CESM 3.0 RC Early Reports/Comments/Opinions

First of all, Thanks to everyone who made this a reality.

I am both impressed and shocked to see this.

I am impressed with the new GUI, options and features of CESM 3 (A big applause for that) :-TU

But, I am shocked to see that most of the complaints/issues that were reported from version to version earlier have not been considered or rectified. :embarassed:

Note: I could not get the panorama view to work. It says HWAcceleration is disabled in SilverLight. Even after enabling it, it does not work. Silverlight settings are reverting back after explorer restart.

No Panorama View-Error (Screenshot attached)

I will try to present my first impressions of this product in a quick report here.

1. Latest Database version, CIS version not mentioned in Console main window.
   (We only see the latest available CIS/Agent versions during the process of adding new Computers.)

2. Policy View ???–No way to see what a Policy really contains.
   What settings CIS has… Can not see policy elements in Console

3. Ability to send messages to client from console

There is no message communication between Client and Console. This is very frustrating in daily use.

For example, when we are updating Bases/running a full scan from console, there should be a balloon tip/notification or some thing like that on the client machine so that the person working on the client can understand why his system slowed down suddenly (they indeed slow down PC performance, and clients have no clue why their system is very slow)

4. Can not see/control sandbox status of apps in Console.

There is no way to view/control applications sandboxed on clients from the Console.
It makes very hard for the client to understand what is happening on his system. Client does not get any messages, can not do anything about it
Admin on Console does not get any messages, can not do anything about it.
It becomes a very chaotic situation.

5. Update Proxy on Client(Online/through Proxy)–No Way to set from Server

6. Update progress, no way to control once started (Can not stop/pause once started from Console or client)

7. Policy apply–Pending ???

I get this “Pending” status when I apply policies on clients. There is no reason why it is pending. The clients are online and connected.

8. Host system hangs very often, while applying policies, updating etc.,

This happened regularly on my Windows 8 x64 host with CESM. I eventually had to disconnect it from Console Remote management in order to get it going without random hangs. It seems to hang when ever I apply a policy or try to force remote management on it (as far as I could observe)

9. Can not install killswitch in clients (Offline)

Still, there is no way to install Killswitch/CCE on clients without internet through the proxy server.

10. Comodo Firewall on Clients Blocks CESM Console from accessing client

This is strange and weird by design. Developers should think of a predefined rule/policy added to clients during agent deployment itself so that the communication between CESM server and client is not blocked by CIS itself.

11. Disable management/configuration from client side (even for local admins)

I was hoping to see this in this version atleast. If it is already present I am missing something here.
All I want is to block my clients from altering CIS settings by taking over local control even though they have administrator access locally. I would like to set a separate password for CIS from Console side.

Only persons with that special password should be able to take control of CIS local management mode. (Change from manage remotely to manage locally)

12. Def+ installed but disabled (BB is not mentioned at all)

One more weird design issue. In CIS 6, Defense+ is disabled by default and BB is enabled. But CESM console does not mention BB, but says Def+ is disabled. At first sight we get an impression that we configured CIS wrongly…

13. Ability to deploy along with a custom policy & Ability to create installers with custom policies

I would like to see the ability to deploy CIS on clients with a custom policy applied during the installation itself, (not applying policy after deployment). Even more, the ability to create a deployment package with custom policy predefined.
(Greatly helps CESM admins in restricting local users/admins from altering CIS or taking control of CIS. Once CIS is installed with a predefined policy with a password protection, it reduces interference from local users by a lot)

14. Remote Session–“No VNC Ready–connection timeout” message

15. Error message when deployment fails are not at all clear

Extra Registry Key is required on Vista/7/8 for deployment. But it is not mentioned that way in the error message.
(Thanks to “Jane” from GeekBuddy support team :-TU for point me to this, I was actually scratching my head as to why I am not getting it to work, while everything is configured correctly)

16. “Policy Not Found” message shows up after clicking an imported policy (Screenshot attached)

18. CESM console says that CIS is not installed on client (in this case the host system itself).
    But CIS is installed and up to date. Agent deployed successfully and running. (Screenshot attached)

19. Two more error messages popped up while using the console. I attached the screenshots for reference.

I will come back with more in a few days after finishing some important job work asap.

[attachment deleted by admin]

good feedback.
pls keep it coming.

