Comodo One

• Introduction To Remote Monitoring And Management Module
  • Quick Start Guide
  • System Requirements
• Install RMM Administrative Console
  • Login To The RMM Administrative Console
• The RMM Administrative Console
• The Devices Interface
  • Apply Policies
  • Run Procedures
• The Sessions Interface
  • Support Sessions Interface – An Overview
  • Handle Support Sessions
    • Run Procedures From A Support Sessions
    • Use RMM Tools
      • Access Endpoints Through Remote Desktop Connection
      • Manage Autoruns
      • System Cleaner
      • Power Management
      • Manage Internet Browser Add-ons
      • Active Connections Manager
      • Restore A Client System
      • Hardware Monitor Tool
      • Unattended Technical Support
      • Access Command Prompt Window Of Client System
      • Manage Currently Running Processes
      • Obtain System Inventory Information
      • Transfer Files From / To Client System
• The Jobs Interface
  • Manage Jobs
  • Execute Jobs On Endpoints
• The Procedures Interface
  • Manage Procedures
  • Run Procedures On Endpoints
• The Policies Interface
  • Manage Policies
• Appendix – Issue Codes For Monitors
• About Comodo Security Solutions

Quick Start Guide

 

This tutorial briefly explains how an admin can setup Comodo Remote Monitoring and Management (RMM).

Note - To use Comodo RMM, you must have an active Comodo One Account (https://one.comodo.com) and have added devices and users to the Comodo IT and Security Manager (ITSM) module. Once you have added devices to ITSM, you will be able to download the RMM console and push the RMM client to managed endpoints. For more details on enrolling users and adding devices in ITSM, see https://help.comodo.com/topic-399-1-786-10125-Creating-New-User-Accounts.html and https://help.comodo.com/topic-399-1-786-10126-Enrolling-User-Devices-for-Management.html

Basic Setup:

1. Add devices, endpoints and users to Comodo IT and Security Manager as described above.

2. Enable the RMM extension in Comodo IT and Security Manager ('Settings' > 'Extensions' > set RMM switch to 'ON')

3. Install the RMM Admin console. The console is used to monitor endpoints, define policies and configure endpoint service desk tickets, and should be installed on a local workstation or server. To download the console, open ITSM > 'Devices' > 'Device List' > 'Device Management'. Select any endpoint from the list and click 'Takeover'. This will allow you to download the console setup files to your local machine.

4. Install the RMM client software on target endpoints. The agent facilitates communication between endpoints and the admin console. The agent is automatically installed on managed endpoints once the RMM extension is enabled in ITSM (step ii, above). Should the need arise, you can also install the agent manually by clicking Devices > Device List' > 'Device Management', selecting your target endpoints then clicking 'Install or Update Packages' > 'Install Additional Comodo Packages' > 'Install RMM Plug-in Agent'.

Basic Concepts:

• Action - A task which can be run on target endpoints. Examples include install an application, reboot an endpoint, create a system restore point, run a registry cleaning task and more. Actions are added to procedures.

• Procedure - A collection of one or more actions. Procedures can be directly run on target endpoints or can be added to a 'Job'

• Job - A collection of one or more procedures. Multiple procedures can be added to a job to create sophisticated tasks.

• Policy - Policies are designed to monitor target endpoints and when issues are identified, service desk tickets are automatically generated and sent to the administrator if certain conditions are met. You can then investigate the service desk ticket created and run a procedure/job on the endpoint if required.

The guide will take you through the basic setup and usage of Comodo RMM. Click any link to go straight to the section you need help with.

The guide will take you through the following processes - click on any link to go straight to that section as per your current requirements.

• Step 1 - Login to Comodo One and download the technician console

• Step 2 - Install Technician Console

• Step 3 - Login to Technician Console

• Create procedures

• Create and execute jobs

• Create and apply monitoring policies

• Handle support sessions

• The Support Sessions Interface

• Execute pre-defined actions on the endpoint

• Access the Endpoint through Remote Desktop Connection

• Run a procedure
  

 

Step 1 - Login to your Comodo One Account and Download the Technician Console

You can download the RMM console setup file from the ITSM console interface.

• Log into the Comodo One at https://one.comodo.com/app/login with your user name and password
  

• Click the 'Licensed Applications' icon from the top and select 'IT and Security Manager', to open the ITSM console.

 

• Click the 'Devices' link on the left and choose 'Device List'
  

• Click the 'Device Management' tab at the top of the main configuration pane

A list of all devices enrolled to ITSM will be displayed by default.

