Author Topic: Feedback CESM 2.1 (Beta)  (Read 37063 times)

Offline SivaSuresh

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1374
  • Avert the danger that has not yet come
Feedback CESM 2.1 (Beta)
« on: April 08, 2012, 11:52:45 PM »
Hi guys,

I am back home. :azn:

Thanks for your support and thanks for including the most requested features. :-TU

Presently, I am trying to simulate my Work atmosphere in Virtual machines, but quite not so lucky now with the new beta somehow.

I have installed CESM 2.1 beta on an XP system (in VM). The installation was smooth. I am trying to deploy CIS on to two clients both running XP (in VM). The network is perfect. I am able to ping each other, share folders etc.

But, when I am trying to deploy CIS I am getting "The network name cannot be found" error 67.

Even trying to deploy CIS on to the same system where CESM is installed is also giving the same error.

Please help me proceed with the deployment. I am not able to do any further investigation.


[attachment deleted by admin]
with love Siva Suresh
|| Windows7 x64 | CIS 10 | Firefox | Thunderbird | CCleaner | Evernote | PStart | UltraCopier | Dropbox | TeamViewer | Screenshot Captor ||
|| AMD Phenom II x4 955B | ASUS M4A88TD | 8GB DDR3 RAM | 240GB Sandisk SSD  || 6TB SATA II HDD 6Gb/s

Offline SivaSuresh

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1374
  • Avert the danger that has not yet come
Re: Feedback CESM 2.1 (Beta)
« Reply #1 on: April 09, 2012, 06:06:44 AM »
Tried to test it on my office PC trying to deploy agent on to the same PC, still no luck. :-[

It says bad username or password. But, both id and pwd are correct and they are the same id and pwd used to login to CESM console.

By the way, the error message is a bit confusing. It should be more clear whether the registry key should be "0" or "1" in the attached message. The message simply says check if "HKLM\...\forceguest=0", should it be "0" or should it not be "0"?

I am stuck here on both VM and my office PC. Please help me to proceed further. :(

Besides, My existing ESET multiple license in my office is expiring and I am in a kind of urgent situation where I need to decide between  switching to CESM (I would love to if it fits my environment which does not have internet connection) or renewing the ESET license :-\. Please make it quick ;).
with love Siva Suresh
|| Windows7 x64 | CIS 10 | Firefox | Thunderbird | CCleaner | Evernote | PStart | UltraCopier | Dropbox | TeamViewer | Screenshot Captor ||
|| AMD Phenom II x4 955B | ASUS M4A88TD | 8GB DDR3 RAM | 240GB Sandisk SSD  || 6TB SATA II HDD 6Gb/s

Offline SivaSuresh

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1374
  • Avert the danger that has not yet come
Re: Feedback CESM 2.1 (Beta)
« Reply #2 on: April 09, 2012, 06:21:57 AM »
Although I could not deploy agent through CESM, connecting CIS to CESM from client side i.e., from CIS interface worked for me.

But, hey, where are the changes? :(

Where is the updates storage? I mean how should I supply bases.cav downloaded from net to CESM? ???

Where are the settings inside policies? I could not figure how to get inside policy actually... ???

with love Siva Suresh
|| Windows7 x64 | CIS 10 | Firefox | Thunderbird | CCleaner | Evernote | PStart | UltraCopier | Dropbox | TeamViewer | Screenshot Captor ||
|| AMD Phenom II x4 955B | ASUS M4A88TD | 8GB DDR3 RAM | 240GB Sandisk SSD  || 6TB SATA II HDD 6Gb/s

Offline SivaSuresh

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1374
  • Avert the danger that has not yet come
Re: Feedback CESM 2.1 (Beta)
« Reply #3 on: April 09, 2012, 06:35:30 AM »
When I was trying to run a program on my system (which is now managed by CESM), the program is getting sandboxed and is not trusted (which is normal).

But, when I am trying to add it to "Trusted files", it says I have to switch back to "local admin" mode to do that, that's understandable. we do not want users to have control over it when we are managing thgrough CESM . I definitely like that.

I would like to do it from CESM only.., but, how??? ???

