New ESM 1.6 has been issued

[Guest]

[ratz]

The version you've meant is from the file name. But check installed product version.

[DaveLChgo]

I have ESM 1.5.4  Is there a recommended update path?  I do not see an update option in the ESM console.  Thank you.

[ratz]

Update option is not available if you are behind the proxy or CESM is blocked by Firewall.
Use links in this forum thread to download new version of CESM and upgrade documentation.

[etaftm]

The update link doesn't work at all. I tried it on a test server outside the firewall. When you click on the link nothing happens.

Also, the link attached to the forums is 4.1.152745.936. I think it needs to be updated to the latest release.

Also, the update agent feature did not work. I had to uninstall agent and reinstall.

--- More ---
After doing some more testing I have found that 4.1.152745.936 will not allow config will user is logged off or pc is locked.

I installed CIS 4.1.2673.936 and I was able to push a config will the computer was locked, but not when the user was logged off.

Also, I am having problems installing the offline updater. When I click on the setup it comes up with the COU install screen but the next button doesn't light up.

[ratz]

At the present time CESM console opens link in the default browser.
So if nothing happened - choose your default browser setting.

Run COU installation with follow parameters:
msiexec /i COU_setup.msi /l*xv c:\cou_install.log

Whait untill installation end with some result and send us this log.

[dlehman]

Fantastic work on this release guys.

I like the idea that I can upgrade my clients without uninstalling, I just upgraded all of them to 4.0 this will save a lot of time bringing them to 4.1. 

I like that active directory import now moves computers to the right OU now. 

One feature request, automatically hide or delete computers that are no longer in active directory. 

The install went smooth no errors or problems. 

Again great work. 

[ratz]

Thanks.

[etaftm]

If you figure out how to update the CIS without uninstalling let me know. If I try to install the CIS on a machine with an older version I get the error Another version of this product is already installed. It then tells me I have to remove the older version before I can install the updated version of CIS.

I was also not able to update the CESM agents. I had to uninstall it on everyones machine before it would push the new agent.

[jaaduke]

If you figure out how to update the CIS without uninstalling let me know. If I try to install the CIS on a machine with an older version I get the error Another version of this product is already installed. It then tells me I have to remove the older version before I can install the updated version of CIS.

I was also not able to update the CESM agents. I had to uninstall it on everyones machine before it would push the new agent.

I can confirm this behavior.  Unable to "update" CESM agents nor CIS.  Full uninstall/reinstall required.

[ratz]

1) To Update Agent from 1.51 you have to execute action Agent Control -> Update (Force update)
2) To Update CIS you have to execute action CIS - Update bases/Binaries.

CIS update has a known issue that it does not change it's version in windows registry and does not inform ESM console about update.

CIS downloads updated binaries and ask for restart on the remote workstation.

Note: for XP CIS ask for administrative account to run updater, otherwise update is impossible.

[etaftm]

I do not see the CIS - Updated bases/Binaries.

[etaftm]

This is starting to be a hassle to configure these CIS clients.

- I am having issues with pushing a config and appending to safe list. When I push a config first the append to safe list does not apply to the CIS. If I apply the append safe list first it applies. After a few minutes the Safe List is gone. This is a problem...

- If a request comes up of something wanting access to something I should be able to click on that request and add it to the safe list to the config so I can then push that to all clients. It is too much of a pain to have to track that application to the source and figure out where it is located on the drive and add it to a list to push.

- The safe list doesn't always work. I have added C:\Program Files\*Application Folder*\* and still get request in the CESM to allow or deny something out of that folder. This also goes for Trusted Vendors. I should not see request to allow or deny a application from IBM or HP.

- With the latest CESM Agent I am seeing some agents not come online. I either have to uninstall and reinstall or restart the agent service.

- Any word on the update CIS without having to uninstall and re-install?

- It would be nice to have some sort of directory system setup for Sequences, Tasks, and Packages. Once you start to add quite a few Tasks or whatever it becomes hard on the eyes to find a certain task.

- I will have to agree with the other poster about the balloon messages. They do get pretty intense. The only time a balloon message should pop up is if there is a approval pending or a virus has been found. They don't need to see balloon messages for Defense+ learning or definitions updating.

At this point I don't trust CESM and CIS for Defense+ or Firewall. The only thing that seems to work OK without cause big problems is the A/V.

[ratz]

This is starting to be a hassle to configure these CIS clients.

- I am having issues with pushing a config and appending to safe list. When I push a config first the append to safe list does not apply to the CIS. If I apply the append safe list first it applies. After a few minutes the Safe List is gone. This is a problem...

- If a request comes up of something wanting access to something I should be able to click on that request and add it to the safe list to the config so I can then push that to all clients. It is too much of a pain to have to track that application to the source and figure out where it is located on the drive and add it to a list to push.

This pain will be improved in the next version. 

- The safe list doesn't always work. I have added C:\Program Files\*Application Folder*\* and still get request in the CESM to allow or deny something out of that folder. This also goes for Trusted Vendors. I should not see request to allow or deny a application from IBM or HP.

Well...
CIS send request if safe file tries to start unsafe application or application from unknown vendor.

If app1 is in the safe file list and app1 is not in the safe file list or is not sighed, request appear.
So both should be in the safe file list/signed to remove request and CIS should be in safe mode.

- Any word on the update CIS without having to uninstall and re-install?

CIS update works but remote workstation should be logged on.
Then apply action: Update base/binaries.

- I will have to agree with the other poster about the balloon messages. They do get pretty intense. The only time a balloon message should pop up is if there is a approval pending or a virus has been found. They don't need to see balloon messages for Defense+ learning or definitions updating.

Partially agree with you.

At this point I don't trust CESM and CIS for Defense+ or Firewall. The only thing that seems to work OK without cause big problems is the A/V.

F+ and D+ works fine, you simply have to understand its logic. 

[etaftm]

At this point I don't trust CESM and CIS for Defense+ or Firewall. The only thing that seems to work OK without cause big problems is the A/V.


F+ and D+ works fine, you simply have to understand its logic.

Maybe training would help with understanding the logic and how to configure Defense+ to allow users to actually work without having every program blocked while in safe mode and having safe list pushed out. I can't turn D+ on because it blocks everything even trusted vendors. I push safe list, but I go and look at CIS safe list on that machine and there is nothing there. After configuring and pushing the Firewall config it blocks the network it is on and the CESM agent. So yeah maybe Comodo having better training would be a great help. I have way too much going on a daily basis to have to constantly monitor the CESM to make sure a user can actually work and not have every application blocked.
\

[etaftm]

Just another wish-list item.

Ability to assign a config to a user agent. Basically right click on a workstation with agent install and select a config for it to use. The agent on that machine would go and pull the config from the CESM and always keep the config updated. Instead of having to create a Group and push a config. Especially with laptop environement when people are not always on the network when I try to update their config.

This would make life a lot better.


Thanks,

[Tags:]