• Choose a 'Windows' device, click 'Takeover' from the top then 'With RMM Plugin'

The setup file is available for 32-bit and 64-bit versions of Windows.

• Choose the version appropriate to the system upon which you want to install the RMM console and click 'Download'.
  

Step 2 - Install the Technician Console

• Double click on the downloaded file to start the Technician Console installation wizard

• Follow the wizard and complete the installation.
  

Step 3 - Login to Technician Console

After installation, the console should automatically open at the login screen. Enter your Comodo One username (email address) and password in the respective text fields and click 'SIGN IN'.

You can open the console in future by clicking the RMM desktop shortcut or by clicking 'Start' > 'All Programs' > 'COMODO' > 'RMM Administration Console' > 'RMM Administration Console'.

The drop-down the top left enables you to switch between configuration interfaces:

• Devices – Displays the list of client endpoints enrolled for monitoring and management to your MSP account. You can also add new devices, manage sites, run procedures and apply policies to endpoints.

• Sessions – Displays the endpoints that are currently in service/support sessions with an admin. You can take over service sessions transferred to you or start sessions with endpoints in the queue.

• Jobs – Lists jobs that are completed and in progress. You can create new jobs with a set of procedures and execute them on desired endpoints.

• Procedures – Lists all procedures available for deployment to endpoints. Procedures can be run directly on endpoints and/or can be used to create jobs to be executed on selected endpoints. You can create new procedures from this interface.

• Policies – Displays active monitoring policies which have been deployed to endpoints. Service desk tickets are generated if a policy is violated. You can view all policies, create new policies and deploy policies to endpoints by clicking the 'Policy Manager' button at the bottom of the interface.

Create Procedures

A 'Procedure' is a set of actions to be run on an endpoint. You can select a series of actions with defined parameters, to be performed in sequence while creating a procedure. The procedure can be run ad-hoc on any endpoint and can also be used while creating a job to be executed on specific endpoint(s).

• Choose 'Procedures' from the drop-down at the top left . A list of available procedures will be displayed.

To create a new procedure

• Click 'Create' from the bottom

The 'Crete a new procedure' dialog will open.

• Enter a name and a short description in the respective fields and choose the operating system from the drop-down at the left.

• Choose an action from the 'Action' list at the left and click the right arrow to add the action to the list at the right

• Select the options and/or set the parameters for the action.

Action	Parameters Required
Application Installer	Choose one of the following install operations: Application Install Enter the following parameters: Download URL of the application Name of the setup file and any command line switches Failsafe command for canceling the installation Patch Management Install
Power Manager	Choose the power control operation from: Restart Restart in safe mode  Shutdown
System Restore	Choose whether to create a restore point or to restore the system to a previous state. Enter the name of the restore point to be created or the name of the restore point, to which the system needs to be rolled back.
Shell Execute	Basic Enter the execution command for the process Enter the parameters to be passed to the process  Advanced Enter the working directory for the process Choose the execution options: Wait for process to finish – Completes the process before termination Hide Window – Executes the process at the background
File Transfer	Enter the path of the source file to be copied from the host computer at which the technician console is installed. The file will be copied to the folder c:/lps-temp/file-transfer at the endpoint.
System Cleaner	Select the cleaner modules to be applied: Disk Cleaner Registry Cleaner

• Repeat the process to add more actions to the procedure. Upon running the procedure, the actions will be executed in order.

• Click 'SAVE' to save your procedure.

• Your new 'Procedure' will be listed in the 'Procedures' interface. It will be available for inclusion in any job created for target endpoints. The procedure can also be run ad-hoc on any endpoint.
  

• Repeat the process to add more procedures as required.

Tip: You can create new procedures using an existing procedure as a template. To create a new procedure, select an existing procedure and click 'Create From' from the bottom. The 'Create a new procedure' dialog will open with the actions pertaining to the existing procedure preselected. You can edit the parameters to create a new procedure.

To run a procedure

• Click 'Run Procedure' from the bottom of the interface.

• Choose the procedure to be run from the drop-down at the top

• Select the endpoints on which the procedure is to be run and click 'RUN PROCEDURES'

A Job will be automatically created for running the selected procedure and will be executed.

Create and Execute Jobs

A new 'Job' is a collection of procedures compiled to run on selected endpoints. You can create new jobs by including the existing procedures and selecting the endpoints for execution.

