CESM2 (40729.6) - Feedback

[Guest]

[SivaSuresh]

Few more observations:

1. The back button on the left does not take me to the previous page that I was visiting, instead it takes me to the upper page in the actual structure hierarchy.
example: I arrived at a client description page from the dashboard, now when I click back, it takes me to the computers page instead of dashboard.

Using the IE back button simply logs me out. I have to re-login.

2. I could not figure out a way to upgrade a CIS client to a newer version or to uninstall and reinstall CIS on a client from console.

[glenmm]

6. I do not feel the new approach to policies very intuitive or useful. It does not even give any gist of the policy that is applied to different groups/clients. There is no way to configure the policy issues from console anyway.(May be my own thoughts..you may feel otherwise)

Hi SivaSuresh, thanks for the detailed feedback. You can find out which policy is applied to an endpoint in the View all computers screen... Policy settings for groups and computers are listed for each ... Bold indicates the current active policy.

--Glen

[SivaSuresh]

Hi SivaSuresh, thanks for the detailed feedback. You can find out which policy is applied to an endpoint in the View all computers screen... Policy settings for groups and computers are listed for each ... Bold indicates the current active policy.

--Glen

Yes, of course I can see the name of the policy, but,

what is inside the policy ? how is it set ? If I want to check whether I allowed cloud scanning or not, or whether I set to scan archives or not ? That's is what I meant...

[SivaSuresh]

Few more:

1. It took a while for me to get it and understand that the new CESM 2 beta did not include an offline updater, It is downloading updates from Internet every time I try to update a client (although I have already updated one of the clients fully), which is ridiculous, it defeats the very purpose of endpoint management.

2. I was really annoyed at one of my clients performance (in this case, it is the same PC that CESM is also on, it's a quad core, 4 Gig) it was not responding for a long time, very slow. After a little research I found out that a full system scan was running with archive scan on (believe me I was really frustrated and thought that something might have happened to my system, before I figured this out). There was no indication either on my screen or in CIS window that a scan is in progress. There was not even a balloon message.

The console shows that a scan is running on this client, but I had no way to check whether the archive scan is on or off. When I try to check it from CIS window, it would politely ask me whether I want to disconnect from CESM...really bad.

Please guys, think about it, really needs a quick response.

[w-e-v]

Hi W-e-v,

We cleared the Machine Code from your beta license. You should be able to re-use the same license key now on your machine and continue your (excellent work at) beta testing.

Thanks
--glen

Thank you Glen very much!

I was able to reinstall and keep working with this amazing ESM.

Here are some more feedback from my testing (Using Internet Online Connectivity instead of Local Internet):

1-) Once RED tile buttons are reviewed and fixed accordingly, they wont update themselves back to grey or into other color right away. For example, I had a red tile button saying that 1 endpoint didnt have lastest AV DB. By the way, the endpoint AV was updating itself (meaning it download more than 100MB, which shouldnt happen when an endpoint is configured to be managed centrally). So I couldnt do anything until let it finish do its work. After it finish, the red tile button would keep saying that 1 client was not updated. I entered the tile to see what info it would display, and showed every client was updated. Went back to the dashboard, and still the same tile was red. So I deleted all history from browser, logged in back and then it was not red anymore.

Same thing happens when viewing a computer. You have 7 buttons at the bottom: refresh, add group, remove, details, run a scan, update av, close. I clicked a computer and clicked on "update av". On STATE, appeared: "Online, AV update: Executing". And the endpoint finished updating but the STATE didnt changed to: "Online, AV update: Updated".

2-) Antivirus scan on ESM say are being EXECUTED ("Executing"), but they are not being executed at the endpoint. Is this configured to worked so, in the background so the endpoint user wouldnt notice it? Or is not really scanning anything? (If it really does execute on the endpoint background so the endpoint user wouldnt notice it, it would be good to show a progress bar at the console). I dont even see logs in the Antivirus Events at the endpoints side.

3-) When and endpoint is being managed centrally, at the left bottom, appears the following info:
Managed Client
Server: x.x.x.x:9901
Manage Remotely / Manage Locally
This last one, is confusing. Its ok when you are going to click it, it will tell you what the action will be. But once you just want to read it just to know your policy, then its not self explanatory. I guess it should be something like this:
Managed Client
Type: Remotely (underline and blue color as a URL)
Server: x.x.x.x:9001
This way is self explanatory and when you click on the TYPE value, it change to LOCALLY and viceversa.

4-) I really think if PARENTAL CONTROL suppresses antivirus, firewall and defense+ alerts, it should also control/restrict somehow the availability to switch from Central Administration mode (Remotely) to Local Administration mode (Locally).

5-) I understand if a Policy is imported that changes should be made from endpoint side, instead of console. However, I do really think that COMPONENTS (antivirus, firewall, defense+) of policies should be able to be changed/modified from the console. In example, if I selected all three, it appears on Components: ALL COMPONENTS. But if I want to remove a component I cant. I have to go over the import policy process.

6-) It would be great if the numbers of computers, as it appears on CURRENT LICENSE, could appear on the DASHBOARD. For example, in the LICENSE EXP. DAYS gray tile, could also appear 57/80 PCs. I know this information about the number of computers appear in the information of the current license. But numbers of PCs on Dashboard gives more quick information about the state or availability of the license.

7-) A quick information box for the admin user would be great: Name of company (who purchased the ESM license), last login,

8-) Mail Settings not working when using SSL. I tried using mail settings without SSL and test emails arrive with no problems whatsoever. Using SSL, requests dont even reach the mail server. Im using port 25 without SSL, and 465 and 587 ports with SSL.

9-) Is it possible to move up the gray tiles, right under the light blue line? I always have to move/scroll down to see the other gray tiles. Besides that blank gap (between the blue line and the first 'two columned' tiles) wastes space.

10-) I restarted the service because of the mail settings selections I did, and all my endpoints show as OFFLINE. If the service is restarted from server that hosts the console, then the server should pick up again the connections from the endpoints after restart. Right now, endpoints OS needs to be restarted to appear as ONLINE again. Also I am getting lots of "DNS failed to be resolved by IP" messages at the WARNING event logs, which is also another reason I believe why the endpoint had difficulties coming back online.

11-) REPORTS > Observe DNS name, IP address, OS Version, CPU, RAM size, HDD size, etc. This is not showing properly when using Internet Online Connectivity. Only OS version and 32/64 bit is shown (even with "include software details in report" is selected).


Things I was able to do that other users feedback show this users were not able to do:
. I find ESM really easy to use (once you get use to the GUI). However as any beta dev, I think some features are missing to develop further.
. I was able to import policies without troubles. (using internet instead of workgroup).


Suggestion for next beta release:
. REALLY IMPORTANT>: push of av database. Right now every av update its downloaded from the internet by all the endpoints!
. Scan and av update should be two separated processes, allowing the console user to perform both task separately and not wait until one is finished to execute the next one.
. Reports should be available in HTML or XML format to display on other media too.
. Some features in policies should be allowed within the console (when minor changes are needed and no direct modification at the endpoint is made).
. A REFRESH button for the current view. There are some sections that need to be refreshed, for example when updating av database, scanning endpoints, reapplying policies to NonComplaint endpoints, etc.
. Availability to detect other third parties AVs, and remove them with one click (this will bring CSC inclusion).
. Display of current running processes in endpoints memory and a verdict of each one of them (as CCE does).

I guess thats about it for today. Will post more as soon as I can get more time to test.

[SivaSuresh]

Thank you Glen very much!

I was able to reinstall and keep working with this amazing ESM.

Here are some more feedback from my testing (Using Internet Online Connectivity instead of Local Internet):

1-) Once RED tile buttons are reviewed and fixed accordingly, they wont update themselves back to grey or into other color right away. For example, I had a red tile button saying that 1 endpoint didnt have lastest AV DB. By the way, the endpoint AV was updating itself (meaning it download more than 100MB, which shouldnt happen when an endpoint is configured to be managed centrally). So I couldnt do anything until let it finish do its work. After it finish, the red tile button would keep saying that 1 client was not updated. I entered the tile to see what info it would display, and showed every client was updated. Went back to the dashboard, and still the same tile was red. So I deleted all history from browser, logged in back and then it was not red anymore.

Same thing happens when viewing a computer. You have 7 buttons at the bottom: refresh, add group, remove, details, run a scan, update av, close. I clicked a computer and clicked on "update av". On STATE, appeared: "Online, AV update: Executing". And the endpoint finished updating but the STATE didnt changed to: "Online, AV update: Updated".

2-) Antivirus scan on ESM say are being EXECUTED ("Executing"), but they are not being executed at the endpoint. Is this configured to worked so, in the background so the endpoint user wouldnt notice it? Or is not really scanning anything? (If it really does execute on the endpoint background so the endpoint user wouldnt notice it, it would be good to show a progress bar at the console). I dont even see logs in the Antivirus Events at the endpoints side.

3-) When and endpoint is being managed centrally, at the left bottom, appears the following info:
Managed Client
Server: x.x.x.x:9901
Manage Remotely / Manage Locally
This last one, is confusing. Its ok when you are going to click it, it will tell you what the action will be. But once you just want to read it just to know your policy, then its not self explanatory. I guess it should be something like this:
Managed Client
Type: Remotely (underline and blue color as a URL)
Server: x.x.x.x:9001
This way is self explanatory and when you click on the TYPE value, it change to LOCALLY and viceversa.

4-) I really think if PARENTAL CONTROL suppresses antivirus, firewall and defense+ alerts, it should also control/restrict somehow the availability to switch from Central Administration mode (Remotely) to Local Administration mode (Locally).

5-) I understand if a Policy is imported that changes should be made from endpoint side, instead of console. However, I do really think that COMPONENTS (antivirus, firewall, defense+) of policies should be able to be changed/modified from the console. In example, if I selected all three, it appears on Components: ALL COMPONENTS. But if I want to remove a component I cant. I have to go over the import policy process.

6-) It would be great if the numbers of computers, as it appears on CURRENT LICENSE, could appear on the DASHBOARD. For example, in the LICENSE EXP. DAYS gray tile, could also appear 57/80 PCs. I know this information about the number of computers appear in the information of the current license. But numbers of PCs on Dashboard gives more quick information about the state or availability of the license.

7-) A quick information box for the admin user would be great: Name of company (who purchased the ESM license), last login,

8-) Mail Settings not working when using SSL. I tried using mail settings without SSL and test emails arrive with no problems whatsoever. Using SSL, requests dont even reach the mail server. Im using port 25 without SSL, and 465 and 587 ports with SSL.

9-) Is it possible to move up the gray tiles, right under the light blue line? I always have to move/scroll down to see the other gray tiles. Besides that blank gap (between the blue line and the first 'two columned' tiles) wastes space.

10-) I restarted the service because of the mail settings selections I did, and all my endpoints show as OFFLINE. If the service is restarted from server that hosts the console, then the server should pick up again the connections from the endpoints after restart. Right now, endpoints OS needs to be restarted to appear as ONLINE again. Also I am getting lots of "DNS failed to be resolved by IP" messages at the WARNING event logs, which is also another reason I believe why the endpoint had difficulties coming back online.

11-) REPORTS > Observe DNS name, IP address, OS Version, CPU, RAM size, HDD size, etc. This is not showing properly when using Internet Online Connectivity. Only OS version and 32/64 bit is shown (even with "include software details in report" is selected).


Things I was able to do that other users feedback show this users were not able to do:
. I find ESM really easy to use (once you get use to the GUI). However as any beta dev, I think some features are missing to develop further.
. I was able to import policies without troubles. (using internet instead of workgroup).


Suggestion for next beta release:
. REALLY IMPORTANT>: push of av database. Right now every av update its downloaded from the internet by all the endpoints!
. Scan and av update should be two separated processes, allowing the console user to perform both task separately and not wait until one is finished to execute the next one.
. Reports should be available in HTML or XML format to display on other media too.
. Some features in policies should be allowed within the console (when minor changes are needed and no direct modification at the endpoint is made).
. A REFRESH button for the current view. There are some sections that need to be refreshed, for example when updating av database, scanning endpoints, reapplying policies to NonComplaint endpoints, etc.
. Availability to detect other third parties AVs, and remove them with one click (this will bring CSC inclusion).
. Display of current running processes in endpoints memory and a verdict of each one of them (as CCE does).

I guess thats about it for today. Will post more as soon as I can get more time to test.

+1

Agree with most of the points (except things like GUI usability)

[w-e-v]

FINAL REVIEW OF CESM2 BETA, VERSION 40729.6

1-) Dashboard made easier. The easiest, the simplest. Right? Well, I finally understood how the dashboard really works and find that it can be simplified for beginners, by modifying the layout. Please take a look at the SCREEN1.GIF file that I attached. I have made (what I consider myself) a simpler dashboard layout with all the required info displayed. Maybe other CESM beta users can give their opinion on this topic?

2-) With the original layout of the dashboard, you can double-click on any SYSTEM STATUS title within the gray tiles, and it will always take you to a different SYSTEM STATUS configuration window. For example, you can go through all the SYSTEM STATUS tile settings and select to be notified by email... doing so will make you to receive 3 or 4 different ESM System Alerts Reports with the same information, except for the OUTBREAK ALERT. Some have 15min, other have 900 seconds, etc. I believe no matter what tile you use, SYSTEM STATUS setting should be the one and only, generating email reports.

3-) I am running an endpoint that apparently is infected, I really believe so. However, the endpoint is set to be configured remotely. I did a full scan and the infection was detected. However, scan results also says that the threat was ALERTED in a window. Never saw that window (neither at the endpoint side nor the server side). I am not able to remove the threat. I did a second scan, thinking that maybe I missed the alert window where I can quarantine or delete the malware. But again, scan result says it was DETECTED and ALERTED. Please take a look at the SCREEN2.GIF, so you understand what I am saying. So, no alert windows whatsoever. And no way to disinfect the endpoint remotely or locally (because once again no alert windows appears during or after the scan finishes).

4-) Email Reports started to get into my mail client. I think the e-mail template its very profesional. Howerver, more details about the system FAILS. For example, I received this alert about the infected endpoint:
Infected Endpoints: FAIL
1 endpoint out of 1 threshold is in infected state.
However, a more detailed report would be much appreciated (what endpoint is infected, what malware, etc). And so on with the other areas of the report. This is specially useful when administrating many machines, and specially if reports have to be given to Audits.

5-) My server IP changed. How can I re-connect? I believe some dyndns service should be run, but that would depend on the demand for that request.


IMPORTANT NOTE: Once again my license key is not working. Is it because my server IP is dynamic? When I see the ESM logs, this is what shows everytime I want to re-enter my license key:
Machine key validation failed. Your CESM license is invalid.

I am running a EC2 service from aws.amazon.com
I pay the server for every hour that it runs. This is a very good source for beta purposes.
However, apparently something changes every time I start the server (I know the IP changes, but not sure if hardware since its a virtual server).

Is it a way that we can permanently work this out so my license does not become invalid?
This happens because I turn off the server when finishing testing (for saving money purposes), and start the server again when doing more testings.


Either way, I think I did lot of testing with this ESM BETA edition. I will wait for the next realease to continue.
Any idea when the next beta release will be available?

Thanks in advance.

[denis.gz]

IMPORTANT NOTE: Once again my license key is not working. Is it because my server IP is dynamic? When I see the ESM logs, this is what shows everytime I want to re-enter my license key:
Machine key validation failed. Your CESM license is invalid.