Wow Siva - you have many comments so give me awhile to reply to all of them. Also please bear in mind that this is an RC and may not contain all the RTM features.

I could not get the panorama view to work. It says HWAcceleration is disabled in SilverLight. Even after enabling it, it does not work. Silverlight settings are reverting back after explorer restart.

I suspect you are working directly of a virtual machine console. These don’t support “full” hardware acceleration - try connecting to your ESM VM from a physical machine and see what you’re missing

1. Latest Database version, CIS version not mentioned in Console main window. (We only see the latest available CIS/Agent versions during the process of adding new Computers.)

If you really want to spend your time perusing the CIS version, try right-clicking on one of the endpoints (EPs from here onwards) and selecting “Open”. First property on the list is the CIS version. If you don’t have the latest version ESM will tell you.

2. Policy View --No way to see what a Policy really contains. What settings CIS has.. Can not see policy elements in Console

Try selecting “Policy” from the dropdown list and then opening the policy in question. With a complex policy is is not possible to show all the settings in the Console. That said - the Tile displays are evolving and may soon display which policy is applied to them…

3. Ability to send messages to client from console

There is no message communication between Client and Console. This is very frustrating in daily use.

For example, when we are updating Bases/running a full scan from console, there should be a balloon tip/notification or some thing like that on the client machine so that the person working on the client can understand why his system slowed down suddenly (they indeed slow down PC performance, and clients have no clue why their system is very slow)

You currently have the ability to VNC to the remote machine (providing port 4505 is listening on the remote EP). We are putting a chat client in an upcoming release but you should bear in mind that CIS 6 only scans files that have changed since the previous scan so only the first scan is time-consuming and resource intensive.

4. Can not see/control sandbox status of apps in Console.

There is no way to view/control applications sandboxed on clients from the Console.
It makes very hard for the client to understand what is happening on his system. Client does not get any messages, can not do anything about it
Admin on Console does not get any messages, can not do anything about it.
It becomes a very chaotic situation.

You will be able to very soon

5. Update Proxy on Client(Online/through Proxy)--No Way to set from Server

You do this as part of the policy that you deploy. Within the policy you define the update source order. E.g

1. Local ESM server
2. Internet

This means that the EP will try the ESM server first when looking for latest updates and if the ESM server is unavailable for some reason then the EP will go and get the updates from the 'net.

6. Update progress, no way to control once started (Can not stop/pause once started from Console or client)

Nor should you - you may corrupt the definition database

7. Policy apply--Pending

I get this “Pending” status when I apply policies on clients. There is no reason why it is pending. The clients are online and connected.

Yes, you probably will. The CIS service on the EP has to be paused, the new configuration written and the service restarted - this may take a minute or 5 depending on the spec of the EP (CPU/RAM/HDD speed/LAN speed etc.)

8. Host system hangs very often, while applying policies, updating etc.,

This happened regularly on my Windows 8 x64 host with CESM. I eventually had to disconnect it from Console Remote management in order to get it going without random hangs. It seems to hang when ever I apply a policy or try to force remote management on it (as far as I could observe)

This is a bit odd. Our demo environment has Win XP, Win 7, Win 8, Win SBS 2003 and Win SBS 2008 machines and we haven’t seen that behavior. Have a chat with “Jane” and keep your install logs handy.

9. Can not install killswitch in clients (Offline)

Still, there is no way to install Killswitch/CCE on clients without internet through the proxy server.

You don’t need KillSwitch, ESM has that function for you through Kill process, Stop Service and Uninstall Application. CCE is coming soon to ESM.

10. Comodo Firewall on Clients Blocks CESM Console from accessing client

This is strange and weird by design. Developers should think of a predefined rule/policy added to clients during agent deployment itself so that the communication between CESM server and client is not blocked by CIS itself.

ESM deploys CIS with FW disabled (for now and until the CIS Business Edition is ready) We suggest depolying CIS, configuring your FW rules, and your Defense+ Trusted Files while you’re there, then importing that config as an ESM policy for deployment to the other EPs. Once you have this “base” policy cloning and editing it are child’s-play.

11. Disable management/configuration from client side (even for local admins)

I was hoping to see this in this version atleast. If it is already present I am missing something here.
All I want is to block my clients from altering CIS settings by taking over local control even though they have administrator access locally. I would like to set a separate password for CIS from Console side.