I do not even have a sign in my CESM console of something tried to run and was sandboxed on a managed client.???
with love Siva Suresh
|| Windows7 x64 | CIS 10 | Firefox | Thunderbird | CCleaner | Evernote | PStart | UltraCopier | Dropbox | TeamViewer | Screenshot Captor ||
|| AMD Phenom II x4 955B | ASUS M4A88TD | 8GB DDR3 RAM | 240GB Sandisk SSD  || 6TB SATA II HDD 6Gb/s

Offline SivaSuresh

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1374
  • Avert the danger that has not yet come
Re: Feedback CESM 2.1 (Beta)
« Reply #4 on: April 09, 2012, 07:06:06 AM »
Hey, I could now get to see the settings inside an imported policy. (I actually had to create a new policy by importing from existing clint to get one)

Although the settings provided in the policies of CESM console look good, they are not yet complete or sufficient.

Besides, I strongly feel that there should be a way of strong communication and alerting mechanism between CESM and it's clients.

Whenever something is done to clients from CESM (may it be a database update or the start of a system scan or a new policy change), there must be (at least an option to display) an alert (for a predefined time period) on the client system notifying this change. and this alert should be available in CIS local interface (until the end of the event, i.e., database update or system scan)for any client side user to notice that something is happening from CESM side.

The user should be able to contact/request for a permission for a possible temporary override or something getting done from CESM admin (for example trusting an application or excluding a folder from scan or temporarily pausing the system scan) which gives a corresponding alert on the CESM console asking the admin to take decision.

Similarly, there should be a notice or alert on CESM console that a client side override has happened on some system (like somebody with admin rights has changed something inside the settings-the CESM admin should be able to see what settings have been changed or how the policy is now non compliant...so that he can take the required action to whether reapply policy on client or to keep it and import as a new policy)
or
a some client side activity has happened (like programs getting sandboxed or virus infection found), and user is unable to take any decision.

Anyway, this is quite a good move in the correct direction. I appreciate your work and I am looking forward to a more powerful and configurable CESM in the next beta.

Note: Somebody please answer my previous posts. I am waiting... :(
with love Siva Suresh
|| Windows7 x64 | CIS 10 | Firefox | Thunderbird | CCleaner | Evernote | PStart | UltraCopier | Dropbox | TeamViewer | Screenshot Captor ||
|| AMD Phenom II x4 955B | ASUS M4A88TD | 8GB DDR3 RAM | 240GB Sandisk SSD  || 6TB SATA II HDD 6Gb/s

Offline SivaSuresh

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1374
  • Avert the danger that has not yet come
Re: Feedback CESM 2.1 (Beta)
« Reply #5 on: April 09, 2012, 07:24:34 AM »
I have seen in the release notes that we can create a deployment package with CIS along with the updates and predefined policy settings. Can some one explain to me how to do this.
with love Siva Suresh
|| Windows7 x64 | CIS 10 | Firefox | Thunderbird | CCleaner | Evernote | PStart | UltraCopier | Dropbox | TeamViewer | Screenshot Captor ||
|| AMD Phenom II x4 955B | ASUS M4A88TD | 8GB DDR3 RAM | 240GB Sandisk SSD  || 6TB SATA II HDD 6Gb/s

Offline Sergey Gorodetskiy

  • CESMUser
  • Newbie
  • *
  • Posts: 19
Re: Feedback CESM 2.1 (Beta)
« Reply #6 on: April 09, 2012, 07:26:10 AM »
I have installed CESM 2.1 beta on an XP system (in VM). The installation was smooth. I am trying to deploy CIS on to two clients both running XP (in VM). The network is perfect. I am able to ping each other, share folders etc.

But, when I am trying to deploy CIS I am getting "The network name cannot be found" error 67.


Hi SivaSuresh ! Thank you for your feedback.

I think there is a problem with the server name resolving. "The network name cannot be found" error usually occurs when the CESM server is not accessible by NAME. Please check that you can ping the server by name from clients. The list of supported server names you can find in the CESM Configuration Tool. This list is used during CIS deployment to connect to the server . If you use a static  IP-address  for the  server you can add it into this list. Though it is preferable to use DNS names always.

Also as a workaround you can download the Agent setup with the latest version of CIS and server settings embedded into the package (Computers->Update->Checked-in Packages ). Then you can manually install CIS on clients.

Offline SivaSuresh

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1374
  • Avert the danger that has not yet come
Re: Feedback CESM 2.1 (Beta)
« Reply #7 on: April 09, 2012, 07:33:13 AM »
Hi SivaSuresh ! Thank you for your feedback.

