ebook img

Comodo ESM Admin Guide PDF

451 Pages·2016·17.03 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Comodo ESM Admin Guide

ai Comodo Endpoint Security Manager Professional Edition Software Version 3.5 Administrator Guide Guide Version 3.5.082919 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Comodo Endpoint Security Manager - Professional Edition - Administrator Guide Table of Contents 1.Introduction to Comodo Endpoint Security Manager - Professional Edition......................................................5 1.1.Software Components and System Requirements.............................................................................................7 1.2.Removing Incompatible Products.....................................................................................................................13 1.3.Installing and Configuring the Service..............................................................................................................15 1.4.Key Concepts....................................................................................................................................................25 1.5.Best Practices...................................................................................................................................................27 1.6.Quick Start Guide..............................................................................................................................................27 2.The Administrative Console...................................................................................................................................37 2.1.Logging-in to the Administrative Console..........................................................................................................39 2.2.Using Assistance Manager................................................................................................................................40 2.3.Using Task Manager.........................................................................................................................................42 3.The Dashboard.........................................................................................................................................................44 4.The Computers Area................................................................................................................................................50 4.1.Endpoint Groups...............................................................................................................................................58 4.1.1.Creating New Groups...............................................................................................................................60 4.1.2.Viewing and Managing Groups................................................................................................................67 4.2. Viewing Details and Managing Endpoints........................................................................................................73 4.2.1.Viewing General Properties......................................................................................................................74 4.2.2.Viewing and Managing Group, Security Policy and Warranty Details......................................................76 4.2.3.Viewing and Managing Endpoint Security Software.................................................................................77 4.2.4.Viewing and Managing Installed Applications..........................................................................................89 4.2.5.Viewing and Managing Currently Loaded Services or Daemons.............................................................90 4.2.6.Viewing and Managing Currently Loaded Processes...............................................................................92 4.2.7.Viewing System Monitoring Alerts............................................................................................................93 4.2.8.Viewing and Managing Drives and Storage.............................................................................................93 4.2.9.Viewing Event Log ...................................................................................................................................95 4.3.Adding Endpoint Computers to CESM..............................................................................................................98 4.3.1.Importing Computers by Automatic Installation of Agent..........................................................................98 4.3.2.Adding Computers by Manual Installation of Agent................................................................................114 4.3.3.Updating Comodo Software on Managed Computers............................................................................121 4.3.4.Importing Unmanaged Endpoints from Network....................................................................................128 4.3.4.1.Importing Unmanaged Windows Computers for Centralized Management and Protection..........129 4.3.4.2.Importing Unmanaged Mac OS X Computers for Centralized Management and Protection........136 4.3.4.3.Importing Unmanaged Linux based Endpoints for Centralized Management...............................141 4.4.Running On-Demand Scan on Endpoints or Groups......................................................................................147 4.5.Updating Virus Database on Individual Endpoints or Groups.........................................................................149 4.6.Generating Reports for Endpoints or Groups.................................................................................................150 4.7.Accessing Endpoints through Remote Desktop Sharing Session..................................................................152 4.8.Managing Power Options on Endpoints..........................................................................................................154 4.9.Reorganizing Groups and Sub Groups...........................................................................................................157 5.The Policies Area...................................................................................................................................................159 Comodo Endpoint Security Manager PE - Administrator Guide | © 2019 Comodo Security Solutions Inc. | All rights reserved 2 Comodo Endpoint Security Manager - Professional Edition - Administrator Guide 5.1.Creating a New Security Policy.......................................................................................................................162 5.1.1.Creating a New Security Policy for Windows Based Endpoints.............................................................162 5.1.2.Creating a New Security Policy for Mac OS Based Endpoints...............................................................174 5.2.Editing a Security Policy..................................................................................................................................185 5.2.1.General Properties.................................................................................................................................189 5.2.2.Selecting Target Groups.........................................................................................................................191 5.2.3.Configuring Antivirus Settings................................................................................................................195 5.2.3.1.Antivirus Scans..............................................................................................................................196 5.2.3.1.1.Creating a Custom Scan Profile............................................................................................203 5.2.3.2.Exclusions......................................................................................................................................205 5.2.4.Configuring Firewall Settings..................................................................................................................211 5.2.5.Configuring Website Filtering Settings...................................................................................................214 5.2.5.1.Adding and Managing Website Categories...................................................................................215 5.2.5.2.Adding and Managing Whitelisted Websites.................................................................................224 5.2.5.3.Adding and Managing Blacklisted Websites..................................................................................227 5.2.6.Configuring Defense+ Settings...............................................................................................................231 5.2.7.Configuring File Rating Settings ............................................................................................................257 5.2.8.Configuring General Security Product Settings......................................................................................272 5.2.9.Configuring Agent Settings.....................................................................................................................282 5.2.10.Configuring System Settings................................................................................................................285 5.3.Re-applying Security Policies to Endpoint Groups.........................................................................................289 6.Viewing and Managing Quarantined Items.........................................................................................................289 7.Viewing and Managing Sandboxed Applications...............................................................................................295 8.Files Management..................................................................................................................................................300 8.1. Viewing and Managing Unrecognized Files ..................................................................................................301 8.2.Viewing and Managing Trusted Files List........................................................................................................311 8.3.Viewing and Managing Blocked Files List.......................................................................................................319 9.Viewing and Managing Installed Applications....................................................................................................326 10.Viewing and Managing Currently Running Processes....................................................................................333 11.Viewing and Managing Services........................................................................................................................336 12.The Reports Area.................................................................................................................................................339 12.1.Antivirus Scans Report..................................................................................................................................345 12.2.Antivirus Updates Report..............................................................................................................................352 12.3.Assistance Logs Report................................................................................................................................355 12.4.Security Product Configuration Report.........................................................................................................358 12.5.Security Product Logs Report.......................................................................................................................361 12.6.Computer Details Report...............................................................................................................................371 12.7.Computer Infections Report..........................................................................................................................374 12.8.Hardware Inventory Report...........................................................................................................................379 12.9.Installed Software Inventory Report..............................................................................................................380 12.10.Malware Statistics Report...........................................................................................................................382 12.11.Policy Compliance Report...........................................................................................................................390 12.12.Policy Delta Report.....................................................................................................................................394 Comodo Endpoint Security Manager PE - Administrator Guide | © 2019 Comodo Security Solutions Inc. | All rights reserved 3 Comodo Endpoint Security Manager - Professional Edition - Administrator Guide 12.13.Quarantined Items Report...........................................................................................................................398 12.14.Top 10 Malwares Report.............................................................................................................................402 12.15.Warranty Report..........................................................................................................................................407 13.Viewing ESM Information ...................................................................................................................................409 13.1.Viewing Server Information...........................................................................................................................410 13.2.Viewing Support Information.........................................................................................................................411 13.3.Viewing License Information.........................................................................................................................412 13.3.1.Upgrading Your License.......................................................................................................................414 13.4.Viewing the About Screen.............................................................................................................................415 14.Viewing and Managing Preferences .................................................................................................................416 14.1.Configuring General Settings........................................................................................................................418 14.2.Configuring Report Settings..........................................................................................................................418 14.3.Downloading ESM Packages........................................................................................................................419 14.4.Managing Email Notifications........................................................................................................................421 14.5.Viewing and Managing Dependent Servers..................................................................................................425 14.5.1.Adding a Dependent Server.................................................................................................................426 14.5.2.Logging into a Dependent Server.........................................................................................................428 14.5.3.Importing Endpoints to a Dependent Server........................................................................................429 14.5.4.Managing Endpoints Controlled by a Dependent Server.....................................................................430 14.5.5.Editing Dependent Servers..................................................................................................................431 14.5.6.Removing Dependent Servers.............................................................................................................433 14.6.Auto Discovery Settings................................................................................................................................433 Appendix 1 - The Service Configuration Tool........................................................................................................435 Starting and Stopping the CESM Service.............................................................................................................436 Main Settings........................................................................................................................................................436 Server Certificate..................................................................................................................................................439 Network Settings...................................................................................................................................................440 Caching Proxy Settings.........................................................................................................................................441 Troubleshooting.....................................................................................................................................................442 Viewing and Managing CESM Database Files.....................................................................................................443 Viewing Event Log................................................................................................................................................444 About.....................................................................................................................................................................446 Appendix 2 - How to... Tutorials..............................................................................................................................447 How to Configure CESM policies - An Introduction...............................................................................................447 How to Setup External Access from Internet........................................................................................................455 How to Install CES/CAVS on Windows Endpoints Which Were Added by Manually Installing the Agent............459 How to Install CAVM on Mac Endpoints Which Were Added by Manually Installing the Agent............................465 About Comodo Security Solutions.........................................................................................................................471 Comodo Endpoint Security Manager PE - Administrator Guide | © 2019 Comodo Security Solutions Inc. | All rights reserved 4 Comodo Endpoint Security Manager - Professional Edition - Administrator Guide 1.Introduction to Comodo Endpoint Security Manager - Professional Edition Comodo Endpoint Security Manager (CESM) Professional Edition is designed to help administrators of corporate networks deploy, manage and monitor Comodo Endpoint Security software on networked computers. Total Protection for networked computers The most powerful & intuitive all-purpose Endpoint manager in its class, CESM PE manages not only the security of your workstations, laptops and netbooks, but now also manages their system status. Once installed through the simplified wizards, endpoints are quickly and efficiently discovered via Active Directory query or IP address range. They can then be grouped as required and administrative policies applied. CESM will automatically reapply those policies to endpoints not compliant with their required configurations. More efficient, effective and easier management This ability to roll out and centrally manage security policies to a network that is protected with a proven and fully integrated security suite can save thousands of man-hours per year. Administrator time that would otherwise be lost to repetitive configuration and vendor interoperability problems can be re-directed towards more productive and profitable core business interests. Furthermore, because CESM policies can be deployed immediately across all protected nodes, administrators can respond more quickly to protect an entire network against the latest, zero hour threats. CESM's intuitive interface provides fingertip access to task wizards, important network and task related data and support resources. Features: • Total visibility and control over endpoint security through a centralized, web-based console. New, panorama-style, interface compatible with touch-screen computers. Comodo Endpoint Security Manager PE - Administrator Guide | © 2019 Comodo Security Solutions Inc. | All rights reserved 5 Comodo Endpoint Security Manager - Professional Edition - Administrator Guide • Seamless import and control of Microsoft Active Directory Domain into the CESM Administrative Console. • Proven endpoint protection from Comodo Endpoint Security software - including real-time antivirus, packet- filtering firewall, website filtering, automatic sand-boxing of untrusted files and strict host intrusion prevention. • Provides granular software and hardware details for each endpoint including OS version, installed applications, CPU and RAM usage and more. • Effortless endpoint management. Remotely restart endpoints, manage running applications, processes and services, initiate remote desktop sessions through the CESM interface and more. • Highly configurable policies allow admins to enforce power options and device availability controls on endpoints. • New 'Internet policy' supports different CES configuration for devices when inside or outside of the network. • Real time notifications lower emergency response time to emerging threats. • Protects Mac OS based computers with proactive Antivirus and centralized management. • Supports Linux based computers and Windows Embedded systems like Point of Sales (POS) terminals. • New reports with built in drill down to computers and in-report remediation. • Integrated chat window to interact with endpoint users for resolving issues immediately. Guide Structure This guide is intended to take you through the configuration and use of Comodo Endpoint Security Manager Professional Edition and is broken down into the following main sections. The Dashboard - Displays consolidated, 'at-a-glance' statistical summary of vital information like statuses of managed endpoints, security product installations and files identified as potential threats. The Computers Area - Plays a key role in the CESM Administrative Console interface by providing system administrators with the ability to import, view and manage networked computers, create endpoint groups and apply appropriate security policies. • Add/Import computers to CESM for centralized management. • Create computer Groups for easy administration. • Apply security policies to individual endpoints or groups. • View complete details of the endpoints that are managed by CESM. • Assign and re-assign endpoints to groups. • Manage quarantined items, currently running applications, processes and services in remote endpoints. • Managing drives and storage at the endpoints. • Run on-demand antivirus scans on individual endpoints or groups. • Start shared remote desktop session with remote endpoints. • Generate granular reports for grouped endpoints. The Policies Area - Allows administrators to create, import and manage security policies for endpoint machines. • View and modify the configuration of any policy - including name, description, security product components, target computers and whether the policy should allow local configuration. • Create new policies by importing settings from another computer or by modifying an existing policy. • Apply policies to entire endpoint groups. The Quarantine area - View all the suspicious programs, executables, applications and files moved to quarantine by CES and CAVS installations at the managed endpoints and manage them. The Sandbox area - View all the unrecognized programs, executables, applications that are currently run inside the sandbox at the managed endpoints and manage them. Comodo Endpoint Security Manager PE - Administrator Guide | © 2019 Comodo Security Solutions Inc. | All rights reserved 6 Comodo Endpoint Security Manager - Professional Edition - Administrator Guide Files Management - View all the executable files which are not identified as safe on checking with Comodo certified safe files database and manage them. The Applications area - View all applications installed on endpoints and uninstall unwanted applications. The Processes area - View the processes running currently on all the endpoints in real time and terminate unnecessarily running processes at selected endpoints. The Services Area - View the Windows Services, Unix Daemons and Mac Services that are loaded on all the managed endpoints and start or stop services on selected endpoints. The Reports Area - Generate highly informative, graphical summaries of the security and status of managed endpoints. • Drill-down reports can be ordered for anything from a single machine right up to the entire managed network. • Each report type is highly customizable according to administrator's requirements. • Reports can be exported to .pdf and .xls formats for printing and/or distribution. • Available reports include endpoint security product configuration, policy compliance, malware statistics, policy delta, security product logs, quarantined items and more. The Help Area - Allows the administrator to view CESM version and update information, view and upgrade licenses, and view support information. • View the version and update information. View the license information and activate/upgrade licenses. • View details of the server upon which CESM is installed. • View support contact information and different ways to get help on CESM. The Preferences Area - Allows the administrators to configure language settings, report archives, email notifications and dependent CESM servers and to download CESM agents for offline installation on remote endpoints. • Download CESM Agent for installation on to remote endpoints, to manually add them to CESM • Configure the lifetime of the generated reports generated and retained in CESM server. • Select the language in which CESM interfaces should appear. • Configure automated email notifications from CESM. CESM can send notification mails to administrator on the occurrence of certain events like virus outbreaks, malware found and more. • Configure 'dependent' CESM servers. Centrally manage and configure any subordinate CESM server currently managing endpoints on a different network. • Configure the auto discovery feature to identify unmanaged endpoints in Active Directory. 1.1.Software Components and System Requirements Software Components CESM Professional Edition consist of three interdependent software components: • The Administrative Console • The Central Service • The Remote Agent Administrative Console The Administrative Console provides access to all functionality of Comodo Endpoint Security Manager through a friendly and highly configurable interface. Administrators can use the console to deploy, manage and monitor Comodo Endpoint security software on networked computers. Comodo Endpoint Security Manager PE - Administrator Guide | © 2019 Comodo Security Solutions Inc. | All rights reserved 7 Comodo Endpoint Security Manager - Professional Edition - Administrator Guide • Click here to go to the Admin console help pages. • Click here for system requirements for endpoint machines that run the administrative console. • Click here to read about logging into the console. Central Service The Central Service is the main functional module responsible for performance of all CESM system tasks. Central Service also keeps and updates information on all current and past system's activities. • Click here for a guide that explains how to install Central Service. • Click here for system requirements for machines that run the central service. • Click here to read about the central service configuration tool. Remote Agents Remote Agents are intermediaries between remotely managed