This has been around since at least ESM 2.1. During the deployment wizard set a local admin Agent password and a local admin CIS password, I think this is done on stages 6 & 7 of the wizard. Job Done.

12. Def+ installed but disabled (BB is not mentioned at all)

One more weird design issue. In CIS 6, Defense+ is disabled by default and BB is enabled. But CESM console does not mention BB, but says Def+ is disabled. At first sight we get an impression that we configured CIS wrongly…

Same as 10) above. Defense + is deliberately disabled (until CIS BE is out) so as not to interfere with your custom binaries. Follow the advice in 10) above and all will be well.

13. Ability to deploy along with a custom policy & Ability to create installers with custom policies

I would like to see the ability to deploy CIS on clients with a custom policy applied during the installation itself, (not applying policy after deployment). Even more, the ability to create a deployment package with custom policy predefined.
(Greatly helps CESM admins in restricting local users/admins from altering CIS or taking control of CIS. Once CIS is installed with a predefined policy with a password protection, it reduces interference from local users by a lot)

Policy creation during deployment is coming soon…

14. Remote Session--"No VNC Ready--connection timeout" message

As per the release notes included in the installer - please make sure port 4505 is listening on the EP

15. Error message when deployment fails are not at all clear

Unless I am mistaken this error message is discussed in the release notes. You did read the release notes didn’t you …

16. "Policy Not Found" message shows up after clicking an imported policy (Screenshot attached)

A bit weird. Not seen that before.Mention it to “Jane” in your chat.

18. CESM console says that CIS is not installed on client (in this case the host system itself). But CIS is installed and up to date. Agent deployed successfully and running. (Screenshot attached)

Was the EP restarted after the CIS install. If so, mention it to “Jane”. I think this may be environmental though…

As regards the “Storage” errors - are you attaching your ESM server to an existing MS SQL instance? If so which version of MS SQL is it? What platform is that MS SQL instance running on? Does the ESM server have full sa rights to the MS SQL instance?

Thanks for all of this SivaSuresh. It’s great having you guys keeping us on our toes. Let the comments flow…

Regards,
Michel.

Yes. Looking forward a much advanced and improved RTM

No. I installed CESM on Win8x64 Host system. Not a VM.

I do not really want to spend/waste time perusing CIS version, I just want to know the latest version of CIS and Bases right away, immediately. That is why I want it on the main screen.

What I meant by inside a policy is everything that we set in the CIS configuration. The AV settings, Firewall Settings, Def+ settings, Update and Message settings etc., not just AV is On or Off.

For example I would like to know whether automatic cleaning of threats in enabled or disabled, whether Archive scanning is enabled or disabled, “automatically create rules” for HIPS is enabled or disabled etc.,

What I observed during my 2 months use of CIS 6 is that it takes at least 3 hrs to scan my computer even after continuous use of CIS for all 2 months. These are all supposed to be successive scans. I think there are many factors influencing the scan time and scan load. Besides, It would be the ideal way to provide some information on client during the events (at least an option to do so)

Thanks. Awaiting…

Yes. I am getting to understand that the scheme of CESM is to have a system to view settings and make what ever settings changes needed along with the CESM server…

Doesn’t look ideal to me :-TD. Again, a policy issue.

If this is the predefined order, it is OK. But, If we have to define this in policies first, then I will have to get used to it first.

I can not agree. When I added the first client and clicked on update AV from console, it stayed at 0% for almost half an hour without showing any further error/info. I later realised that the client system did not have net connection, tried to cancel the update but could not. I had to restart both CESM server and client to get control again.

I will contact Jane.

Killswitch is of course needed on every client, suppose at some point we want to do something manually from client it self (network failure for example). CIS 6 deeply relies on killswitch to do many simple things unlike CIS 5. (view/kill/restart sandboxed processes for example)

I am getting to understand this. But, again this looks like a handicap for the admin in my opinion (not being able to do anything without a spare/free/model system to work with)

Somehow, I am missing this. I will have another look and come back.

HIPS is disabled in CIS6 as well by default. But there was no mention of BB in CESM at all. That was what I was talking about.

Thanks. Awaiting…

I tried it with FW disabled on all systems both server and clients. May be there is some other issue. I will ask for Jane’s help in this regard too…

I did read the release notes, but what I mentioned in my comments (present and earlier) was that the error message displayed in the console was not informative. It needs to be more accurate.

I will.

Yes. Sure.

The Server is running on Win8 x64. I did not observer which SQL server I chose during installation, but I went with defaults all the way.

Again, thanks for taking time. Hope you guys are enjoying this project too…

Hi again,

Apologies for the delayed reply, little crazy at the moment - but then I wouldn’t have it any other way )

No. I installed CESM on Win8x64 Host system. Not a VM

We have not thoroughly tested the installation of ESM 3 on Windows 8. Windows 8 has deliberately been left off the list of supported platforms here http://www.comodo.com/business-enterprise/cesm3/index.php under the Features and FAQs tab (appreciated that this page wasn't available at the time of release)

I just want to know the latest version of CIS and Bases right away, immediately

It is on the main screen (tile and panoramic display). Either your "Outdated Bases" icon will turn orange or your "Non-compliant" icon will turn orange. Expected result is that they will both turn orange.

What I meant by inside a policy is everything that we set in the CIS configuration

Aah - I see. Yes this is something we are looking at but we are massively extending ESM's management capabilities over the new version of CIS and are playing around with the best way of aesthetically and pragmatically presenting this information.

What I observed during my 2 months use of CIS 6 is that it takes at least 3 hrs to scan my computer even after continuous use of CIS for all 2 months. These are all supposed to be successive scans. I think there are many factors influencing the scan time and scan load. Besides, It would be the ideal way to provide some information on client during the events (at least an option to do so)

This should not be so. Have you posted notification of this on the CIS boards? I will let the CIS guys know about it anyway but could you please provide the platform details of the machine this is happening on or does it happen on all your machines?

Doesn't look ideal to me . Again, a policy issue.

By design. LAN machines would have a policy where the CESM server is the first option for def. updates and download.comodo.com is the second. WAN machines would be download.comodo.com first and CESM server second. Laptops would be WAN first LAN second when away from the office and LAN first WAN second when in the office. Laptops that move between offices would be local ESM server first, remote ESM server second, WAN third (ESM servers can now manage other ESM servers so you could have one master ESM server in the head-office which controls another ESM server in a branch office) The practical way of specifying this would be via a policy.

I later realised that the client system did not have net connection

you could have checked that under the network performance statistics from the "More" option regarding that EP :)

tried to cancel the update but could no

I know, irritates me too and we are working on fixing that (Cancel All, Cancel this one kinda thing)

Killswitch ... (view/kill/restart sandboxed processes for example)

This is done from the ESM console (kill processes/stop services etc.) If there is a networking issue between the EP and the ESM server then yes, Killswitch should be accessible. We are aware of the Killswitch (and Activity Monitor) CIS issues and are working with the CIS team to get these fixed.

this looks like a handicap for the admin in my opinion (not being able to do anything without a spare/free/model system to work with)

Setting up policies pre-deployment (without having to install CIS somewhere first) is something that is high up on the priority list and again the ESM and CIS teams are working on it.

I tried it with FW disabled on all systems both server and clients. May be there is some other issue

Is the websockify service running on the EP? Have a look under the "Services" tab of EP properties and start it if it isn't running.

the error message displayed in the console was not informative. It needs to be more accurate.

Agreed.

The Server is running on Win8 x64

Please try installing on a different platform.

I did not observer which SQL server I chose during installation, but I went with defaults all the way.

That would have been the LocalDB (SQLExpress 2012), but the issue may be Win 8.

Thanks for all your input on this Siva - we really do appreciate it and will ensure you are compensated/rewarded for your time

Regards,
Michel.

Hi Michel,

Thanks for your reply, never mind the delay… 8). It happens when we are seriously at work.

I am very happy to hear that you guys are on your toes in making the best ESM product.

There are so many topics/threads spread over the forum explaining this issue and yes this is the case with all the systems I installed CIS 6 on. What I suppose is that CIS cache which is responsible for faster scan speeds is rebuilt every time there is a database update (I agree it should be, since a file cached as Malware can be identified by new base as a false positive and a file undetected previously can now be detected—which means we need to update the cache with every database update). But, this cache building is not happening as quickly as it is expected to happen and this is hitting HDD performance too. There is still a lot of debate going on and I suppose guys at CAV might be trying hard to solve this puzzling issue.

I was only talking about the defaults that come with CESM installation. I would any way configure them to suite my needs as time passes on.

It would make CESM very powerful, I hope and wish that you achieve this quickly.

I will check and come back.

I will try with another OS and check the results.

I would be honoured If my feedback helps make the first ultimate ESM product. :-TU

Hi Siva,

I had a chat with the guys over at CIS and they have asked if you could please provide:-
-CPU
-RAM
-Hdd speed (5400rpm?, 7200rpm?)
-Volume of data being scanned
-Is the machine virtual or physical

for one of the example machines that is taking 3+ hours to scan?

Regards,
Michel

You can take the example of my sytem itself. I have CIS6 running on it since it’s first beta release. After the final release, I freshly installed the final release.

You can of course check the HW specs from my signature at any time, I will re present them here

AMD Phenom II x4 955 BE
8 GB DDR3 RAM (2 Modules)
240 GB Sandisk Extreme SSD & 3 TB Seagate 7200 RPM HDD (Both SATA III 6 GB/s)
Around 2.5 TB, Mostly large number of small files + some large files.
Physical & Real.

To be more precise CIS 5 and CIS 6 scan times differ by 30 min at max. (Not for immediate successive scans, when scanned after two or three days) (CIS 5 used to take 5 hrs to scan where as CIS 6 scans in 4 to 4 and half hours)

Note: Immediate successive scans in CIS6 are really quick, but that does not last after two or three days…

Hope this info helps.

Thanks Siva,

Will pass this on…Are you scanning all 3.2 TB every time?

Regards,
Michel.

I do not require to. But I do it purposefully to verify different aspects/issues of different versions of CIS with different settings.

Purely Academic Interest. 8)

I do advise a lot of people at my place to use CIS, so I would like to keep myself always updated.

Hi Siva,

I have heard back from the guys at CIS. They say:-

“it may re-scan already scanned files if virus DB is updated and file is NOW known. So in this case not just changed files.”

Regards,
Michel.

I did not quite get what they said about it, but what I understand is that “that is how it works presently”. I hope we get some improvements in this area in future.

Irrespective of this, I would like to have control over a properly and tightly integrated “automatic messaging communication system” between the CESM server and the client, which notifies the clients of ‘resource consuming/important events’ running in their system without their direct notice.

You do have (if I understand correctly) - that is what the warning icons are for as well as the “heads-up” information bar.

Regards,
Michel.

Hi!

I have been experienced system hangs on server machine similar (I think) as SivaSuresh wrote 28.01.2013

8. Host system hangs very often, while applying policies, updating etc.,

This happened regularly on my Windows 8 x64 host with CESM. I eventually had to disconnect it from Console Remote management in order to get it going without random hangs. It seems to hang when ever I apply a policy or try to force remote management on it (as far as I could observe)

CESM Server soon after start began grow in memory using 100% of proccessor time. It grew up to 1.5 GB. Event log showed “InvalidOperationException processing queue” and finaly “OutOfMemoryException processing queue” errors.
I have not reported this problem, trying to find some starting point to investigate, because MichelB said that in demo enviroment “we haven’t seen that behavior”.
I found some hint for this bug looking at network activity of CESM Server Service (CrmSrvService.exe)

1. All computers running Win32 XP Prof SP3. Workgroup - about 8 computers.
2. Server computer - Pentium 4, 3GH, single core.
3. First (year ago), CESM 2.0 was installed. 2.0 did not showed such behaviour. There was a slow (but steadily) grouth of process memory. As I remember, in several days it tended to use all memory, so I started CESM Service to do job and then stopped it.
4. Recently I upgraded CESM server to 2.1 Immediately problems like aforesaid with CESM 3.0 arouse. But I managed to deploy CESM Agents 2.1 to all (but one) computers. Maybe problem arouse after deploying 2.1 Agents, I can’t say.
5. Installed CESM 3.0 RC1, RC2 - all the same.
6. And at last…
   I start service. I do not launch console.
   Network traffic to/from server to/from clients (agents) rather small - ~80 bytes/s, processer load ~0%.
   After several minutes server receives from one of agents (agent 3.0, CIS 5.10) ~28MB at ones, grows in memory ~100MB (to ~190MB), short processor load. Some time later memory freed.
   Several min. later receives from another agent (3.0/5.9) ~122MB, grows in memory to ~550MB Processor load 100%
   Several min. later receives from third agent (2.1/5.10) ~67MB, ~15 min 100% load, process memory changes - 950MB - 550MB - 1GB - 1.5GB, then “OutOfMemoryException processing queue” and memory frees. I have recorded 25min. screen capture http://yadi.sk/d/ijycjlzx2m3lp Screenshot at maximum load and event log attached.
   Sometime service crashes and restarts instead of OutOfMemoryException.
   I think, this happens every hour (if service don’t crash). In 13 hour logging server received 2813 and 6713 MB of data from corresponding computers.

Order of packet and time between arrivals can vary. But each computer always sends packets of the same size.
Other computers never send such packets. These are:
agent 3.0/CIS 6.0 beta (agent reports that there is no CIS there)
Two computers 2.1/5.9
One 2.1/5.10 Recently it was 4’th sending (~240MB packets) and there was agent 2.1 and CIS 5.9, but after uninstall/install CIS & agent it keeps silent.
It seems that “122MB” computer started activity after upgrading agent 2.0 to 3.0
Configurations on all CIS’s are custom and nearly identical. Changing config on “bad” computer from custom to standard (“Internet security”) changes nothing.

Excuse my bad english

[attachment deleted by admin]

Hi lepota,

I have forwarded your comments to the developers and asked them to investigate. I will get back to you a.s.a.p.

Regards,
Michel.

Hi!

I have discovered what is the data agents are sending to servers - firewall logs!
That is what I found it cesmAgn.log (RC2 agent, in final release agent logs nothing) on client that sent earlier 28MB and now, a week later, sends 31 MB:

*** CESM AGENT *** [18:59:05:046] [SYSTEM] [ActionExecutorDiscovery.cpp:30] [THREAD 0x00000334] class CRM::ModCIS::CPluginCIS::CDiscovererGetFirewallLog *** CESM AGENT *** [18:59:05:046] [SYSTEM] [Router.cpp:297] [THREAD 0x00000288] Sent successfully *** CESM AGENT *** [18:59:09:546] [SYSTEM] [ActionExecutorDiscovery.cpp:47] [THREAD 0x00000334] CActionExecutorDiscovery: Write output part. *** CESM AGENT *** [18:59:09:593] [SYSTEM] [Router.cpp:294] [THREAD 0x00000288] Sending 31976444 bytes...

cislogs.sdb on this computer about 12MB, but firewall log saved in HTML from CIS is about 33MB
Similarly on other computers - they send approximately triple size of CIS logging database.
And do it every hour!
With default CIS setting of logfile size up to 200MB, agents can DDoS server with up to 600MB packets.
This is the case with two computers that did not sent big packets to server - log files there are bigger than 100MB and agent cannot prepare log for sending due to lack of resources. Uses of this computers complained lately, that system works very slow…

In the final release of CESM nothing changed (except of agent logging).

And what is the reason of sending logs every hour? I think that server should request logs only when requested from CESM console to build report, and only for specified period of time, dividing big period reports into smaller requests to avoid such load on clients and server.

BTW, agent also collectes and sends antivirus and defence+ logs, but in my case they are very small.

Now I limited CIS (and CES being deployed) logfile size to 5MB.
I recommend to do this to all until this bug will be fixed.

Hello, lepota!

First of all, thank you for great job of investing this logging issue! This is a known problem but your report from real system gives us a lot of valuable information.

Few additional questions arose while reading your comments:

What are the hardware configurations of those problematic endpoints?

Which mode CIS Firewall was in on those endpoints?

Please, keep in touch and we will solve this problem together.

Hello Denis!
Hardware configuration varies from Celeron 2.5 GHz single core with 1GB of memory to Core I5 4 cores 4GB. WinXP 32 Prof SP3 on all computers and CESM server. Firewall is in custom mode, blocking everything that not allowed explicitly. But in whatever mode CIS logfile eventually will grew in size and problems arouse. All computers sends packets corresponding to CIS logfile size which different on each computer (CIS was deployed about 2 years ago, so 200 MB limit was exceeded more then ones). Two computers that did not managed to process and send 100MB+ CIS logfiles and Celerons 2.5 & 3GHz with 1 and 2GB memory. But it occurred that there were largest logfiles in our network.
I emphasize that CESM server requests logs (or agent sends it on its own decision?) when CESM console even not started. Look at my previous post here…
I did not knew what the data was sent from agent then.