I am running a EC2 service from aws.amazon.com
I pay the server for every hour that it runs. This is a very good source for beta purposes.
However, apparently something changes every time I start the server (I know the IP changes, but not sure if hardware since its a virtual server).

w-e-v,

This is interesting to know you was able to run ESM server in EC2 cloud, however this is not the supported environment for ESM to run in currently. The machine key computation uses some characteristics of the environment which are both software and hardware specific, and they are not expected to change unless the server hardware and/or OS changes. In your case, your server apparently gets run on a different virtual machine from time to time, thus machine key changes accordingly.

There is no problem to reset your MK once again, but this will not save you from future licensing issues, at least with this Beta. The best solution would be to setup ESM Server on a real physical or virtual machine, which is totally under your control.

Thanks for your feedback,
Denis.

[Sergey Gorodetskiy]

5-) My server IP changed. How can I re-connect? I believe some dyndns service should be run, but that would depend on the demand for that request.

It would be better if you assign one or more static DNS addresses for the server. To support  static address you have to use additional services or tools like DNS servers, DynDNS, Comodo EasyVPN . Note, all supported DNS addresses have to be listed in the Configuration Tool

[w-e-v]

There is no problem to reset your MK once again, but this will not save you from future licensing issues, at least with this Beta. The best solution would be to setup ESM Server on a real physical or virtual machine, which is totally under your control.

Thanks for your feedback,
Denis.

Thank you Denis. I will install the next beta release on a production server.
Is it possible to reset my MK once again please? And I am very interested if you know any plans for the next beta release? That way I can fix my schedule to do more testing with that next release.

Please confirm both actions (reset of MK and next Beta).

Thank you very much. Hope the feedback I sent, help somehow. 

[w-e-v]

It would be better if you assign one or more static DNS addresses for the server. To support  static address you have to use additional services or tools like DNS servers, DynDNS, Comodo EasyVPN . Note, all supported DNS addresses have to be listed in the Configuration Tool

Thank you Sergey. Thats what I imagined.
So I think I better start using production servers. But that will be with the next release.

One quick question though, Can I use a domain instead of an IP in the Configuration Tool on the server side and in the ESM SERVER of the MANAGE THIS ENDPOINT option at the endpoint side?

Thank you so much!

[denis.gz]

One quick question though, Can I use a domain instead of an IP in the Configuration Tool on the server side and in the ESM SERVER of the MANAGE THIS ENDPOINT option at the endpoint side?

Yes, as far as they resolve correctly, DNS names should work. If not, please report a bug.

[Fiolla]

HI W-e-v,

Your license key has been reset again.

If this happens again, please send me a private message and I will reset it.

Thanks,

Fiolla

[glenmm]

When I try to check it from CIS window, it would politely ask me whether I want to disconnect from CESM

Locally managed mode is not disconnected entirely from ESM, as you will be able to see the endpoint's status in the console as Local. It is a prompt you will get from CIS whenever you try to do anything in the CIS interface once the Agent is installed. You can enter local mode at any time, the only effect being ESM won't replace any changes you make in the CIS interface while in local mode with any defined policy.

--Glen

[SivaSuresh]

Locally managed mode is not disconnected entirely from ESM, as you will be able to see the endpoint's status in the console as Local. It is a prompt you will get from CIS whenever you try to do anything in the CIS interface once the Agent is installed. You can enter local mode at any time, the only effect being ESM won't replace any changes you make in the CIS interface while in local mode with any defined policy.

--Glen

Thanks,

Then I suppose I need to recreate a new policy to include these changes for all other clients too. (correct me if I am wrong)

How about the exclusions, do they propagate to all clients if I create a policy basing on once CIS client ? Is there a way to manage exclusions differently ?

Is there a way I can see how I configured the policy from the console, for example what are the exclusions given, is cloud scanning or or off, etc.

By the way,Can some one post a screenshot of how the CESM configuration tool looks like ? I could not get it to work for me.

[Tags:]