• To open the Jobs interface, choose 'Jobs' from the drop-down at the top left. The 'Jobs' interface displays the jobs created and executed by all admins belonging to your MSP / organization

To create a new job

• Click 'Job Manager' from the bottom of the interface

All jobs created so far will be displayed.

• Click 'CREATE' from the top of the 'Job Manager' dialog.

The job creation wizard will start.

Step 1 - Job Description

• Enter the job details:

• Job Name – enter a name for the job

• Job Description – Enter a short description of the job

• Operating System – Choose the operating system of the endpoints to which the job is to be applied

• Platform – Choose the version of the operating system

• Click 'NEXT' to continue.

Step 2 – Select Procedures

• Select the procedures to be run as per the job.

Tip:You can add new procedures from this interface too by clicking 'NEW' from the top of the interface. Refer to the previous section 'Create Procedures ' for more details.

• Click 'Next'

Step 3 – Select Target Endpoints

• Select the endpoints on which the job is to be executed

 

• Click 'FINISH'

The job will be added to the list of created jobs in the Job Manager interface and will be available for execution at any time.

To execute a saved job

• Open the 'Job Manager' interface by clicking 'Job Manager' from the task bar of the Jobs interface

• Choose the job(s) to be executed

• Click 'RUN' from the title bar of the Job Manager interface.

The job(s) will be started and their status will be indicated in the 'Jobs' interface.

Create and Apply Monitoring Policies

RMM monitors enrolled endpoints based on the policies applied to them. You can create policies to monitor various system events, and define whether service desks tickets are created if an endpoint violates the policy. Admins can remediate the issues by running  jobs or procedures on the endpoint or by initiating a support session with the end-user.

• To open the 'Policies' interface, choose 'Policies' from the drop-down at the top left. The interface displays which policy is in effect on an endpoint and whether or not the endpoint is compliant with its policy. New policies can be created by clicking the 'Create' button at the bottom of the interface.

To create a new policy

• Click 'Create' from the bottom of the interface.

The 'Create policy' interface will open.

• Enter a name and a short description for the policy in the respective fields

• Choose the monitoring module from the left.

The parameters pane for the chosen module will open on the right.

• Specify the conditions and thresholds of the rule in the right pane. Your rules are automatically saved as you go along, so you can freely select other modules on the left if you wish to add more rules to the policy.

Tip: You can add any number of conditions for a particular rule by clicking the '+' button at the right. To remove a condition, click the 'X' button to the right.

• Add more modules to the policy by selecting them on the left.

A green check-mark is shown next to modules which are included in the current policy.

• Click 'Create' to save your policy.

The policy will be added to the list in the 'Policy Manager' interface and will be available for application to desired endpoints at any time.

To apply a policy to endpoints

 

Policies can be applied from the 'Devices' and 'Policies' interfaces.

• Click 'Apply Policy' from either of these interfaces
  

The 'Apply Policy' dialog will open with a list of endpoints enrolled for your account.

• Select the policy you wish to apply from the drop-down at the top
  

• Choose the endpoints to which the policy should be applied and click 'Apply Policy'.

The policy will be implemented on the selected endpoints and will be listed in the main 'Policies' interface.  

Tip: Clicking the arrow at the right of a policy name displays the policy's rules.

If any of the monitored parameters exceed the thresholds set by the policy, the endpoint will be indicated as non-compliant (under the 'Compliant' column) in the Devices interface. Also, a support ticket will be automatically created in Service Desk. The Administrator can view the details of the breach by logging-into the Service Desk and resolve the issue by:

• Running procedures;

• Executing jobs;

Or

• Initiate a support sessions and take remote access of the endpoint(s).
  

Handle Support Sessions

The support session enables you to take remote desktop control of the client computer and perform maintenance tasks and resolve issues identified in them. By establishing a support session you can:

• Perform actions like cleaning the client's computer, power management, system restore, file transfer, system inventory audit and so on.

• Run procedures to correct issues identified by policy violation service desk tickets.

Initiating a support session from the technician console

If you require to perform a maintenance operation or run procedures you can initiate the session by clicking 'Takeover' from the 'Devices' interface.

• Open the 'Devices' interface by choosing Devices from the drop-down at the top-left

• Click 'Take Over' under 'Action' in the row of the device (endpoint) to which the support session is to be started.
  

 

A session will be established.The Support Session Interface.

