Author Topic: CESM 3.0 RC Early Reports/Comments/Opinions  (Read 14079 times)

Offline SivaSuresh

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1365
  • Avert the danger that has not yet come
CESM 3.0 RC Early Reports/Comments/Opinions
« on: January 28, 2013, 01:14:04 PM »
First of all, Thanks to everyone who made this a reality.

I am both impressed and shocked to see this.

I am impressed with the new GUI, options and features of CESM 3 (A big applause for that) :-TU

But, I am shocked to see that most of the complaints/issues that were reported from version to version earlier have not been considered or rectified. :embarassed:

Note: I could not get the panorama view to work. It says HWAcceleration is disabled in SilverLight. Even after enabling it, it does not work. Silverlight settings are reverting back after explorer restart.

No Panorama View-Error (Screenshot attached)
 
I will try to present my first impressions of this product in a quick report here.
 
1.   Latest Database version, CIS version not mentioned in Console main window.
(We only see the latest available CIS/Agent versions during the process of adding new Computers.)

2.   Policy View ???--No way to see what a Policy really contains.
What settings CIS has..  Can not see policy elements in Console

Where are the settings inside policies? I could not figure how to get inside policy actually... ???
Hey, I could now get to see the settings inside an imported policy. (I actually had to create a new policy by importing from existing client to get one)

Although the settings provided in the policies of CESM console look good, they are not yet complete or sufficient.

3.   Ability to send messages to client from console

There is no message communication between Client and Console. This is very frustrating in daily use.

For example, when we are updating Bases/running a full scan from console, there should be a balloon tip/notification or some thing like that on the client machine so that the person working on the client can understand why his system slowed down suddenly (they indeed slow down PC performance, and clients have no clue why their system is very slow)
Besides, I strongly feel that there should be a way of strong communication and alerting mechanism between CESM and it's clients.

Whenever something is done to clients from CESM (may it be a database update or the start of a system scan or a new policy change), there must be (at least an option to display) an alert (for a predefined time period) on the client system notifying this change. and this alert should be available in CIS local interface (until the end of the event, i.e., database update or system scan)for any client side user to notice that something is happening from CESM side.

The user should be able to contact/request for a permission for a possible temporary override or something getting done from CESM admin (for example trusting an application or excluding a folder from scan or temporarily pausing the system scan) which gives a corresponding alert on the CESM console asking the admin to take decision.

Similarly, there should be a notice or alert on CESM console that a client side override has happened on some system (like somebody with admin rights has changed something inside the settings-the CESM admin should be able to see what settings have been changed or how the policy is now non compliant...so that he can take the required action to whether reapply policy on client or to keep it and import as a new policy)
or
a some client side activity has happened (like programs getting sandboxed or virus infection found), and user is unable to take any decision.

4.   Can not see/control sandbox status of apps in Console.

There is no way to view/control applications sandboxed on clients from the Console.
It makes very hard for the client to understand what is happening on his system. Client does not get any messages, can not do anything about it
Admin on Console does not get any messages, can not do anything about it.
It becomes a very chaotic situation.
When I was trying to run a program on my system (which is now managed by CESM), the program is getting sandboxed and is not trusted (which is normal).

But, when I am trying to add it to "Trusted files", it says I have to switch back to "local admin" mode to do that, that's understandable. we do not want users to have control over it when we are managing thgrough CESM . I definitely like that.

I would like to do it from CESM only.., but, how??? ???

I do not even have a sign in my CESM console of something tried to run and was sandboxed on a managed client.???

5.   Update Proxy on Client(Online/through Proxy)--No Way to set from Server

6.   Update progress, no way to control once started (Can not stop/pause once started from Console or client)

7.   Policy apply--Pending ???

I get this "Pending" status when I apply policies on clients. There is no reason why it is pending. The clients are online and connected.

8.   Host system hangs very often, while applying policies, updating etc.,

This happened regularly on my Windows 8 x64 host with CESM. I eventually had to disconnect it from Console Remote management in order to get it going without random hangs. It seems to hang when ever I apply a policy or try to force remote management on it (as far as I could observe)

9.   Can not install killswitch in clients (Offline)

Still, there is no way to install Killswitch/CCE on clients without internet through the proxy server.