PC's and CESM Central Service and must be installed on every managed PC. CESM Remote Agents are responsible for receiving tasks and requests from the Central Service and executing those tasks on the Managed Computers. ('Tasks' from Central Service include operations such as installing or uninstalling software, fetching report information and applying security policy). Endpoints imported into a CESM service can be managed only by the same CESM service - meaning the agent cannot be reconfigured to connect to any other CESM service - a feature which increases security. • Click here for system requirements for endpoint machines that run the CESM agent and the security software CES/CAVS or CAV for Mac. • Click here to read how to install and deploy the agent. System Requirements CESM Central Service Computer (the PC that will run the Endpoint Security Manager software) CESM Server version 3.5 can be installed as single application server with built-in database installation, or single application server with database installation on separate server. Following tables provide the hardware and software requirements for CESM Server in each of these installations. Hardware Requirements The following table provides minimum recommended hardware requirements for CESM Server for typical installations, depending on number of endpoints to be managed. Number of endpoints < 200 200 to 1000 1000 to 5000 5000 to 10000 Configuration Single-server Single-server Single-server or Multi-server Single-server or Multi-server CPU x86 or x64 x64 x64 x64; Xeon recommended 2 cores, 2 4 cores, 2 GHz App-tier: 4 cores, 2.4 GHz App-tier: 8 cores, 2.4 GHz GHz Data-tier: 2 cores, 2.4 GHz Data-tier: 6 cores, 2.4 GHz Memory 2 GB 4 GB App-tier: 6 GB App-tier: 12 GB Data-tier: 10 GB Data-tier: 16 GB Storage 1 disk at 7k 1 disk at 7k App-tier: 1 disk at 7k rpm (20 App-tier: 1 disk at 7k rpm (20 rpm (20 GB) rpm (80 GB) GB) GB) Data-tier: 1 disk at 7k rpm (120 Data-tier: SSD or SAS disk GB), SSD or SAS disk array at array at 10k rpm (200GB) 10k rpm recommended Network 10 Mbit 30 Mbit 50 Mbit bandwidth between 80 Mbit bandwidth between bandwidth bandwidth server and endpoints. server and endpoints. between between server 1 Gbit connection with latency of 1 Gbit connection with latency of Comodo Endpoint Security Manager PE - Administrator Guide | © 2019 Comodo Security Solutions Inc. | All rights reserved 8 Comodo Endpoint Security Manager - Professional Edition - Administrator Guide server and and endpoints <1ms between app and data <1ms between app and data endpoints tiers. tiers. Note: The hardware requirements may differ for individual CESM instances and depend on many factors, among which, in the first place, the amount and frequency of data that come from the managed endpoints. The data includes: installed applications and services, security product logs and activities, quarantined and sandboxed items, policy compliance and health monitor statistics alerts. The frequency of sending the data can be configured via policies. Refer to the section Configuring Agent Settings for more details. Software Requirements CESM Server can run on the following operating systems: • Windows 2008 Server (SP2 or higher)1 • Windows 2008 Small Business Server1 • Windows 2008 Server R2 • Windows 2011 Small Business Server • Windows 2012 Server • Windows 2012 Server R2 • Windows Vista (SP2)1 • Windows 7 • Windows 8 • Windows 8.1 • Windows 10 CESM Server can work with the following database servers: • MS SQL Server 2012 LocalDB • MS SQL Server 20052 (for more information, see Hardware and Software Requirements for Installing SQL Server 2005) • MS SQL Server 2008 (for more information, see Hardware and Software Requirements for Installing SQL Server 2008) • MS SQL Server 2012 (for more information, see Hardware and Software Requirements for Installing SQL Server 2012) • MS SQL Server 2014 (for more information, see Hardware and Software Requirements for Installing SQL Server 2014) • PostgreSQL 9.4.5 (for more information, see Supported Platforms) Notes: 1. In case of installing CESM Server to Windows Server 2008 or Windows Vista, automatic installation of prerequisites won't work and all missing components will have to be installed manually. You may still run the Installer to check which of them are needed. 2. Not recommended and will be deprecated in next releases. CESM Server depends on the following prerequisites: • Microsoft® .NET Framework 4.5.2 (Download page) • Microsoft System CLR Types for SQL Server 2012 (x64 package or x86 package) • Microsoft Report Viewer 2012 Runtime (Download page) Comodo Endpoint Security Manager PE - Administrator Guide | © 2019 Comodo Security Solutions Inc. | All rights reserved 9 Comodo Endpoint Security Manager - Professional Edition - Administrator Guide Note - The above components will be installed automatically if not present. If Microsoft .Net Framework 4.0 is present in the system, it will be updated to Microsoft .Net Framework 4.5 automatically. During the update the system will require to restart the server. If you want to avoid restarting the server, close all the applications that use .NET Frame work before installing CESM. However, if some system applications could not be closed, the restart cannot be avoided.) The following table shows recommended software configurations: Number of endpoints < 200 200 to 1000 1000 to 5000 5000 to 10000 OS Any supported, Any Windows Server 2008 R2 or Windows Server 2008 R2 or Configuration single-server supported, newer, newer, single-server single-server multi-server MS SQL Edition Express or Express or Standard Standard or Enterprise edition on LocalDB Standard separate server PostgreSQL Private Private Private instance provided by External instance on separate instance instance instance ESM server provided by provided by ESM ESM CESM Administrative Console computer - (PCs that will run the browser-based interface for configuring and managing the CESM Central Service (this computer may also be the Central Service PC) ADMINISTRATIVE CONSOLE COMPUTER - SYSTEM REQUIREMENTS Hardware Component Display Minimum 1024x768 display with windowed browser Touch capable display interface and operating system (optional) Software Operating The following operating systems are supported: System Microsoft Windows Server Family: Windows 2003 Server (SP2 or higher) * Windows 2003 Small Business Server* Windows 2003 Small Business Server R2* Windows 2008 Server (SP2 or higher) Windows 2008 Small Business Server Windows 2008 Server R2 Windows 2011 Small Business Server Windows 2012 Server Microsoft Windows Client Family: Windows Vista (SP1 or higher) Windows 7 Comodo Endpoint Security Manager PE - Administrator Guide | © 2019 Comodo Security Solutions Inc. | All rights reserved 10

Description:
Comodo Endpoint Security Manager - Professional Edition - Administrator Guide firewall, website filtering, automatic sand-boxing of untrusted files and strict host intrusion prevention. (5) 'Uninstall all incompatible third products' - Check this option to uninstall third party antivirus, firewal
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.