Endpoint Manager

• Introduction To Comodo Client Security
  • Special Features
  • System Requirements
  • Install Comodo Client Security
  • Starting Comodo Client Security
  • The Main Interface
    • The Home Screen
    • The Tasks Interface
    • The Widget
    • The System Tray Icon
  • Understanding Security Alerts
• General Tasks – Introduction
  • Scan And Clean Your Computer
    • Run A Quick Scan
    • Run A Full Computer Scan
    • Run A Rating Scan
    • Run A Custom Scan
      • Scan A Folder
      • Scan A File
      • Create, Schedule And Run A Custom Scan
  • Instantly Scan Files And Folders
  • Processing Infected Files
  • Manage Virus Database And Program Updates
  • Manage Quarantined Items
  • View CCS Logs
    • Antivirus Logs
      • Filtering Antivirus Logs
    • Viruscope Logs
      • Filtering Viruscope Logs
    • HIPS Logs
      • Filtering HIPS Logs
    • Containment Logs
      • Filtering Containment Logs
    • Firewall Logs
      • Filtering Firewall Logs
    • Website Filtering Logs
      • Filtering Website Filtering Logs
    • Alerts Logs
      • Filtering Alerts Displayed Logs
    • Tasks
      • Filtering Tasks Launched Logs
    • File List Changes Logs
      • Filtering File List Changes Logs
    • Trusted Vendors List Changes Logs
      • Filtering Trusted Vendors List Changes Logs
    • Configuration Changes
      • Filtering Configuration Changes Logs
    • Device Control Logs
      • Filtering Device Control Logs
  • View Active Process List
  • View Active Internet Connections
• Firewall Tasks – Introduction
  • Allow Or Block Internet Access To Applications Selectively
  • Stealth Your Computer Ports
  • Manage Network Connections
  • Stop All Network Activities
  • Advanced Firewall Settings
• Containment Tasks - Introduction
  • Run An Application In The Container
  • Reset The Container
• Advanced Tasks - Introduction
  • Create A Rescue Disk
    • Downloading And Burning Comodo Rescue Disk
  • Submit Files
  • Identify And Kill Unsafe Running Processes
  • Remove Deeply Hidden Malware
  • Manage CCS Tasks
• Advanced Settings
  • General Settings
    • Customize User Interface
    • Configure Program And Virus Database Updates
    • Log Settings
    • Manage CCS Configurations
      • Comodo Preset Configurations
      • Importing/Exporting And Managing Personal Configurations
  • Security Settings
    • Antivirus Settings
      • Real-time Scanner Settings
      • Scan Profiles
      • Exclusions
    • Advanced Protection Settings
      • HIPS Behavior Settings
      • Active HIPS Rules
      • HIPS Rule Sets
      • Protected Objects
        • Protected Files
        • Blocked Files
        • Protected Registry Keys
        • Protected COM Interfaces
        • Protected Data Folders
      • HIPS Groups
        • Registry Groups
        • COM Groups
      • Comodo Containment
        • The Container - An Overview
        • Unknown Files - The Scanning Processes
      • Configuring Containment Settings
      • Configuring Rules For Auto-Containment
      • Viruscope
      • Device Control Settings
    • Firewall Settings
      • Firewall Behavior Settings
      • Application Rules
      • Global Rules
      • Firewall Rule Sets
      • Network Zones
        • Network Zones
        • Blocked Zones
      • Port Sets
      • Website Filtering
        • Creating And Modifying Website Filtering Rules
        • Defining And Modifying Website Categories
    • Manage File Rating
      • File Rating Settings
      • File Groups
      • File List
      • Trusted Files
      • Unrecognized Files
      • Submitted Files
      • Trusted Vendors List
• Appendix 1 CCS How To... Tutorials
  • Enable / Disable AV, Firewall, Auto-Containment And Viruscope Easily
  • Set Up The Firewall For Maximum Security And Usability
  • Block Internet Access While Allowing Local Area Network (LAN) Access
  • Setting Up HIPS For Maximum Security And Usability
  • Create Rules For Auto-Containing Applications
  • Running An Instant Antivirus Scan On Selected Items
  • Creating An Antivirus Scanning Schedule
  • Run Untrusted Programs Inside The Container
  • Run Browsers Inside The Container
  • Restore Incorrectly Quarantined Item(s)
  • Submit Quarantined Items To Comodo For Analysis
  • Enable File Sharing Applications Like BitTorrent And Emule
  • Block Any Downloads Of A Specific File Type
  • Disable Auto-Containment On A Per-application Basis
  • Switch Off Automatic Antivirus And Software Updates
  • Suppressing CCS Alerts Temporarily While Playing Games
  • Control External Device Accessibility
• Appendix 2 - Comodo Secure DNS Service
  • Router - Manually Enabling Or Disabling Comodo Secure DNS Service
  • Windows XP - Manually Enabling Or Disabling Comodo Secure DNS Service
  • Windows 7 / Vista - Manually Enabling Or Disabling Comodo Secure DNS Service
• About Comodo Security Solutions

Install Comodo Client Security

Note - Before beginning installation, please ensure you have uninstalled any other antivirus products that are on your server. More specifically, remove any other products of the same type as those Comodo products you plan to install. For example, if you plan to install only the antivirus then you do not need to remove 3rd party firewall solutions and vice-versa. Failure to remove products of the same type could cause conflicts that mean CCS will not function correctly.

