problem on CIS with RDP on WinXP

[Guest]

[Petr M.]

Hi,

i have a few computers running on Windows XP with installed CIS that is centrally managed by CESM v 2.1
On these computers are installed some specific application that were blocked by CIS and moved to SandBox.
I add these specific .exe files to the Defense+ Trusted Files in my policy in CESM (see Capture.PNG)
Then all program run perfectly on all computers with CIS and these specific policy that include Trusted Files definition.

My problem is that when i connect the same computers by windows remote desktop session and run my exe file that was marked as Trusted, CIS display a warning window (see image001 (2).png) and move this app to Sandox.

Why ? Is there any difference between running locally and running in remote desktop session ?
Logged user is the same in both situations. I can´t run these apps in remote desktop session at this time

thanks for your help
BR,
Petr

[MichelB]

Hi Petr,

Depending on how you have configured your CIS settings and your ESM policies you may be finding that a second session (the RDP one) is being treated differently than a console login.

Have a look in the XP task manager and see how many sessions you have open when you RDP in -see screenshot

Personally, I would recommend changing from ESM 2.1 to ESM 3 -http://www.comodo.com/business-enterprise/cesm3/index_v2.php- as CES (Comodo Endpoint Security - the business version of CIS) which comes with ESM3 handles these situations better.

Michel.

[Petr M.]

Hi MichelB

thanks for your reply but i don´t understandt where is a problem.
Yes, of course. There are 2 sessions in WinXP but i think that both sessions accept the same CIS setting and the same policy.
Why local session accept my trusted files and RDP session not ? Can you explain me what changes i need to make in CIS?

PS: i would like upgrade to ESM v3, but upgrade from 2.1 isn´t supported at this time
"The currently available version of ESM v3 should not be upgraded from ESM v1.6, v2.0 & v2.1 due to database incompatibilities. Comodo will advise clients when these updates are available"

[MichelB]

I see from you screenshot you are executing a file from your S: drive, is that correct? Is S: drive a network or terminal services mounted drive (TSclient)?

Unless you have lots of groups and policies you may not need to upgrade, just rip-and-replace...there are a few free tools out there on the internet though that convert SQL CE .sdf files to SQL Express 2012 which is used by v3

Regards,
Michel.

[Petr M.]

Hi MichelB,

yes, this program start from S: drive. It is a mapped network folder (not by TS Client, drive is mounted by windows logon script and is only used in TS also).

PS: i have only one policy a one group. But i can´t register and download 10 free v3 licenses with my registered account from http://www.comodo.com/business-enterprise/cesm3/index_v2.php

i receive an error that "Failed create new Invoice - Cannot buy free product"

[MichelB]

"Failed create new Invoice - Cannot buy free product" means that the email address you are tryiing to use has already been registered against a Free copy of ESM.

Please use another email address.

[Petr M.]

Hi MichelB,

thanks. But you do not answer my primary question.
Why CIS ignore my policy settings in RDP connection ? Are you sure that CESM 3.0 solve this problem or not ?

[lepota]

Hi,

I reported about strange CIS behaviour with RDP more than 2 years ago.

https://forums.comodo.com/format-verified-issue-reports-cis/remote-desktop-connection-to-system-with-cis-freezes-nbz-t69121.0.html;msg490285#msg490285

Defence+ and Sandbox were turned off in my configurations, so I thought that this is firewall rule processing bug. Nobody take an interest in this issue since this time and this strange behaviour remains in all versions of CIS (last tested on CIS 5.12 under Win8). Now I see that this is not firewall but Defence+ bug...


Best regards.

[MichelB]

Hi all,

Our CIS/CES team are aware of this bug and are working on fixing it. The performance has improved using CES but there are still a couple of occasions that this gremlin still pops up.

Please bear with us while we get this resolved, the current fix is in testing and should be ready by the time we release the ESM 3 "update" ~18 April 2013.

Regards,
Michel.

[Tags:]