Endpoint Manager

• Introduction To Endpoint Manager
  • Key Concepts
  • Best Practices
  • Quick Start
  • Login Into The Admin Console
• The Admin Console
• The Dashboard
• Devices And Device Groups
  • Manage Device Groups
    • Create Device Groups
    • Edit A Device Group
    • Assign Configuration Profiles To A Device Group
    • Remove A Device Group
    • Run Procedures On Customer Groups
  • Manage Devices
    • Add New Devices
    • Manage Windows Devices
      • View And Edit Device Name
      • View Summary Information
      • View Hardware Information
      • View Network Information
      • View Maintenance Windows Associated With Device
      • View And Manage Profiles Associated With A Device
      • View And Manage Applications Installed On A Device
      • View The Files On A Device
      • View Exported Configurations And Import Profiles
      • View MSI Files Installed On A Device Through Endpoint Manager
      • View And Manage Patches For Windows And 3rd Party Applications
      • View Antivirus Scan History
      • View And Manage Device Group Memberships
      • View Device Logs
    • Manage Mac OS Devices
      • View And Edit Mac OS Device Name
      • Summary Information Of Mac Device
      • View Installed Applications
      • View Quarantined Files On Mac OS Device
      • View And Manage Profiles Associated With A Device
      • View Packages Installed On A Device Through Endpoint Manager
      • View And Manage Device Group Memberships
      • View Mac Device Logs
    • Manage Linux Devices
      • View And Edit Linux Device Name
      • Summary Information Of Linux Device
      • View Network Information Of A Linux Device
      • View And Manage Profiles Associated With A Linux Device
      • View Linux Packages Installed On A Device Through Endpoint Manager
      • View And Manage Device Group Memberships
    • Manage Android Devices
      • View And Edit Device Name
      • View Summary Information
      • Manage Installed Applications
      • View And Manage Profiles Associated With A Device
      • View Sneak Peek Pictures To Locate Lost Devices
      • View The Location Of The Device
      • View And Manage Device Group Memberships
    • Manage IOS Devices
      • View And Edit Device Name Of An IOS Device
      • View Summary Information Of An IOS Device
      • View Applications Installed On An IOS Device
      • View And Manage Profiles Associated With An IOS Device
      • View The Location Of An IOS Device
      • View And Manage Group Memberships Of An IOS Device
    • View User Information
    • Remove A Device
    • Remote Management Of Windows And Mac OS Devices
      • Transfer Items To / From The Remote Computer
    • Remotely Manage Folders And Files On Windows Devices
    • Manage Processes On Remote Windows Devices
    • Manage Services On Remote Windows Devices
    • Use The Command Prompt On Remote Windows Devices
    • Apply Procedures To Windows And Mac Devices
    • Remotely Install And Manage Packages On Windows Devices
    • Remotely Install Packages On Mac OS Devices
    • Remotely Install Packages On Linux Devices
    • Send Enrollment Link To IOS Devices
    • Install Apps On Android/iOS Devices
    • Generate An Alarm On Android Devices
    • Remotely Lock Mobile And Mac OS Devices
    • Wipe Selected Mobile And Mac Devices
    • Assign Configuration Profiles To Selected Devices
    • Set / Reset Screen Lock Password For Mobile Devices
    • Update Device Information
    • Send Text Messages To Mobile Devices
    • Restart Selected Windows Devices
    • Shutdown Windows Devices
    • Wake Offline Device
    • Change A Devices Owner
    • Change The Ownership Status Of A Device
    • Add Custom Notes And Tags On Devices
    • Generate Device List Report
  • Bulk Enrollment Of Devices
    • Enroll Windows, Mac OS And Linux Devices By Installing The Communication Client
      • Enroll Windows Devices Via AD Group Policy
      • Enroll Windows, Mac OS And Linux Devices By Offline Installation Of Agent
      • Enroll Windows Devices Using Auto Discovery And Deployment Tool
    • Enroll The Android And IOS Devices Of AD Users
  • Download And Install The Remote Control Tool
• Users And User Groups
  • Manage Users
    • Create New User Accounts
      • Manually Add Users
      • Import Users From A CSV File
    • Enroll User Devices For Management
      • Enroll Android Devices
      • Enroll IOS Devices
      • Enroll Windows Endpoints
      • Enroll Mac OS Endpoints
      • Enroll Linux OS Endpoints
    • View User Details
      • Update The Details Of A User
    • Assign Configuration Profiles To A Users Devices
    • Remove A User
    • Generate New Password For A User
    • Reset Two Factor Authentication Token For A User
    • Run Procedures On User Devices
  • Manage User Groups
    • Create A New User Group
    • Edit A User Group
    • Assign Configuration Profiles To A User Group
    • Remove A User Group
    • Run Procedures On Group Devices
  • Configure Role Based Access Control For Users
    • Create A New Role
    • Manage Permissions And Users Assigned To A Role
    • Remove A Role
    • Manage Roles Assigned To A User
• Configuration Templates
  • Create Configuration Profiles
    • Profiles For Android Devices
    • Profiles For IOS Devices
    • Profiles For Windows Devices
      • Create Windows Profiles
        • Associated Devices Settings
        • Antivirus Settings
        • Communication Client And Xcitium Client - Security Application Update Settings
        • File Rating Settings
        • Firewall Settings
        • HIPS Settings
        • Containment Settings
        • Maintenance Window Settings
        • VirusScope Settings
        • Global Proxy Settings
        • Client Proxy Settings
        • Agent Discovery Settings
        • Communication Client And Xcitium Client - Security Application UI Settings
        • Logging Settings