Comodo Client Security is part of Comodo IT and Security Manager (ITSM) and can be deployed onto endpoints via the ITSM management interface. You can subscribe for ITSM as stand-alone application or as a part of the Comodo One (C1) application. If do not already have an ITSM license, then please see the following links:

• To sign up for Comodo One, see https://one.comodo.com/

• To subscribe for ITSM as stand-alone, visit https://secure.comodo.com/home/purchase.php?pid=98&license=try for the trial version and https://secure.comodo.com/home/purchase.php?pid=98 for the full version.

C1 customers can open ITSM by clicking 'Licensed Applications > 'IT and Security Manager'. Stand-alone customers can access the ITSM interface by entering the URL they were provided with after sign up into any web browser.

The following steps explain how to deploy CCS onto endpoints:

• Step 1 - Enroll User

• Step 2 – Enroll Device

• Step 3 – Deploy CCS

Step 1 – Enroll User

You can deploy CCS onto endpoints only after adding users to ITSM.

• Comodo One users - If you created only one company in C1, then any users you enroll here will be automatically assigned to that company. If you created more than one company, the 'Enroll User' dialog will allow you to choose the company to which you want to assign the user.

• ITSM Users - You can add users and enroll their devices without selecting any company. However, If you need the users/devices to be grouped under different companies, you can create companies in ITSM and add device groups.
  

To add a user

• Click 'Users' on the left then 'User List', then click the 'Create User' button

or

• Click the 'Add' button  at the menu bar and choose 'Create User'.

 

The 'Create new user' form will open.

• Type a login username (mandatory), email address (mandatory) and phone number for the user.

• Choose the company (mandatory), from the 'Company' drop-down.

• Comodo One Users - The drop-down will display the companies added to C1. You can choose the company to which the user belongs. The user will be enrolled under the chosen company.

• ITSM users - Leave the selection as 'Default Company'.

• Choose a role for the user. A 'role' determines user permissions within the ITSM console itself. ITSM ships with two default roles:

• Administrators - Full administrative privileges in the ITSM console. The permissions for this role are not editable.

• Users - In most cases, a 'user' will simply be an owner of a managed device who should not require elevated privileges in the management system. Under default settings, 'Users' cannot login to ITSM.

• Click 'Submit' to add the user to ITSM.

• Repeat the process to add more number of users.

• New users will be listed in the 'Users' interface (click 'Users' > 'User List')

Step 2 – Enroll Device

The next step is to enroll users' devices for management.

To enroll devices

• Click 'Users' then 'User List'

• Select the user(s) whose devices you wish to enroll then click the 'Enroll Device' button above the table

Or

• Click the 'Add' button  on the menu bar and choose 'Enroll Device'.

The 'Enroll Devices' dialog will open for the chosen users.

The 'Please choose the device owner(s)' field is pre-populated with any users you selected in the previous step.

• To add more users, start typing first few letters of the username and choose from the results

• If you want to see help on the enrollment process, click 'Show Enrollment Instructions'. This is useful for administrators attempting to enroll their own devices.

• If you want the enrollment instructions to be sent as an email to users, click 'Email Enrollment Instructions'.

• A confirmation dialog will be displayed.

A device enrollment email will be sent to each user. The email contains instructions that will allow them to enroll their device. An example mail is shown below.

• Clicking the link will take the user to the enrollment page containing the agent/profile download and configuration links.

• Click on the enrollment link under 'For Windows Devices'.

The ITSM agent setup file will be downloaded.

• Double click on the file to install the agent.

When installation is complete, the device will be automatically enrolled to ITSM and a confirmation message will be displayed. Once the device is enrolled, the next step is to install CCS onto the endpoint.

Background Note on ITSM Agent: The ITSM agent is a small application installed on every managed endpoint to facilitate communication between the endpoint and the ITSM central server. The agent is responsible for receiving tasks and passing them to the endpoint’s installation of Comodo Security Software (CCS, CAVS or CAV for Mac). Example tasks include changes in security policy, run a virus scan, update the local antivirus database or gather reports that have been requested by the central service. For security, endpoint agents can only communicate with the specific instance of the central service which provisioned the agent. This means the agent cannot be reconfigured to connect to any other ITSM  service.

Step 3 – Deploy Comodo Client Security

ITSM allows you to install Comodo applications such as Comodo one Client Security (CCS) and other third-party MSI packages from the 'Device List' interface.

To install CCS

• Click 'Devices' and choose 'Device List'

• Select the Windows device(s) to which you want install CCS

• Click 'Install MSI/Packages' > 'Additional Comodo Packages'

• Select the 'Install Comodo One Client – Security' check box

CCS requires the endpoint to be restarted in order for the installation to take effect. You can choose how the endpoint(s) are to be restarted from the 'Reboot Options'.

• To restart the end-point after a certain period of time, choose 'Force the reboot in...' , choose a time period and click 'Install'.

The following message will be displayed on the device after CCS is deployed on the endpoint:

The device will be restarted automatically when the time period elapses.

• If you do not want the endpoint to restart automatically, then choose 'Suppress the reboot' and click 'Install'.

The endpoint will not restart after installation. However, CCS will not be fully functional until the endpoint is rebooted.

• To give users a choice over restarting, choose 'Warn about the reboot and let users postpone it'. Type a message to be shown to the user in the 'Reboot message' field and click 'Install'.

After installation, the message will be displayed on the device as follows:

Users can choose to restart the endpoint immediately by clicking 'Reboot now', or postpone the restart by using the 'Remind me in' drop-down. The installation will be active only after the endpoint is restarted.

After CCS installation, the security components that are active depends on the applied ITSM profile.

The virus database will be updated automatically for the first time after installation.