Left Hand Side Navigation – The left hand side navigation contains controls and buttons for various tasks like running a procedure, deploying tools on to the endpoint to perform various actions and audits, transfer the support session to other clients and so on.

• END – Concludes the support session and closes the session window for the endpoint.

• RUN PROCEDURE – Allows you to run procedures on the endpoint. You can select procedures from those that are available in the 'Procedures' interface. Refer to the section Run a Procedure for more details.

• Deploy Tool– Allows you to select tools for performing various tasks such as system cleaning, power management, system restore and so on. Refer to the section Execute pre-defined actions on the endpoint for more details

Main Configuration and Information Area – The main configuration and information area displays the configuration screens for the tools selected from the 'Deploy Tool' drop-down.

Next, see:

• Execute pre-defined actions on the endpoint

• Access the Endpoint through Remote Desktop Connection

• Run a Procedure
  

Execute Pre-Defined Actions on the Endpoint

The 'Deploy Tool' drop-down contains handy diagnostic and repair tools which can be deployed to endpoints. For example, you can view all running processes and kill unnecessary processes, access the command line interface of the endpoint, run system clean operations and so on. The service session window console allows any number of tools to be deployed concurrently on to the endpoint. Each tool opens a new tab in the 'main configuration area and displays options and results pertaining to the tool. The following table provides the list of tools available for deployment.

Table of Available Tools for Deployment on to Endpoint
Tools	Description
Remote Desktop	Allows you acquire control of the client's computer through Remote Desktop connection in order to investigate and resolve issues. Refer to the section 'Access the Endpoint through Remote Desktop Connection' for more details.
Autoruns Manager	Allows you to view and edit start-up items, services, drivers, system programs and so forth, that are loaded when the endpoint boots up.
System Cleaner	Allows you to perform Registry clean operation to remove obsolete and unwanted registry entries to boost up system performance and disk clean operations to remove junk or garbage files which occupy a considerable space in the endpoint.
Power Manager	Allows you to shut down and restart the endpoint, if required after a critical operation like editing the Windows Registry of the endpoint.
Browser Add-Ons Manager	Allows you to to identify the browser add-ons installed on the browsers and to remove unsafe or malicious add-ons.
Active Connections Manager	Allows you to view all currently active network connections (applications, processes and services), individual connections that each application is responsible for and terminate any unsafe processes that are running on the endpoint.
System Restore	Allows you to revert the endpoint to a previously created restore point (including system files, installed applications, Windows Registry, and system settings) to that of a previous point in time. You can also create a restore point with the present configuration of the endpoint to restore it to the present condition in future.
Hardware Monitoring Tool	Allows you to track and monitor the hardware index to check whether the computer is overheating or voltage is out of the acceptable range to preclude an operating system failure.
Shell Execute	Allows you to open the command prompt window of the endpoint and execute shell commands.
Process Explorer	Allows you to quickly identify, monitor and terminate any unsafe processes that are running on the endpoint. The Process Explorer shows ALL running processes, even those triggered by malware in the computer and those that were invisible or very deeply hidden.
System Inventory	Allows you to view the hardware and software resources of the endpoint. The 'System Inventory' audit provides a valuable information for determining compatibility of the hardware with the operating systems, and identifying any changes to a system that might develop problems.
File Transfer	Allows you to transfer any file between the your computer and the endpoint.

Access Endpoints through Remote Desktop Connection

RMM allows you to gain remote desktop access to the endpoint and execute necessary actions to solve issues.

To initiate a remote desktop connection

Take over the endpoint having the RMM client installed and a session is established. Click the remote desktop option and then you can perform tasks like 'Run Procedure'.

The desktop of the endpoint will open in a new 'Remote Desktop' tab in the main configuration area. During the session you will be able to continue the conversation over the chat window.

Run Procedures

You can also execute pre-defined procedures on the endpoint from the support session interface.

To run a procedure

• Click RUN PROCEDURE from the left.

A new Run Procedure tab will open in the main configuration area. The Select Procedure drop-down will display the pre-configured procedures which are available at the 'Procedures' interface. For more details on creating and managing procedures, refer to the section Create Procedures.

• Choose the procedure to be run at the endpoint from the 'Select procedure' drop-down.

The sequence of actions contained in the chosen procedure will be displayed in the list at the right.

• Repeat the process to add more procedures by clicking the '+' button at the right end

• Click 'Execute'.

A job will be created with the list of selected procedures for the endpoint and will be executed.