I think there is a problem with the server name resolving. "The network name cannot be found" error usually occurs when the CESM server is not accessible by NAME. Please check that you can ping the server by name from clients. The list of supported server names you can find in the CESM Configuration Tool. This list is used during CIS deployment to connect to the server . If you use a static  IP-address  for the  server you can add it into this list. Though it is preferable to use DNS names always.

Also as a workaround you can download the Agent setup with the latest version of CIS and server settings embedded into the package (Computers->Update->Checked-in Packages ). Then you can manually install CIS on clients.
Surprisingly, this is happening even if I am trying to deploy agent on to the same system on which CESM is installed.

Yes, I am able to ping the client and CESM server (both are the same in this case) with name.
with love Siva Suresh
|| Windows7 x64 | CIS 10 | Firefox | Thunderbird | CCleaner | Evernote | PStart | UltraCopier | Dropbox | TeamViewer | Screenshot Captor ||
|| AMD Phenom II x4 955B | ASUS M4A88TD | 8GB DDR3 RAM | 240GB Sandisk SSD  || 6TB SATA II HDD 6Gb/s

Offline D.Kolomiyets

  • Comodo Staff
  • Newbie
  • *****
  • Posts: 7
Re: Feedback CESM 2.1 (Beta)
« Reply #8 on: April 09, 2012, 07:44:02 AM »
Hi Siva!

Thanks for the feedback!

Concerning updating endpoints with CIS through CESM. ESM 2.1 Beta contains a component Caching Proxy that is being installed with ESM server. You just need to configure endpoints (using Policy Editor General CIS Settings/Connection) to use ESM server as a http proxy.

P.S.
I'm going to publish a set of videos with all the new features covered. Stay tuned.

Offline SivaSuresh

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1374
  • Avert the danger that has not yet come
Re: Feedback CESM 2.1 (Beta)
« Reply #9 on: April 09, 2012, 07:45:01 AM »
Hi Siva!

Thanks for the feedback!

Concerning updating endpoints with CIS through CESM. ESM 2.1 Beta contains a component Caching Proxy that is being installed with ESM server. You just need to configure endpoints (using Policy Editor General CIS Settings/Connection) to use ESM server as a http proxy.

P.S.
I'm going to publish a set of videos with all the new features covered. Stay tuned.
Thank you
with love Siva Suresh
|| Windows7 x64 | CIS 10 | Firefox | Thunderbird | CCleaner | Evernote | PStart | UltraCopier | Dropbox | TeamViewer | Screenshot Captor ||
|| AMD Phenom II x4 955B | ASUS M4A88TD | 8GB DDR3 RAM | 240GB Sandisk SSD  || 6TB SATA II HDD 6Gb/s

Offline D.Kolomiyets

  • Comodo Staff
  • Newbie
  • *****
  • Posts: 7
Re: Feedback CESM 2.1 (Beta)
« Reply #10 on: April 09, 2012, 10:51:16 AM »
But, when I am trying to add it to "Trusted files", it says I have to switch back to "local admin" mode to do that, that's understandable. we do not want users to have control over it when we are managing thgrough CESM . I definitely like that.

I would like to do it from CESM only.., but, how??? ???

We are working on providing an ability to manage trusted files/vendors and antivirus exclusions from ESM right now. This feature will be included into the next release.

Offline SivaSuresh

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1374
  • Avert the danger that has not yet come
Re: Feedback CESM 2.1 (Beta)
« Reply #11 on: April 09, 2012, 01:00:52 PM »
We are working on providing an ability to manage trusted files/vendors and antivirus exclusions from ESM right now. This feature will be included into the next release.
Thank you.
I think there is a problem with the server name resolving. "The network name cannot be found" error usually occurs when the CESM server is not accessible by NAME. Please check that you can ping the server by name from clients. The list of supported server names you can find in the CESM Configuration Tool. This list is used during CIS deployment to connect to the server . If you use a static  IP-address  for the  server you can add it into this list. Though it is preferable to use DNS names always.
Tried all the above but no success. Adding from CIS interface worked though.
Also as a workaround you can download the Agent setup with the latest version of CIS and server settings embedded into the package (Computers->Update->Checked-in Packages ). Then you can manually install CIS on clients.
I do not want to give client side users the chance to do whatever they want even if it is for a short period. Can I install CIS with a predefined policy settings and password ?
with love Siva Suresh
|| Windows7 x64 | CIS 10 | Firefox | Thunderbird | CCleaner | Evernote | PStart | UltraCopier | Dropbox | TeamViewer | Screenshot Captor ||
|| AMD Phenom II x4 955B | ASUS M4A88TD | 8GB DDR3 RAM | 240GB Sandisk SSD  || 6TB SATA II HDD 6Gb/s

