Comodo Endpoint Security Manager

• Introduction To Endpoint Security Manager – SME
  • Software Components And System Requirements
  • Removing Incompatible Products
  • Installing And Configuring The Service
  • Key Concepts
  • Best Practices
  • Quick Start Guide
• The Administrative Console
  • Logging-in To The Administrative Console
  • The Dashboard Area
    • Adding And Re-configuring Tiles
    • Quick Actions Tiles
    • Policy Status Tile
    • Endpoint Updates Tile
    • Endpoint Infections Tile
    • Connectivity Tile
    • Getting Started Tile
    • System Status Tile
    • License Status Tile
    • Software Tile
  • The Computers Area
    • Adding Endpoint Computers To ESM
      • Importing Computers By Automatic Installation Of Agent
      • Adding Computers By Manual Installation Of Agent And CIS
      • Updating Comodo Software On Managed Computers
    • Creating Endpoint Groups
    • Viewing Endpoints
    • Updating Endpoints
  • The Policies Area
    • Viewing Policies
    • Creating A New Policy
  • The Reports Area
    • Reports Gallery
      • Computer Details Report
      • CIS Configuration Report
      • Computer Infections Report
      • Quarantined Items Report
      • Antivirus Updates Report
      • CIS Log Report
      • Policy Compliance Report
      • Policy Delta Report
      • Malware Statistics Report
      • Top Ten Malware Report
    • Report Explorer
    • Report Settings
  • About
  • Logging Out Of ESM Console
• How To... Tutorials
  • How To Connect CIS To CESM At The Local Endpoint
  • How To Configure CIS Policies - An Introduction
  • How To Set Up External Access From The Internet
  • How To Install CIS
• Appendix 1 - The Service Configuration Tool
  • Start And Stop The ESM Service
  • Main Settings
  • Server Certificate
  • Internet And Mail Settings
  • Caching Proxy Settings
  • Viewing Database Event Log
• About Comodo

Creating a New Policy

 

The 'Create Policy' wizard enables the administrators to create new security policies and to apply them to groups of target computers. The new policies can be created by:

• Importing the local security settings from a computer

• Using another pre-existing policy as a base

• Importing from a saved .xml file

Policies can be created according to the security requirements of different groups of computers which are in turn, created according to the requirements of the organization. So it is recommended to first create groups and then to create policies, so that the policies can be applied to the groups as required.

 

It is also recommended to retain the group 'Unassigned' with the 'Locally Configured' policy until all the computers have been imported into ESM, so that ESM will not overwrite the policy on new discovered computers once the agent is installed in it.

 

To start the 'Create Policy' wizard

 

Click the 'create' tile from the 'policies' area.

 

 

The wizard will start with Step 1- Source Type. The remaining steps are displayed below the title bar with the current step highlighted in bold. To move backwards or forwards between steps, use the arrows on either side of the main interface (or left click and drag to swipe the screens left or right) or click a step with a clickable active link below the title bar.

 

Step 1 – Select Source Type

 

The new policies can be created from three types of sources:

• Computers– Imports the security settings configured locally from a selected source computer to create a new policy

• Another Policy – Enables to choose an existing policy and use it as the starting point to create a new policy

• A saved Policy XML file – Imports the policy from the policy .xml file from the computer running the administration console

Explanations on importing from different source types can be found in the following sections: Importing from Computers, Importing from Another Policy and Importing from XML File.

• Select the source type and click the right arrow to move to step 2

Tip: You might create a policy from another policy if you want to exclude a CIS component from policy but use the settings in other components, or change the agent-specific settings of the policy(such as to have a different compliance polling interval, or to disallow local mode access) for a particular endpoint or group.

Importing from Computers

• Choose ' A Computers' if you wish to import the security settings from a target endpoint as the new policy and click the right arrow to move to Step 2 - Selecting Source Computer

Step 2 – Selecting Source Computer

 

All endpoint computers added to ESM will be displayed.

 

• Select the category or group from the left hand side pane. The member endpoints of the selected category/group will be listed in the right hand side pane.

• Select the computer from which you wish to import the settings. The computer should have CIS installed and be in local mode, configured as per requirements, and should be online to enable ESM to import the settings.

• Click the filter icon  in the 'status' column header to search for a particular endpoint, select the status and click 'Apply'.

• Click the filter icon  in the 'cis mode' column header to search for endpoints with CIS in Local, Remote or Unknown mode and click 'Apply'.

• Click 'Reset' to display all the items.

• Options:

• Force source computer to be remotely managed after policy import is complete – To configure the settings locally, the source computer would have been switched to local administration mode. If you wish the computer to be switched to Remote administration mode after policy is read, select this option.

• Click the right arrow to move to Step 3 - Settings.

Importing from Another Policy

• Choose 'Another Policy' if you wish to import the security settings from an existing Policy and click the right arrow to move to Step 2 - Selecting Source Policy

 

Step 2 – Selecting Source Policy

 

A list of all the existing policies with their descriptions and the CIS components configured by them is displayed.

 

• Click the filter icon  in any of the respective column header to search for a particular policy or component, enter or select and click 'Apply'

• Click 'Reset' to display all the items

• Select the source policy from which you wish to create a new policy and click the right arrow to move to Step 3 - Settings

Importing from a saved XML File

• Choose 'A saved Policy XML file' if you wish to import the security settings from a previously saved policy xml file in the computer running the administration console. Click the right arrow to move to Step 2 - Selecting Source File.