        • Client Access Control
        • External Devices Control Settings
        • Monitors
        • Procedure Settings
        • Remote Control Settings
        • Remote Tools Settings
        • Miscellaneous Settings
        • Script Analysis Settings
        • Data Loss Prevention Settings
        • Patch Management Settings
        • Performance Settings
      • Import Windows Profiles
    • Profiles For Mac OS Devices
      • Create A Mac OS Profile
        • Antivirus Settings For Mac OS Profile
        • Certificate Settings For Mac OS Profile
        • Restrictions Settings For Mac OS Profile
        • VPN Settings For Mac OS Profile
        • Wi-Fi Settings For Mac OS Profile
        • Remote Control Settings For Mac OS Profile
        • External Device Control Settings For Mac OS Profile
        • Valkyrie Settings For MacOS Profile
        • Procedure Settings For Mac Profiles
        • Monitor Settings For Mac OS Profile
    • Profiles For Linux Devices
      • Create A Linux Profile
        • Antivirus Settings For Linux Profile
        • Communication Client And Comodo Client - Security Application Update Settings For Linux Profile
        • User Interface Settings For Linux Profile
        • Logging Settings For Linux Profile
        • Clients Access Control Settings For Linux Profile
        • Valkyrie Settings For Linux Profile
  • View And Manage Profiles
    • Export And Import Configuration Profiles
    • Clone A Profile
  • Edit Configuration Profiles
  • Manage Default Profiles
  • Manage Alerts
    • Create A New Alert
    • Edit / Delete An Alert
  • Manage Procedures
    • View And Manage Procedures
    • Create A Custom Procedure
    • Combine Procedures To Build Broader Procedures
    • Review / Approve / Decline New Procedures
    • Add A Procedure To A Profile / Procedure Schedules
    • Import / Export / Clone Procedures
    • Change Alert Settings
    • Apply Procedures To Devices
    • Edit / Delete Procedures
    • View Procedure Results
  • Manage Monitors
    • Create Monitors And Add Them To Profiles
      • Monitors For Windows Devices
      • Monitors For Mac OS Devices
    • View And Edit Monitors
  • Data Loss Prevention Rules
    • Create DLP Discovery Rules And Add Them To Profiles
    • View And Edit DLP Discovery Rules
    • Create DLP Monitoring Rules And Add Them To Profiles
    • View And Edit DLP Monitoring Rules
• Security
  • Endpoint Security Status
    • Run Antivirus And/or File Rating Scans On Devices
    • Handle Malware On Scanned Devices
    • Update Virus Signature Database On Windows, Mac OS And Linux Devices
  • Security Events
    • View Security Events By Time
    • View Security Events By Files
    • View Security Events By Device
    • View Android Threat History
  • View And Manage Blocked Threats
  • View And Manage Quarantined Threats
  • View Contained Threats
  • HIPS Events
  • Firewall Events
  • View And Manage Autorun Alerts
  • Manage File Trust Ratings On Windows Devices
    • File Ratings Explained
  • View List Of File Verdicts
  • View History Of External Device Connection Attempts
  • Data Loss Prevention Scans
    • DLP Logs
    • DLP Quarantined Files
• Network Management
  • Create And Run Network Discovery Tasks
  • Manage Profiles For Network SNMP Devices
  • Manage Network Devices
    • Manage SNMP Devices
      • SNMP Device Details Interface
    • Discovered Devices
  • Manage Network Monitors
• Application Store
  • IOS Apps
    • Add IOS Apps And Install Them On Devices
    • Manage IOS Apps
  • Android Apps
    • Add Android Apps And Install Them On Devices
    • Manage Android Apps
  • Windows Apps
    • Install Windows Apps On Devices
• Applications
  • View Applications Installed On Android And IOS Devices
    • Blacklist And Whitelist Applications
  • Patch Management
    • Manage OS Patches On Windows Endpoints
    • Install 3rd Party Application Patches On Windows Endpoints
      • EM Supported 3rd Party Applications
  • View And Manage Applications Installed On Windows Devices
    • Uninstall A Windows Application From Selected Devices
    • Uninstall A Windows Application From All Devices
  • Vulnerability Management
• License Management
  • Manage Your Licenses
  • Manage License Allocation
  • Bill Forecast
• Configure Endpoint Manager
  • Email Notifications, Templates And Custom Variables
    • Configure Email Templates
    • Configure Email Notifications
    • Create And Manage Custom Variables
    • Create And Manage Registry Groups
    • Create And Manage COM Groups
    • Create And Manage File Groups
    • View And Manage Pattern Variables
    • View And Manage Keyword Groups
  • Endpoint Manager Portal Configuration
    • Import User Groups From LDAP
    • Configure Communication And Security Client Settings
    • Configure The EM Android Client
      • Configure Android Client General Settings
      • Configure Android Client Antivirus Settings
    • Add Apple Push Notification Certificate
    • Configure Windows Clients
      • Configure Communication Client Settings
      • Configure Client Security Settings
    • Manage Endpoint Manager Extensions
    • Configure Endpoint Manager Reports
    • Device Removal Settings
    • Account Security Settings
    • Set-up Administrators Time Zone And Language
    • Configure Audit Log Settings
  • Integrate Apple Business Manager With Endpoint Manager
    • Link Endpoint Manager With Apple Business Manager
    • Manage Apple Business Manager Devices
    • Manage Apple Business Manager Profiles
    • Configure Apple Business Manager Notifications
  • View Version And Support Information
• Appendix 1a - Endpoint Manager Services - IP Nos, Host Names And Port Details - EU Customers
• Appendix 1b - Endpoint Manager Services - IP Nos, Host Names And Port Details - US Customers
• Appendix 2 - Endpoint Manager License Types
• Appendix 3 - Pre-configured Profiles
• About Comodo Security Solutions

Install 3^rd Party Application Patches on Windows Endpoints

 

Click 'Applications' > 'Patch Management' > 'Third Party Applications'

• This area lets you apply patches and updates to 3^rd party applications on Windows devices.

• EM checks the third party applications on endpoints in areas such as program files, registry, start menu, users appdata if any patches are available for them and lists on the interface.

• The interface also shows details such as patch category, vendor name, and the number of devices that require the patch and release date. Each column in third-party patches lists can be sorted in ascending / descending / alphabetical order.

• Patches need to be approved for deployment. You can choose to decline / approve patches. By default, patches are automatically approved.

• You can filter patches by company and device group.

• You can hide those applications that you do not want to update.

• Hidden applications will also not be available for update from the 'Device Management' screen. They will also be skipped if named in a patch procedure.

• Click 'Show hidden patch(es)' to view hidden items.

• You can also create new procedures to deploy updates and patches for all or selected 3rd party applications. The procedures can be added them to profiles with a schedule to periodically install new patches and updates available on every execution.

Open the third party applications interface

• Click 'Applications' > 'Patch Management'

• Select the 'Third Party Applications' tab 

• Select a company or a group to view the list of third party application patches and updates available for its devices

Or

• Select 'Show all' to view a list of all available third party application patches and updates
  
  

• Each row shows the name of the software that needs to be updated. It also shows you how many devices have the software installed and how many of those require the update.