Offline SivaSuresh

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1374
  • Avert the danger that has not yet come
Re: Feedback CESM 2.1 (Beta)
« Reply #12 on: April 09, 2012, 01:13:41 PM »
I'm going to publish a set of videos with all the new features covered. Stay tuned.
https://forums.comodo.com/empty-t83574.0.html;topicseen
Thanks. I will be watching them now. I just thought it would be useful to post this link here.
with love Siva Suresh
|| Windows7 x64 | CIS 10 | Firefox | Thunderbird | CCleaner | Evernote | PStart | UltraCopier | Dropbox | TeamViewer | Screenshot Captor ||
|| AMD Phenom II x4 955B | ASUS M4A88TD | 8GB DDR3 RAM | 240GB Sandisk SSD  || 6TB SATA II HDD 6Gb/s

Offline SivaSuresh

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1374
  • Avert the danger that has not yet come
Re: Feedback CESM 2.1 (Beta)
« Reply #13 on: April 09, 2012, 01:51:09 PM »
Hi Siva!

Thanks for the feedback!

Concerning updating endpoints with CIS through CESM. ESM 2.1 Beta contains a component Caching Proxy that is being installed with ESM server. You just need to configure endpoints (using Policy Editor General CIS Settings/Connection) to use ESM server as a http proxy.

P.S.
I'm going to publish a set of videos with all the new features covered. Stay tuned.
I just watched the videos. All I could find is that now we can specify the system with CESM installed as a http proxy to all the clients. So good so far.

My primary concern still exists, that I have been repeating everytime. What if I do not have internet on my CESM machine (that's exactly my case in all the 3 places I am planning to install it).

I have internet at home and I can download bases.cav and other .msi files as well. But, the place where I work, nor the other places where I want to implement offline updates do not have internet connectivity, we are not planning to have in future too (just a waste of resources both money and users wise also, we can not control the users once we provide internet from not using it. Besides, the only need for Internet at my workplace is to have AV updates, which I am presently doing offline from home).

I could not figure it out by myself or from the videos just where to put the downloaded bases.cav or .msi files or how to import them in to CESM...

Please guide me in achieving this.
with love Siva Suresh
|| Windows7 x64 | CIS 10 | Firefox | Thunderbird | CCleaner | Evernote | PStart | UltraCopier | Dropbox | TeamViewer | Screenshot Captor ||
|| AMD Phenom II x4 955B | ASUS M4A88TD | 8GB DDR3 RAM | 240GB Sandisk SSD  || 6TB SATA II HDD 6Gb/s

Offline denis.gz

  • CESMUser
  • Newbie
  • *
  • Posts: 9
Re: Feedback CESM 2.1 (Beta)
« Reply #14 on: April 10, 2012, 08:42:56 AM »
I could not figure it out by myself or from the videos just where to put the downloaded bases.cav or .msi files or how to import them in to CESM...

Please guide me in achieving this.
Siva,

One way to accomplish your task is to install CESM and CIS on a machine where internet connection is available (your home). You should enable Caching Proxy on it and configure CESM and CIS to use this. Then, perform CIS AV updates and download CESM update packages, if any, so the Caching Proxy could save it in its cache. Locate the Proxy folder on disk (you can find it in the COMODO folder in the %ALLUSERSPROFILE% location) and copy all the contents to a CD or USB disk.

Now, provided that you have also enabled Caching Proxy on your workplace CESM installation, replace its data folder with the one you have copied. Ensure Caching Proxy is configured to provide content from cache when the content's source is not available (enabled by default), and configure all the clients to use it. Having this done, all clients will now receive updates as if Internet connection is available.

Please be aware of the following, however:

1. This solution is a workaround only, there were no use-cases nor testing for it;
2. Caching Proxy saves only content requested from the downloads.comodo.com host;
3. There will be some delay serving each request in offline mode, this is a known issue.

--
Best regards,
Denis
« Last Edit: April 10, 2012, 08:49:58 AM by denis.gz »

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek