Comodo Help
Find the desired product help
Comodo Endpoint Security Manager

Comodo Endpoint Security Manager

Administrator Guide v 2.1

English

Print Help Download Help
The Administrative Console > The Reports Area > Reports Gallery > Policy Compliance Report
  • Introduction To Endpoint Security Manager – SME
    • Software Components And System Requirements
    • Removing Incompatible Products
    • Installing And Configuring The Service
    • Key Concepts
    • Best Practices
    • Quick Start Guide
  • The Administrative Console
    • Logging-in To The Administrative Console
    • The Dashboard Area
      • Adding And Re-configuring Tiles
      • Quick Actions Tiles
      • Policy Status Tile
      • Endpoint Updates Tile
      • Endpoint Infections Tile
      • Connectivity Tile
      • Getting Started Tile
      • System Status Tile
      • License Status Tile
      • Software Tile
    • The Computers Area
      • Adding Endpoint Computers To ESM
        • Importing Computers By Automatic Installation Of Agent
        • Adding Computers By Manual Installation Of Agent And CIS
        • Updating Comodo Software On Managed Computers
      • Creating Endpoint Groups
      • Viewing Endpoints
      • Updating Endpoints
    • The Policies Area
      • Viewing Policies
      • Creating A New Policy
    • The Reports Area
      • Reports Gallery
        • Computer Details Report
        • CIS Configuration Report
        • Computer Infections Report
        • Quarantined Items Report
        • Antivirus Updates Report
        • CIS Log Report
        • Policy Compliance Report
        • Policy Delta Report
        • Malware Statistics Report
        • Top Ten Malware Report
      • Report Explorer
      • Report Settings
    • About
    • Logging Out Of ESM Console
  • How To... Tutorials
    • How To Connect CIS To CESM At The Local Endpoint
    • How To Configure CIS Policies - An Introduction
    • How To Set Up External Access From The Internet
    • How To Install CIS
  • Appendix 1 - The Service Configuration Tool
    • Start And Stop The ESM Service
    • Main Settings
    • Server Certificate
    • Internet And Mail Settings
    • Caching Proxy Settings
    • Viewing Database Event Log
  • About Comodo

Policy Compliance Report

 

Each target computer in ESM can receive a security policy that dictates the security settings of each of the antivirus, firewall and Defense+ components of CIS installed at the target computer. The CIS installation at the target endpoint will automatically be configured as per the applied policy when CIS is in remote management mode.

 

If the end-user or the network administrator changes any of the security settings in their local installation of CIS by switching it to local administration mode, the computer becomes 'non-compliant' with its designated (or 'applied') policy. If the computer is switched back to remote management mode, its designated policy will be automatically reapplied at next polling time (as per the agent settings made to the policy) and the computer's status will return to 'compliant'.

 

The target computer will be retained in Non-Compliant status under the following conditions:

  • CIS on the target computer is maintained in local administration mode and settings were modified

  • CIS on the target computer was switched to Remote Management mode but the policy has not yet been applied because ESM has not yet polled the computer

The target computers applied with the 'Locally Configured' policy will always be retained in 'Compliant' status as ESM does not enforce any policy compliance on to them. Also, 'Locally Configured' policy allows the user to change the CIS configuration settings locally and stores the changes dynamically. If the target computer is switched back to Local Configuration policy from any other ESM applied security policy, the last stored configuration is restored on to it.

 

 

Tip: To ensure a new configuration is applied permanently, leave the endpoint in local administration mode, import the configuration as a new policy into ESM and apply it to the required target computer(s) (including the one from which the settings are imported). See 'Creating a New Policy' for more details.


Administrators are advised to regularly check whether imported computers are compliant with their assigned policy. Non-compliance can indicate changes in management mode and/or unauthorized changes to CIS security settings.

 

The Policy Compliance report provides a summary of the compliance of the target computers and details of computers which are non-compliant to the policy.

 

To generate a Policy Compliance report, click the 'compliance' tile from the 'reports gallery' screen.

The Create 'Policy Compliance Report' wizard will be started.

 

Step 1 - Selecting Targets

 

The 'Select Targets' screen will appear:

 

  • Select the group from the left hand side pane and select the member endpoint(s) for which you wish to generate the 'Policy Compliance' report from the right hand side pane

  • Swipe the screen to the left or click the right arrow to move to step 2

 Step 2 - Options


The next step allows the administrator to choose the options for the report:

 



 

    • Include only non-compliant computers - The report will contains details of only the computers that are non-compliant

    • Generate downloadable report file - Select this option if you need to print or archive the report. You can choose the printable file to be generated in portable document (.pdf) or spreadsheet (.xls) format. On completion, the report generated can downloaded to the administrator's computer.

  • Swipe the screen or click the right arrow to move to next step.

Step 4 - Generating the Report

  • Click the Finish icon  or swipe the screen to left to start generating the report.

 Viewing the Report

  • The 'reports explorer' screen will be opened with the running reports tab selected. All the reports being generated currently will be listed with their status.

  • On completion of required report generation, select the report and click the details icon . The report page will be displayed.

  • The report will contain a summary pie chart providing at-a-glance comparison on numbers of computers that are compliant, non-compliant and are pending to be applied with the policy.

  • Following the summary, details of each computer, with their associated group, IP addresses, applied Policy, compliancy status, last compliancy checked time, when the non-compliant computers went non-compliant are displayed.



  • Clicking the Policy name from the list opens the 'Policy Properties' interface of it. The interface allows the administrator to edit the policy and reapply it to the respective targets. Refer to Viewing Policies for more details.

Available Report Filters

 

The report screen allows the administrator to optimize the search by using the filter option. The available filters for the Policy Compliance report are:

  • Computer - Searches the report based on the computers' name

  • IP Address - Filters the report based on the IP Address of the endpoints

  • Group - Searches the report based on the group's name

  • Status - Filters the report based on the status of policy whether it is pending, non-complaint or OK

  • Current Policy - Searches the report based on the policy name

  • Last Poll - Searches the report based on poll period start and poll period end

  • Next poll - Filters and displays endpoints based on their next polling time

To filter the results:

  • Click the filter icon  in the respective column header to search for a particular item

  • Type or enter the filter criteria fully or partly or select and click 'Apply'

Only the entries that match the criteria will be displayed in the report.

  • Click 'Reset' to display all the items

Downloading the Report

 

If the administrator had opted for generating a printable report file in step 2, the report can be downloaded by clicking the Download icon  at the bottom of the report page.

Terms and Conditions Privacy Policy

© Comodo Group, Inc. 2013. All rights reserved.