Step 2 – Selecting Source File

 

• Type the path of the location where the policy xml file is saved or click 'Browse' and navigate to the required policy XML file

• Click the right arrow to move to Step 3 - Settings

Step 3 – Settings

 

The next step is to select the components of CIS for which the security settings are to be imported into the policy.

 

• All Available Settings – Imports all the settings from the source selected in the chosen step 2, above

• Custom components settings – Enables the administrator to select the components of CIS so that only those settings corresponding to the selected components are imported into the policy from the source selected in step 2

• Antivirus Settings - Imports the settings relevant to the Antivirus component

• Firewall Settings - Imports the settings relevant to the Firewall component

• Defense+ Settings - Imports the settings relevant to the Defense+ component

• Include Trusted Vendors - Imports trusted vendors, if any, from the source policy

• Include Trusted Files - Imports trusted files, if any, from the source policy

• Make your selections and click the right arrow to move to step 4 – Agent Settings

 

Step 4 – Agent Settings

 

The next step allows the administrator to configure the ESM agent installed at the target computers, for which the policy has to be applied.

• Allow Local Administration – Configures the agent to allow the CIS installation at the target machine to be switched to local administration mode should the user desire to change the security settings. The administrator may choose to not allow the user to alter the security settings in his/her computer, so as to not lead to a security hole in the network. On selecting the 'Allow Local Administration' check box, the administrator should specify how the access to local administration has to be restricted by selecting an option from the following check boxes:

• Using computer administrator credentials – Selecting this option will require the computer user to either have administrative credentials or enter credentials while switching  CIS at the target machine  to local administration mode.

• Using local password – Allows the administrator to specify a password in the text box below this option. This password should be entered for switching the CIS to local administration mode.

• Policy compliance polling interval – The administrator can set the time interval (in hours and minutes) for the agent to periodically check whether the CIS at the target computer is compliant with the applied security policy. The result will be dynamically displayed in the Policy Status tile and System Status - Compliancy status tile on the dashboard. (Default = 1 hour, up to but not including 24 hours).

Tip: ESM can also be configured to alert the administrator by sending automated emails on the occurrence of a target computer going non-compliant. See System Status Tiles for more details.

• Local Server Address – The administrator can specify the address of the server machine in the local network, on which the ESM central service is installed.

• Internet Server Address – The administrator can specify the address of the external server on which the ESM central service is installed if the endpoint should connect to the ESM server through Internet.

Tip: Tip: Local Server Address and Internet Server Address values are used by the Agent to determine when Local Policy or Internet Policy should be applied. What's more, these addresses have a priority over addresses that are in the Server Network Addresses list specified in the Configuration Tool such that: 1.The Local Server Address value, mandatory in policy settings, specifies that if this connection is established Local Policy should be applied. 2.Internet Server Address value is optional in policy settings. If specified it is tried to be reached ONLY if the specified local address connection fails. Internet Policy  should be applied. If none of these addresses succeeded or if Internet Server Address value wasn't specified, the Agent will try the remaining hosts in the Server Network Addresses list, applying the corresponding policy based upon analysis per RFC 3330 of a connection succeeding via a special use address as indicating Local policy, and a public address indicating Internet policy.

• Click the right arrow to move to the step 5 – Selecting Targets.

Step 5 – Selecting Targets

 

The administrator can select the target computer group(s) onto which the created policy has to be applied.

 

• Click the check box for 'Assign policy to groups after finish' if you to apply the newly created policy after it is imported to an existing group. You can also assign this policy at a later stage to groups if you do not want to do so now. See Viewing Policies section for more details.

• For the group(s) of computers connected through local the network you wish to apply the new policy, select 'For Local Policy' checkbox.

• For the group(s) of computers connected through the Internet you wish to apply the new policy, select 'For Internet Policy' checkbox.

• Options:

• Override individual computers policy - Selecting this option will apply the new policy onto target computers in the selected groups that currently have individual policies that differ from the group policy, thereby reverting their policies to come from their group membership.

• Force target computers to be remotely managed upon policy assignment - Selecting this option will forcibly switch the CIS installations in the selected target endpoints to remote management mode on assigning the new policy, irrespective of their current management mode.

 

• Make your selections and click the right arrow to move to step 6 - Importing the Settings and Creating the Policy.

Step 6 - Importing the Settings and Creating the Policy

 

The next step requires the administrator to specify a name and provide a description for the policy created.

 

• Name - Enter a name according to criteria deemed suitable to the security settings.

• Description - Enter short text that best describes the policy.

• Options:

• Apply Policy after Finish - The newly created policy will be only be applied to the target endpoints immediately if this checkbox is selected. If not selected, the endpoints will pick up the new policy when they check in at the next policy poll.

Note: This option will be available only if you had selected 'Assign policy to groups after finish' checkbox in the previous step 5.

• Make your selection and click the Finish icon  or swipe the screen to left to complete the policy creation process. On completion:

• The 'View All Policies' interface will open with the new policy added.

• The new policy will be applied to the target computers selected in step 5 as per the options selected in the same.