

 

Displays the name of the Endpoint computers with their IP address beneath the name.

 

 - Indicates that the endpoint is online and connected to ESM.

 

 - Indicates that the endpoint is offline and not connected to ESM.

 

 

status

 

Indicates whether the endpoints are online or offline. The current state of the computer that requires administrator's attention like, the the virus database is outdated or the computer is infected, is displayed beneath the status. The status of endpoints with the warning is displayed with a different color from the other endpoints. The connection status can be one of the following:

  • Online - The endpoint agent is connected to ESM

  • Offline - The endpoint agent is not connected to ESM at this moment

 

cis

 

Indicates whether the CIS installation in the endpoint is remotely managed by ESM or locally managed. The version number of CIS installed at the endpoint is displayed beneath the mode. The CIS mode can be:

  • Local - The CIS installation at the endpoint is being managed locally. You can directly force the endpoints in local administration mode to remote management mode by clicking the  icon.

  • Remote - The CIS installation at the endpoint is being managed remotely.

  • Unknown - The management mode of CIS at the endpoint cannot be established. This may be because CIS is not installed; is not active or because of network problems.

  • Unsupported CIS – The CIS installation at the endpoint cannot be managed by ESM. This may be because the endpoint has an older version of CIS that cannot be remotely managed. You can update the CIS installation from the Managed Endpoints interface. Refer to Updating Comodo Software at Managed Endpoints.

The CIS Mode can be changed from the 'Computer Properties' interface > 'Advanced View' of the respective endpoint or by using 'Details....'. Refer to Viewing Details of an Endpoint Computer and Applying Policies Individually for more details.

 

policy

 

Displays the compliance status of the CIS installation on the endpoint with the applied security policy. The local connection policy applied for the endpoint is displayed beneath the compliance status.

 

 

The compliancy status can be one of the following:

  • Compliant - The CIS installation at the endpoint is compliant to the applied security policy.

  • Non-Compliant - The CIS installation at the endpoint is not compliant to the applied security policy.

    • For endpoints with CIS in Remote Management Mode - ESM will apply the security policy to the endpoint during the next polling time to make it compliant. Clicking the  icon will forcibly reapply the security policy immediately.

    • For endpoints with CIS in Local Administration Mode - CIS has to be switched to Remote mode at the endpoint or by using '...Details' to make it compliant. Alternatively, a new policy can be applied to make it compliant.

  • Pending – The compliancy status of the CIS installation at the endpoint is yet to be assessed.

For further reading on 'Policies', please see 'The Policies Area'.

 

actions

 

Displays the progress of currently executed action or last completed action on the endpoint like running an Antivirus scan or virus database updates.  The action column also displays shortcut icons for running an Antivirus scan and updating virus database on the endpoint.

 

 - Clicking this icon starts a full computer Antivirus scan on the endpoint if it is online.

 

 - Clicking this icon starts virus database update on the endpoint if it is online.

 



Creating a New Group

  • Click the Add Group icon  from the bottom of the interface. The Create Group Wizard will be started. Refer to the section Creating Endpoint Groups for a detailed description on the wizard.


Viewing and Editing a Group

 

The 'Group Properties' interface displays the details like the local connection and Internet connection security policies applied to its member endpoints. You can change the name of the group and the policies applied from this interface. The 'Group Properties' It also allows you to add newly imported endpoints from the 'Unassigned' group or move endpoints from other groups into it and to remove existing member endpoints.

 

The 'Group Properties' interface can be opened by three ways:

 

  • Selecting a group from the Left Hand Side (LHS) pane and clicking 'View Details' link from the Right Hand Side (RHS) pane

  • Selecting the group from the LHS pane and clicking the details icon

  • Selecting the group from the LHS pane and double clicking on it


The interface contains two screens:


  • General Screen – Displays the name, description and default policies assigned to the group and enables the administrator to edit those details.

  • Computers Screen – Displays the list of all endpoint computers added to ESM, with the members of the group preselected, allowing administrator to add more computers to the group and remove existing members. Computers that are removed from a specific group but are not re-assigned to another named group, will be automatically added to the 'Unassigned' group.


The administrator can switch between these two areas by clicking the tabs at the top, swiping through the interface or by using the left and right arrows on both sides of the interface.


General Screen


The 'general' screen displays the name, description, assigned local and Internet connection security policies of the group. 

 

 


  • To Change the name and description, directly edit the respective text fields

  • To change the Local and Internet connection security policies applied to the member endpoints of the group, select the policies from the respective drop-downs

  • To forcibly change the management mode of CIS installations in the endpoints to Remote mode, enabling management by ESM, click the 'force remote mode' button

  • Click 'save' icon for the changes to take effect


Computers Screen

 

The 'computers' screen displays a list of all the computers added to ESM along with the details of their IP Address and the group they belong to. Endpoints that are the members of the group are preselected.

 

 

 

 

  • To add more computers to the group, simply select the checkboxes beside the required computer names

  • To remove the existing member endpoints, simply uncheck the items

  • Click 'save' icon for the changes to take effect


Viewing Details of an Endpoint Computer, Applying Policies Individually and Managing Quarantined Items

 

The 'Computer Properties' interface displays the system details like the name, hardware configuration, OS version, group details like group name, local connection and Internet connection security policies applied, warranty status and CIS details like version of CIS application and its installed components. You can change the applied security policies individually for this endpoint, enable warranty and manage suspicious files identified and quarantined by CIS in it.

 

 

The 'Computer Properties' interface can be opened by three ways:

  • Selecting the computer from the right hand side pane and clicking the details icon

  • Selecting the computer from the RHS pane and double clicking on it

 

The 'Computer Properties' interface contains three screens:

  • General Screen – Displays the general system details like IP address, Computer Name, Hardware Configuration and Operating System details of the endpoint.

  • Advanced Screen – Displays CESM connection details like Group to which it belongs, current connection mode, and current security policies applied. The administrator can view the details of the policies and change Local network and Internet connection security policies of the endpoint individually.

  • Internet Security Screen – Displays the details of the CIS application and the details of virus signature database. The Internet Security screen also allows you to update the virus signature database and run antivirus scans on the endpoint individually and manage the suspicious items quarantined by the CIS in the endpoint.

The administrator can navigate between these screens by clicking respective links at the top left,  swiping through the interface or by using the left and right arrows on both sides of the interface.

 

General Screen

 

The 'general' screen provides the computer related details like the IP Address, Computer name, Operating System and Hardware configuration of the endpoint. The interface also displays the version of the ESM agent currently installed at the endpoint and the connection status.   

 



'Advanced' Screen

 


The Advanced View area of the Computer Properties interface displays the ESM related details of the endpoint computer.

 


 


The 'Group Details'  the details of the Group to which the endpoint belongs:


  • Member of Group – Name of the group. Clicking the Name of the group will open the 'Group Properties' interface of the group. Refer to Viewing and Editing a Group for more details on this interface.

  • Group Local Policy – Displays the Local network connection security policy assigned for the group. Clicking the policy name will open the 'Policy Properties' interface of the policy. Refer to Viewing  Details, Editing and Applying a Policy to Endpoints for more details on this interface.

  • Group Internet Policy – Displays the Internet connection security policy assigned for the group. Clicking the policy name will open the 'Policy Properties' interface of the policy. Refer to Viewing  Details, Editing and Applying a Policy to Endpoints for more details on this interface.

The 'Policy Details' displays the details on security policies currently applied to the endpoint and their compliancy status. You can change the security policy applied to the endpoint individually or reapply the policy corresponding to the Group to which the endpoint belongs.

  • Current Policy – Displays the current security policy applied to the endpoint as per the current connection mode. Clicking the policy name will open the 'Policy Properties' interface of the policy. Refer to Viewing  Details, Editing and Applying a Policy to Endpoints for more details on this interface.

  • Current Policy Status - Displays whether the endpoint is in complaint or non-compliant policy mode of the group it belongs. If it is non-complaint, click the 'Reapply Policy' button to apply the group's policy to the endpoint.

  • Local Policy – The drop-down displays the current local network connection security policy applied to the endpoint. You can change it by selecting the required policy from the drop-down so that the selected policy is applied to this endpoint irrespective of policy of the Group.

  • Internet Policy – The drop-down displays the current Internet connection security policy applied to the endpoint. You can change it by selecting the required policy from the drop-down so that the selected policy is applied to this endpoint irrespective of policy of the Group.

  • Current Connection Mode – Indicates whether the endpoint is connected to ESM through local network or Internet, which determines whether the computer will be using the Local Policy or Internet Policy..

  • Last Poll Time - Indicates the date and time at which the connection and policy compliancy states of the endpoint was last assessed.

The 'Warranty Details' displays the warranty status of the endpoint. If it is disabled, you can click the 'Enable' button to enable warranty. The warranty is eligible as per the license you have purchased.

 

 

 Internet Security Screen

 

The 'internet security' screen displays the details on CIS application and virus signature database update status installed in the endpoint. It also enables you to run antivirus scans and manage files and programs identified as suspicious by the CIS application and moved to quarantine at the endpoint. The 'internet security' screen contains two screens:


  • General

  • Quarantined Items


You can switch between these two screens by clicking the respective tabs

 

General


The General tab displays the details of CIS and the virus signature database

 



The 'General' details provides the version of CIS installed, its mode of management and the components like Antivirus only, Firewall only and All Components installed. If the CIS is in local administration mode, you can switch it to remote management mode by the ESM, by clicking the 'force remote mode' button.


The Virus Signature Database details provides the version of the virus signature database in the endpoint and its update status. If the database is outdated, you can click the 'update' button to start updating it.


The 'Antivirus Scan' enables you to run antivirus scans at the endpoint with the selected scan profile. To run a scan, select the scan profile from the drop-down and click the 'run a scan' button. The Scan Status field will display the progress of the scan.

 

Quarantined Items


The 'Quarantined Items' tab displays a list if programs, applications and files identified as suspicious by the CIS installation at the endpoint during its real-time and on-demand scans and moved to its quarantine.

 




After the analysis of the list:


  • If the administrator finds an entry to be a safe application or file, the administrator can restore it to the original location in the endpoint from quarantine

  • On the other hand, if the administrator finds an entry to be a harmful application or a file, the administrator can permanently remove it from the target endpoint


 

Note: When you restore a quarantined item to a computer, the file will be scanned again by Comodo Internet Security and, unless a new policy or update was applied otherwise, it may again be found to be malware, at which point it will just be placed back into quarantine.


To restore or remove a file or application


  1. Select the checkbox in the left end of the row(s) of the entry(ies) to be removed or restored.

  2. Click 'Delete' or 'Restore' from the top right of the interface as required.


 Removing Groups or Endpoints

 

Administrators can remove groups or individual endpoints by simply selecting them and clicking the 'Remove' icon .

 

A confirmation dialog will be displayed.

 


 

 

 

The ESM agents in the member endpoints of the selected group or the selected endpoint(s) will be automatically removed.

  • If you want the CIS installations also to be removed from the endpoints, select 'Uninstall CIS before removal' checkbox.

  • Click 'Yes' to remove the selected item(s).


 

Tip: Press and hold Shift or Ctrl key on the keyboard to select multiple items.


Running Antivirus Scans


The 'View All Computers' interface allows the administrator to run Antivirus (AV) scans on Group(s) or  Endpoint(s) directly just by selecting them then clicking the 'Run a Scan' icon . The scan will start immediately and the progress will be displayed under the status column of the target computer(s).

  • If malware is discovered during the scan that is not handled successfully (deleted, disinfected or quarantined) then the 'Malware Found' and/or 'Infections' tiles on the dashboard will turn red and display the number of samples and/or affected endpoints. Malware that is successfully dealt with will not show on the 'Malware Found' tile.

  • Admins can also receive email notifications upon malware discovery. To set up notifications, click 'Dashboard' > Click 'System Status' at the bottom of the 'Malware Found' tile > Click the 'Edit' icon to open 'System Status Tile Properties > Select 'Send Email Notifications' checkbox (make sure 'Malware Found' is displayed in the drop down box).

  • The results of the scan can be viewed as an Infection report from the Reports area – click 'Reports' then the 'Computer Infections' tile. The report can also be exported as a pdf file or a spreadsheet file for printing purposes. Refer to Reports > Computer Infections for more details.


Running AV Updates

 

The 'View All Computers' interface allows the administrator to update Antivirus (AV) signature database on Group(s) or Endpoint(s) directly just by selecting them and clicking the 'Update AV' icon . The update process will start immediately and the progress will be displayed under the state column of the target computers.

Terms and Conditions Privacy Policy

© Comodo Group, Inc. 2013. All rights reserved.