• You can apply updates to all devices or to individual devices:

• Patch All - Use the check-boxes on the left to choose the software you want to patch. Click 'Install Patches' to apply the update to all devices which require patching.

• Patch Individual - Click the number in the 'Upgradable Devices' row > Select the devices you want to update > Click 'Install Patches'

 

Third Party Applications Table - Column Descriptions
Column Heading	Description
Name	Name of the software. Click the name to view application details. See View Details of an Application for more details.
Vendor	The software publisher.
Category	The type of the application. Possible values include: Comodo Products Runtime applications Web Browsers Utilities Messaging File Compression utilities Developer Tools Documents Online Storage Other
Status	Indicates whether the patch is ready for deployment. The statuses are: Auto-Approved - You can install the patch Approved - You can install the patch Declined – You cannot deploy the patch Waiting for approval – You cannot install the patch
Installed Devices	Total number of devices on which the application is installed. This figure includes devices with patched and unpatched versions of the software.
Upgradable Devices	Number of devices which need to be patched because they are using an older version of the software.
Release Date	The date on which the patch was released by Microsoft.
Controls
Install Patch(es)	Allows you to install the patches/updates.
Hide Patch(es)	Allows you to hide selected patches that you do not want to update. Hidden patches will not be available for deployment on the 'Device Management' screen and will not be executed as well if added to a patch procedure.
Unhide Patch(es)	Allows you to unlock hidden patches.
Create Patch Procedure	Starts the wizard to create a new 3rdparty application patch procedure. You can create a new patch procedures to deploy updates and patches for all supported or selected 3rdparty applications. The new procedures can be added to profiles and scheduled to install selected updates onto your endpoints. See Create a New 3rd Party Application Patch Procedure for more details.
Schedule Patch Procedure	Takes you to the 'Profiles' interface in Endpoint Manager. You create new or edit an existing Windows profile and add/edit the 'Procedures' component in it to create a schedule for running a patch installation procedure on endpoints on which the profile is active. See Procedure Settings in Profiles for Windows Devices for guidance on this.
Show hidden patch(es)	Allows you to view hidden patches and, if required, install them on endpoints. Use the toggle button to hide / view hidden applications.
Approve	Only permitted patches are installed. See Approve / decline a third party application patch for more details.
Decline	Unapproved patches are not installed. See Approve / decline a third party application patch for more details.
Auto Approve	You can set the patches to be automatically approved. Enabled - Newly listed patches are automatically approved Disabled - The status for newly listed patches shows as ‘waiting for approval’. Disable this if you want to evaluate the patch and then approve / decline.

• Click any column header to sort the items in the ascending/descending order of entries in that column.

• Click the funnel icon  on the right to search for applications by name, vendor and / or category.

• See 'EM Supported 3rd Party Applications' for a full list of supported 3rd party applications.
  

The 'Patch Management' > 'Third Party Applications' interface allows you to:

• View Details of an Application

• Hide Applications

• Restore Hidden Applications

• Update selected applications on all upgradable endpoints at once

• Update an application on selected endpoints

• Create a New 3rd Party Application Patch Procedure

• Approve / decline a third party application patch

View Details of an Application

• Click 'Applications' > 'Patch Management'

• Select the 'Third Party Applications' tab

• Select a company or a group to view the list of third party application patches and updates available for its devices

Or

• Select 'Show all' to view a list of all available third party application patches and updates

• Click the name of any application to open its application details screen

The details of the application are displayed under two tabs:

• General - Displays the name, software publisher and the category of the application.

• Device List - Displays the list of managed devices on which the application is installed, with the details like the installed version, installation path and the device owner. You can update the application on the devices where required from this screen. See Update an Application On Selected Devices for more details.

Hide Applications

• You can hide those applications that you do not want to update, from the list.

• These applications will also be not available for update from the 'Device Management' screen and will not be executed as well if added to a patch procedure.

• You can view the hidden applications by using the 'Show hidden patch(es) toggle button and update these applications on selected on devices.

Hide upgradable applications

• Click 'Applications' > 'Patch Management'

• Select the 'Third Party Applications' tab

• Select a company or a group to view the list of third party application patches and updates available for its devices

Or

• Select 'Show all' to view a list of all available third party application patches and updates

• Select the application(s) to be hidden from the list and click 'Hide Patch(es)'

 

A confirmation is displayed. The selected applications are hidden from the list.

• To view the hidden applications, click the funnel icon, select 'Show hidden patch(es)' and click ‘Apply’

• To re-add the hidden applications to the list, you have to unhide them.

Restore Hidden Applications

• You can re-add the hidden applications to the 'Third Party Applications' interface.

• Restored applications will also be available for being updated from the Device Management interface and can be added to a patch procedure.

View hidden upgradable applications and restore them

• Click 'Applications' > 'Patch Management'

• Select the 'Third Party Applications' tab

• Select a company or a group to view the list of third party application patches and updates available for its devices

Or

• Select 'Show all' to view a list of all available third party application patches and updates

• Click the funnel icon  on the right, select 'Show hidden patch(es)' and click 'Apply'

The hidden applications are shown with dark gray background stripe.

• Select the hidden app(s) from the list and click 'Unhide Patch(es)'

 

A confirmation is displayed. The applications are re-added to the list.

Update Selected Applications on All Upgradable Devices at once

• Click 'Applications' > 'Patch Management'

• Select the 'Third Party Applications' tab

• Select a company or a group to view the list of third party application patches and updates available for its devices

Or

• Select 'Show all' to view a list of all available third party application patches and updates

• Select the application(s) to be updated, click 'Install Patch(es)' and choose 'Update to Latest Version'

A command is sent to Communication Client (CC) on the devices to commence the update.

• Once the command is received, CC checks whether the update has already been downloaded by other devices in the network.

• If the update is available, CC establishes a peer-to-peer network with the device and downloads the patch. This reduces bandwidth usage as the update is downloaded from the local network.

• If the update is not available on any devices in the local network, CC downloads the update from the EM patch portal.

Update an Application on Selected Devices

• Click 'Applications' > 'Patch Management'

• Select the 'Third Party Applications' tab

• Select a company or a group to view the list of third party application patches and updates available for its devices

Or

• Select 'Show all' to view a list of all available third party application patches and updates

• Click the number in the 'Upgradable Devices' column of the application to be updated
  
  

The application details screen will appear with the 'Device List' tab open, with a list of devices on which the application can be updated.

• Select the device(s) on which the application is to be updated

• Click 'Install patch(es)' and choose 'Update to Latest Version'

A command will be sent to the endpoint(s) to schedule installation of the patch/update the application to the latest version.

A command is sent to Communication Client (CC) on the devices to commence the update.

• Once the command is received, CC checks whether the update has already been downloaded by other devices in the network.

• If the update is available, CC establishes a peer-to-peer network with the device and downloads the patch. This reduces bandwidth usage as the update is downloaded from the local network.

• If the update is not available on any devices in the local network, CC downloads the update from the EM patch portal.

Create a New 3rd Party Application Patch Procedure

• The third party applications interface lets you to create a new patch procedures for periodical updates and deployment of patches for all or selected 3rd party applications.

• The procedures can be added to profiles and scheduled to run periodically.

• The new patches and updates available for the selected applications are deployed on the endpoints to which the profile is applied during every execution of the procedure.

Create a new procedure

• Click 'Applications' > 'Patch Management'

• Select the 'Third Party Applications' tab

• Click 'Create Windows Patch Procedure' at the top

The 'Create 3rd Party Patch Procedure' wizard starts.

• The wizard allows you to set a name for the procedure, select the folder in which it is to be stored, select the applications to be updated and configure the restart options for the endpoints after the installation of the updates.

• Please see the explanation of creating an 3rd party application patch procedure in Create a Custom Procedure for detailed guidance on the wizard.

Approve / decline a third party application patch

You can deploy only approved and auto-approved 3^rd party patches on endpoints. You can disapprove a patch so it cannot be deployed, for example, you want to evaluate whether the patch is required or not.

• Click 'Applications' > 'Patch Management'

• Select the 'Third Party Applications' tab

• Select a patch and click ‘Approved’ or ‘Decline’ button at the top
  
  

• Auto Approve – Enable this button so when a new patch is listed here, it is automatically approved. If disabled, the patch shows its status as ‘Waiting for approval’.