10.   Comodo Firewall on Clients Blocks CESM Console from accessing client

This is strange and weird by design. Developers should think of a predefined rule/policy added to clients during agent deployment itself so that the communication between CESM server and client is not blocked by CIS itself.

11.   Disable management/configuration from client side (even for local admins)

I was hoping to see this in this version atleast. If it is already present I am missing something here.
All I want is to block my clients from altering CIS settings by taking over local control even though they have administrator access locally. I would like to set a separate password for CIS from Console side.

Only persons with that special password should be able to take control of CIS local management mode. (Change from manage remotely to manage locally)

12.   Def+ installed but disabled (BB is not mentioned at all)

One more weird design issue. In CIS 6, Defense+ is disabled by default and BB is enabled. But CESM console does not mention BB, but says Def+ is disabled. At first sight we get an impression that we configured CIS wrongly...

13.   Ability to deploy along with a custom policy & Ability to create installers with custom policies

I would like to see the ability to deploy CIS on clients with a custom policy applied during the installation itself, (not applying policy after deployment). Even more, the ability to create a deployment package with custom policy predefined.
(Greatly helps CESM admins in restricting local users/admins from altering CIS or taking control of CIS. Once CIS is installed with a predefined policy with a password protection, it reduces interference from local users by a lot)

14.   Remote Session--"No VNC Ready--connection timeout" message

15.   Error message when deployment fails are not at all clear

By the way, the error message is a bit confusing. It should be more clear whether the registry key should be "0" or "1" in the attached message. The message simply says check if "HKLM\...\forceguest=0", should it be "0" or should it not be "0"?
 
Extra Registry Key is required on Vista/7/8 for deployment. But it is not mentioned that way in the error message.
(Thanks to "Jane" from GeekBuddy support team :-TU for point me to this, I was actually scratching my head as to why I am not getting it to work, while everything is configured correctly)

16.   "Policy Not Found" message shows up after clicking an imported policy (Screenshot attached)

18. CESM console says that CIS is not installed on client (in this case the host system itself).
But CIS is installed and up to date. Agent deployed successfully and running.  (Screenshot attached)

19. Two more error messages popped up while using the console. I attached the screenshots for reference.

I will come back with more in a few days after finishing some important job work asap.

[attachment deleted by admin]
with love Siva Suresh
|| Windows7 x64 | CIS 10 | Firefox | Thunderbird | CCleaner | Evernote | PStart | UltraCopier | Dropbox | TeamViewer | Screenshot Captor ||
|| AMD Phenom II x4 955B | ASUS M4A88TD | 8GB DDR3 RAM | 240GB Sandisk SSD  || 6TB SATA II HDD 6Gb/s

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14648
    • Video Blog
Re: CESM 3.0 RC Early Reports/Comments/Opinions
« Reply #1 on: January 28, 2013, 02:00:28 PM »
good feedback.
pls keep it coming.

Offline MichelB

  • Comodo's Hero
  • *****
  • Posts: 516
Re: CESM 3.0 RC Early Reports/Comments/Opinions
« Reply #2 on: January 28, 2013, 02:25:25 PM »
Wow Siva - you have many comments so give me awhile to reply to all of them. Also please bear in mind that this is an RC and may not contain all the RTM features.

Quote
I could not get the panorama view to work. It says HWAcceleration is disabled in SilverLight. Even after enabling it, it does not work. Silverlight settings are reverting back after explorer restart.

I suspect you are working directly of a virtual machine console. These don't support "full" hardware acceleration - try connecting to your ESM VM from a physical machine and see what you're missing

Quote
1.   Latest Database version, CIS version not mentioned in Console main window.
(We only see the latest available CIS/Agent versions during the process of adding new Computers.)

If you really want to spend your time perusing the CIS version, try right-clicking on one of the endpoints (EPs from here onwards) and selecting "Open". First property on the list is the CIS version. If you don't have the latest version ESM will tell you.

Quote
2.   Policy View --No way to see what a Policy really contains.
What settings CIS has..  Can not see policy elements in Console

Try selecting "Policy" from the dropdown list and then opening the policy in question. With a complex policy is is not possible to show all the settings in the Console. That said - the Tile displays are evolving and may soon display which policy is applied to them...

Quote
3.   Ability to send messages to client from console

There is no message communication between Client and Console. This is very frustrating in daily use.

For example, when we are updating Bases/running a full scan from console, there should be a balloon tip/notification or some thing like that on the client machine so that the person working on the client can understand why his system slowed down suddenly (they indeed slow down PC performance, and clients have no clue why their system is very slow)

You currently have the ability to VNC to the remote machine (providing port 4505 is listening on the remote EP). We are putting a chat client in an upcoming release but you should bear in mind that CIS 6 only scans files that have changed since the previous scan so only the first scan is time-consuming and resource intensive.

Quote
4.   Can not see/control sandbox status of apps in Console.

There is no way to view/control applications sandboxed on clients from the Console.
It makes very hard for the client to understand what is happening on his system. Client does not get any messages, can not do anything about it
Admin on Console does not get any messages, can not do anything about it.
It becomes a very chaotic situation.

You will be able to very soon :)

Quote
5.   Update Proxy on Client(Online/through Proxy)--No Way to set from Server

You do this as part of the policy that you deploy. Within the policy you define the update source order. E.g
1) Local ESM server
2) Internet

This means that the EP will try the ESM server first when looking for latest updates and if the ESM server is unavailable for some reason then the EP will go and get the updates from the 'net.

Quote
6.   Update progress, no way to control once started (Can not stop/pause once started from Console or client)

Nor should you - you may corrupt the definition database

Quote
7.   Policy apply--Pending

I get this "Pending" status when I apply policies on clients. There is no reason why it is pending. The clients are online and connected.

Yes, you probably will. The CIS service on the EP has to be paused, the new configuration written and the service restarted - this may take a minute or 5 depending on the spec of the EP (CPU/RAM/HDD speed/LAN speed etc.)

Quote
8.   Host system hangs very often, while applying policies, updating etc.,

This happened regularly on my Windows 8 x64 host with CESM. I eventually had to disconnect it from Console Remote management in order to get it going without random hangs. It seems to hang when ever I apply a policy or try to force remote management on it (as far as I could observe)

This is a bit odd. Our demo environment has Win XP, Win 7, Win 8, Win SBS 2003 and Win SBS 2008 machines and we haven't seen that behavior. Have a chat with "Jane" and keep your install logs handy.

Quote
9.   Can not install killswitch in clients (Offline)

Still, there is no way to install Killswitch/CCE on clients without internet through the proxy server.

You don't need KillSwitch, ESM has that function for you through Kill process, Stop Service and Uninstall Application. CCE is coming soon to ESM.

Quote
10.   Comodo Firewall on Clients Blocks CESM Console from accessing client

This is strange and weird by design. Developers should think of a predefined rule/policy added to clients during agent deployment itself so that the communication between CESM server and client is not blocked by CIS itself.

ESM deploys CIS with FW disabled (for now and until the CIS Business Edition is ready) We suggest depolying CIS, configuring your FW rules, and your Defense+ Trusted Files while you're there, then importing that config as an ESM policy for deployment to the other EPs. Once you have this "base" policy cloning and editing it are child's-play.

Quote
11.   Disable management/configuration from client side (even for local admins)

I was hoping to see this in this version atleast. If it is already present I am missing something here.
All I want is to block my clients from altering CIS settings by taking over local control even though they have administrator access locally. I would like to set a separate password for CIS from Console side.

This has been around since at least ESM 2.1. During the deployment wizard set a local admin Agent password and a local admin CIS password, I think this is done on stages 6 & 7 of the wizard. Job Done.

Quote
12.   Def+ installed but disabled (BB is not mentioned at all)

One more weird design issue. In CIS 6, Defense+ is disabled by default and BB is enabled. But CESM console does not mention BB, but says Def+ is disabled. At first sight we get an impression that we configured CIS wrongly...

Same as 10) above. Defense + is deliberately disabled (until CIS BE is out) so as not to interfere with your custom binaries. Follow the advice in 10) above and all will be well.

Quote
13.   Ability to deploy along with a custom policy & Ability to create installers with custom policies

I would like to see the ability to deploy CIS on clients with a custom policy applied during the installation itself, (not applying policy after deployment). Even more, the ability to create a deployment package with custom policy predefined.
(Greatly helps CESM admins in restricting local users/admins from altering CIS or taking control of CIS. Once CIS is installed with a predefined policy with a password protection, it reduces interference from local users by a lot)

Policy creation during deployment is coming soon...

Quote
14.   Remote Session--"No VNC Ready--connection timeout" message

As per the release notes included in the installer - please make sure port 4505 is listening on the EP

Quote
15.   Error message when deployment fails are not at all clear

Unless I am mistaken this error message is discussed in the release notes. You did read the release notes didn't you ...:)

Quote
16.   "Policy Not Found" message shows up after clicking an imported policy (Screenshot attached)

A bit weird. Not seen that before.Mention it to "Jane" in your chat.

Quote
18. CESM console says that CIS is not installed on client (in this case the host system itself).
But CIS is installed and up to date. Agent deployed successfully and running.  (Screenshot attached)

Was the EP restarted after the CIS install. If so, mention it to "Jane". I think this may be environmental though...

As regards the "Storage" errors - are you attaching your ESM server to an existing MS SQL instance? If so which version of MS SQL is it? What platform is that MS SQL instance running on? Does the ESM server have full sa rights to the MS SQL instance?

Thanks for all of this SivaSuresh. It's great having you guys keeping us on our toes. Let the comments flow...

Regards,
Michel.
« Last Edit: January 28, 2013, 02:28:18 PM by MichelB »

Offline SivaSuresh

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1365
  • Avert the danger that has not yet come
Re: CESM 3.0 RC Early Reports/Comments/Opinions
« Reply #3 on: January 29, 2013, 10:58:00 AM »
Wow Siva - you have many comments so give me awhile to reply to all of them. Also please bear in mind that this is an RC and may not contain all the RTM features.
Yes. Looking forward a much advanced and improved RTM

I suspect you are working directly of a virtual machine console. These don't support "full" hardware acceleration - try connecting to your ESM VM from a physical machine and see what you're missing
No. I installed CESM on Win8x64 Host system. Not a VM.

If you really want to spend your time perusing the CIS version, try right-clicking on one of the endpoints (EPs from here onwards) and selecting "Open". First property on the list is the CIS version. If you don't have the latest version ESM will tell you.
I do not really want to spend/waste time perusing CIS version, I just want to know the latest version of CIS and Bases right away, immediately. That is why I want it on the main screen.

Try selecting "Policy" from the dropdown list and then opening the policy in question. With a complex policy is is not possible to show all the settings in the Console. That said - the Tile displays are evolving and may soon display which policy is applied to them...
What I meant by inside a policy is everything that we set in the CIS configuration. The AV settings, Firewall Settings, Def+ settings, Update and Message settings etc., not just AV is On or Off.

For example I would like to know whether automatic cleaning of threats in enabled or disabled, whether Archive scanning is enabled or disabled, "automatically create rules" for HIPS is enabled or disabled etc.,

You currently have the ability to VNC to the remote machine (providing port 4505 is listening on the remote EP). We are putting a chat client in an upcoming release but you should bear in mind that CIS 6 only scans files that have changed since the previous scan so only the first scan is time-consuming and resource intensive.
What I observed during my 2 months use of CIS 6 is that it takes at least 3 hrs to scan my computer even after continuous use of CIS for all 2 months. These are all supposed to be successive scans. I think there are many factors influencing the scan time and scan load. Besides, It would be the ideal way to provide some information on client during the events (at least an option to do so)

You will be able to very soon :)
Thanks. Awaiting...

You do this as part of the policy that you deploy. Within the policy you define the update source order. E.g
1) Local ESM server
2) Internet
Yes. I am getting to understand that the scheme of CESM is to have a system to view settings and make what ever settings changes needed along with the CESM server...

Doesn't look ideal to me :-TD. Again, a policy issue. ;)

This means that the EP will try the ESM server first when looking for latest updates and if the ESM server is unavailable for some reason then the EP will go and get the updates from the 'net.
If this is the predefined order, it is OK. But, If we have to define this in policies first, then I will have to get used to it first.

Nor should you - you may corrupt the definition database
I can not agree. When I added the first client and clicked on update AV from console, it stayed at 0% for almost half an hour without showing any further error/info. I later realised that the client system did not have net connection, tried to cancel the update but could not. I had to restart both CESM server and client to get control again.

This is a bit odd. Our demo environment has Win XP, Win 7, Win 8, Win SBS 2003 and Win SBS 2008 machines and we haven't seen that behavior. Have a chat with "Jane" and keep your install logs handy.
I will contact Jane.

You don't need KillSwitch, ESM has that function for you through Kill process, Stop Service and Uninstall Application. CCE is coming soon to ESM.
Killswitch is of course needed on every client, suppose at some point we want to do something manually from client it self (network failure for example). CIS 6 deeply relies on killswitch to do many simple things unlike CIS 5. (view/kill/restart sandboxed processes for example)

ESM deploys CIS with FW disabled (for now and until the CIS Business Edition is ready) We suggest depolying CIS, configuring your FW rules, and your Defense+ Trusted Files while you're there, then importing that config as an ESM policy for deployment to the other EPs. Once you have this "base" policy cloning and editing it are child's-play.
I am getting to understand this. But, again this looks like a handicap for the admin in my opinion (not being able to do anything without a spare/free/model system to work with)

This has been around since at least ESM 2.1. During the deployment wizard set a local admin Agent password and a local admin CIS password, I think this is done on stages 6 & 7 of the wizard. Job Done.
Somehow, I am missing this. I will have another look and come back.

Same as 10) above. Defense + is deliberately disabled (until CIS BE is out) so as not to interfere with your custom binaries. Follow the advice in 10) above and all will be well.
HIPS is disabled in CIS6 as well by default. But there was no mention of BB in CESM at all. That was what I was talking about.

Policy creation during deployment is coming soon...
Thanks. Awaiting...

As per the release notes included in the installer - please make sure port 4505 is listening on the EP
I tried it with FW disabled on all systems both server and clients. May be there is some other issue. I will ask for Jane's help in this regard too...

Unless I am mistaken this error message is discussed in the release notes. You did read the release notes didn't you ...:)
I did read the release notes, but what I mentioned in my comments (present and earlier) was that the error message displayed in the console was not informative. It needs to be more accurate.

A bit weird. Not seen that before.Mention it to "Jane" in your chat.
I will.

Was the EP restarted after the CIS install. If so, mention it to "Jane". I think this may be environmental though...
Yes. Sure.

As regards the "Storage" errors - are you attaching your ESM server to an existing MS SQL instance? If so which version of MS SQL is it? What platform is that MS SQL instance running on? Does the ESM server have full sa rights to the MS SQL instance?
The Server is running on Win8 x64. I did not observer which SQL server I chose during installation, but I went with defaults all the way.


Again, thanks for taking time. Hope you guys are enjoying this project too...
with love Siva Suresh
|| Windows7 x64 | CIS 10 | Firefox | Thunderbird | CCleaner | Evernote | PStart | UltraCopier | Dropbox | TeamViewer | Screenshot Captor ||
|| AMD Phenom II x4 955B | ASUS M4A88TD | 8GB DDR3 RAM | 240GB Sandisk SSD  || 6TB SATA II HDD 6Gb/s

Offline MichelB

  • Comodo's Hero
  • *****
  • Posts: 516
Re: CESM 3.0 RC Early Reports/Comments/Opinions
« Reply #4 on: February 01, 2013, 05:50:15 AM »
Hi again,

Apologies for the delayed reply, little crazy at the moment - but then I wouldn't have it any other way )

Quote
No. I installed CESM on Win8x64 Host system. Not a VM
We have not thoroughly tested the installation of ESM 3 on Windows 8. Windows 8 has deliberately been left off the list of supported platforms here http://www.comodo.com/business-enterprise/cesm3/index.php under the Features and FAQs tab (appreciated that this page wasn't available at the time of release)

Quote
I just want to know the latest version of CIS and Bases right away, immediately
It is on the main screen (tile and panoramic display). Either your "Outdated Bases" icon will turn orange or your "Non-compliant" icon will turn orange. Expected result is that they will both turn orange.

Quote
What I meant by inside a policy is everything that we set in the CIS configuration
Aah - I see. Yes this is something we are looking at but we are massively extending ESM's management capabilities over the new version of CIS and are playing around with the best way of aesthetically and pragmatically presenting this information.

Quote
What I observed during my 2 months use of CIS 6 is that it takes at least 3 hrs to scan my computer even after continuous use of CIS for all 2 months. These are all supposed to be successive scans. I think there are many factors influencing the scan time and scan load. Besides, It would be the ideal way to provide some information on client during the events (at least an option to do so)
This should not be so. Have you posted notification of this on the CIS boards? I will let the CIS guys know about it anyway but could you please provide the platform details of the machine this is happening on or does it happen on all your machines?

Quote
Doesn't look ideal to me . Again, a policy issue.
By design. LAN machines would have a policy where the CESM server is the first option for def. updates and download.comodo.com is the second. WAN machines would be download.comodo.com first and CESM server second. Laptops would be WAN first LAN second when away from the office and LAN first WAN second when in the office.  Laptops that move between offices would be local ESM server first, remote ESM server second, WAN third (ESM servers can now manage other ESM servers so you could have one master ESM server in the head-office which controls another ESM server in a branch office) The practical way of specifying this would be via a policy.

Quote
I later realised that the client system did not have net connection
you could have checked that under the network performance statistics from the "More" option regarding that EP  :)

Quote
tried to cancel the update but could no
I know, irritates me too and we are working on fixing that (Cancel All, Cancel this one kinda thing)

Quote
Killswitch ... (view/kill/restart sandboxed processes for example)
This is done from the ESM console (kill processes/stop services etc.) If there is a networking issue between the EP and the ESM server then yes, Killswitch should be accessible. We are aware of the Killswitch (and Activity Monitor) CIS issues and are working with the CIS team to get these fixed.

Quote
this looks like a handicap for the admin in my opinion (not being able to do anything without a spare/free/model system to work with)
Setting up policies pre-deployment (without having to install CIS somewhere first) is something that is high up on the priority list and again the ESM and CIS teams are working on it.

Quote
I tried it with FW disabled on all systems both server and clients. May be there is some other issue
Is the websockify service running on the EP? Have a look under the "Services" tab of EP properties and start it if it isn't running.

Quote
the error message displayed in the console was not informative. It needs to be more accurate.
Agreed.

Quote
The Server is running on Win8 x64
Please try installing on a different platform.

Quote
I did not observer which SQL server I chose during installation, but I went with defaults all the way.
That would have been the LocalDB (SQLExpress 2012), but the issue may be Win 8.

Thanks for all your input on this Siva - we really do appreciate it and will ensure you are compensated/rewarded for your time :)

Regards,
Michel.

Offline SivaSuresh

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1365
  • Avert the danger that has not yet come
Re: CESM 3.0 RC Early Reports/Comments/Opinions
« Reply #5 on: February 01, 2013, 12:07:35 PM »
Hi Michel,

Thanks for your reply, never mind the delay... 8). It happens when we are seriously at work.

I am very happy to hear that you guys are on your toes in making the best ESM product.

This should not be so. Have you posted notification of this on the CIS boards? I will let the CIS guys know about it anyway but could you please provide the platform details of the machine this is happening on or does it happen on all your machines?
There are so many topics/threads spread over the forum explaining this issue and yes this is the case with all the systems I installed CIS 6 on. What I suppose is that CIS cache which is responsible for faster scan speeds is rebuilt every time there is a database update (I agree it should be, since a file cached as Malware can be identified by new base as a false positive and a file undetected previously can now be detected---which means we need to update the cache with every database update). But, this cache building is not happening as quickly as it is expected to happen and this is hitting HDD performance too. There is still a lot of debate going on and I suppose guys at CAV might be trying hard to solve this puzzling issue.
 
By design. LAN machines would have a policy where the CESM server is the first option for def. updates and download.comodo.com is the second. WAN machines would be download.comodo.com first and CESM server second. Laptops would be WAN first LAN second when away from the office and LAN first WAN second when in the office.  Laptops that move between offices would be local ESM server first, remote ESM server second, WAN third (ESM servers can now manage other ESM servers so you could have one master ESM server in the head-office which controls another ESM server in a branch office) The practical way of specifying this would be via a policy.
I was only talking about the defaults that come with CESM installation. I would any way configure them to suite my needs as time passes on.
 
Setting up policies pre-deployment (without having to install CIS somewhere first) is something that is high up on the priority list and again the ESM and CIS teams are working on it.
It would make CESM very powerful, I hope and wish that you achieve this quickly.

Is the websockify service running on the EP? Have a look under the "Services" tab of EP properties and start it if it isn't running.
I will check and come back.

Please try installing on a different platform.
I will try with another OS and check the results.

Thanks for all your input on this Siva - we really do appreciate it and will ensure you are compensated/rewarded for your time :)
I would be honoured If my feedback helps make the first ultimate ESM product. :-TU
with love Siva Suresh
|| Windows7 x64 | CIS 10 | Firefox | Thunderbird | CCleaner | Evernote | PStart | UltraCopier | Dropbox | TeamViewer | Screenshot Captor ||
|| AMD Phenom II x4 955B | ASUS M4A88TD | 8GB DDR3 RAM | 240GB Sandisk SSD  || 6TB SATA II HDD 6Gb/s

Offline MichelB

  • Comodo's Hero
  • *****
  • Posts: 516
Re: CESM 3.0 RC Early Reports/Comments/Opinions
« Reply #6 on: February 02, 2013, 04:47:52 AM »
Hi Siva,

I had a chat with the guys over at CIS and they have asked if you could please provide:-
-CPU
-RAM
-Hdd speed (5400rpm?, 7200rpm?)
-Volume of data being scanned
-Is the machine virtual or physical

for one of the example machines that is taking 3+ hours to scan?

Regards,
Michel

Offline SivaSuresh

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1365
  • Avert the danger that has not yet come
Re: CESM 3.0 RC Early Reports/Comments/Opinions
« Reply #7 on: February 02, 2013, 05:03:29 AM »
Hi Siva,

I had a chat with the guys over at CIS and they have asked if you could please provide:-
-CPU
-RAM
-Hdd speed (5400rpm?, 7200rpm?)
-Volume of data being scanned
-Is the machine virtual or physical

for one of the example machines that is taking 3+ hours to scan?

Regards,
Michel
You can take the example of my sytem itself. I have CIS6 running on it since it's first beta release. After the final release, I freshly installed the final release.

You can of course check the HW specs from my signature at any time, I will re present them here

AMD Phenom II x4 955 BE
8 GB DDR3 RAM (2 Modules)
240 GB Sandisk Extreme SSD & 3 TB Seagate 7200 RPM HDD (Both SATA III 6 GB/s)
Around 2.5 TB, Mostly large number of small files + some large files.
Physical & Real.

To be more precise CIS 5 and CIS 6 scan times differ by 30 min at max. (Not for immediate successive scans, when scanned after two or three days) (CIS 5 used to take 5 hrs to scan where as CIS 6 scans in 4 to 4 and half hours)

Note: Immediate successive scans in CIS6 are really quick, but that does not last after two or three days...

Hope this info helps.

« Last Edit: February 02, 2013, 05:06:42 AM by SivaSuresh »
with love Siva Suresh
|| Windows7 x64 | CIS 10 | Firefox | Thunderbird | CCleaner | Evernote | PStart | UltraCopier | Dropbox | TeamViewer | Screenshot Captor ||
|| AMD Phenom II x4 955B | ASUS M4A88TD | 8GB DDR3 RAM | 240GB Sandisk SSD  || 6TB SATA II HDD 6Gb/s

Offline MichelB

  • Comodo's Hero
  • *****
  • Posts: 516
Re: CESM 3.0 RC Early Reports/Comments/Opinions
« Reply #8 on: February 02, 2013, 06:37:52 AM »
Thanks Siva,

Will pass this on...Are you scanning all 3.2 TB every time?

Regards,
Michel.

Offline SivaSuresh

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1365
  • Avert the danger that has not yet come
Re: CESM 3.0 RC Early Reports/Comments/Opinions
« Reply #9 on: February 03, 2013, 11:12:30 AM »
Are you scanning all 3.2 TB every time?

I do not require to. But I do it purposefully to verify different aspects/issues of different versions of CIS with different settings.

Purely Academic Interest. 8)

I do advise a lot of people at my place to use CIS, so I would like to keep myself always updated. ;)
« Last Edit: February 03, 2013, 12:24:08 PM by SivaSuresh »
with love Siva Suresh
|| Windows7 x64 | CIS 10 | Firefox | Thunderbird | CCleaner | Evernote | PStart | UltraCopier | Dropbox | TeamViewer | Screenshot Captor ||
|| AMD Phenom II x4 955B | ASUS M4A88TD | 8GB DDR3 RAM | 240GB Sandisk SSD  || 6TB SATA II HDD 6Gb/s

Offline MichelB

  • Comodo's Hero
  • *****
  • Posts: 516
Re: CESM 3.0 RC Early Reports/Comments/Opinions
« Reply #10 on: February 07, 2013, 07:27:28 AM »
Hi Siva,

I have heard back from the guys at CIS. They say:-

"it may re-scan already scanned files if virus DB is updated and file is NOW known. So in this case not just changed files."

Regards,
Michel.

Offline SivaSuresh

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1365
  • Avert the danger that has not yet come
Re: CESM 3.0 RC Early Reports/Comments/Opinions
« Reply #11 on: February 07, 2013, 12:46:35 PM »
Hi Siva,

I have heard back from the guys at CIS. They say:-

"it may re-scan already scanned files if virus DB is updated and file is NOW known. So in this case not just changed files."

Regards,
Michel.
I did not quite get what they said about it, but what I understand is that "that is how it works presently". I hope we get some improvements in this area in future.

Irrespective of this, I would like to have control over a properly and tightly integrated "automatic messaging communication system" between the CESM server and the client, which notifies the clients of 'resource consuming/important events' running in their system without their direct notice.
with love Siva Suresh
|| Windows7 x64 | CIS 10 | Firefox | Thunderbird | CCleaner | Evernote | PStart | UltraCopier | Dropbox | TeamViewer | Screenshot Captor ||
|| AMD Phenom II x4 955B | ASUS M4A88TD | 8GB DDR3 RAM | 240GB Sandisk SSD  || 6TB SATA II HDD 6Gb/s

Offline MichelB

  • Comodo's Hero
  • *****
  • Posts: 516
Re: CESM 3.0 RC Early Reports/Comments/Opinions
« Reply #12 on: February 08, 2013, 03:32:35 AM »
You do have (if I understand correctly) - that is what the warning icons are for as well as the "heads-up" information bar.

Regards,
Michel.

Offline lepota

  • Newbie
  • *
  • Posts: 13
Re: CESM 3.0 RC Early Reports/Comments/Opinions
« Reply #13 on: February 21, 2013, 06:49:56 AM »
Hi!

I have been experienced system hangs on server machine similar (I think) as SivaSuresh wrote 28.01.2013
Quote
8.   Host system hangs very often, while applying policies, updating etc.,

This happened regularly on my Windows 8 x64 host with CESM. I eventually had to disconnect it from Console Remote management in order to get it going without random hangs. It seems to hang when ever I apply a policy or try to force remote management on it (as far as I could observe)

CESM Server soon after start began grow in memory using 100% of proccessor time. It grew up to 1.5 GB. Event log showed "InvalidOperationException processing queue" and finaly "OutOfMemoryException processing queue" errors.
I have not reported this problem, trying to find some starting point to investigate, because MichelB said that in demo enviroment "we haven't seen that behavior".
I found some hint for this bug looking at network activity of CESM Server Service (CrmSrvService.exe)

1. All computers running Win32 XP Prof SP3. Workgroup - about 8 computers.
2. Server computer - Pentium 4, 3GH, single core.
3. First (year ago), CESM 2.0 was installed. 2.0 did not showed such behaviour. There was a slow (but steadily) grouth of process memory. As I remember, in several days it tended to use all memory, so I started CESM Service to do job and then stopped it.
4. Recently I upgraded CESM server to 2.1 Immediately problems like aforesaid with CESM 3.0 arouse. But I managed to deploy CESM Agents 2.1 to all (but one) computers. Maybe problem arouse after deploying 2.1 Agents, I can't say.
5. Installed CESM 3.0 RC1, RC2 - all the same.
6. And at last...
I start service. I do not launch console.
Network traffic to/from server to/from clients (agents) rather small - ~80 bytes/s, processer load ~0%.
After several minutes server receives from one of agents (agent 3.0, CIS 5.10) ~28MB at ones, grows in memory ~100MB (to ~190MB), short processor load. Some time later memory freed.
Several min. later receives from another agent (3.0/5.9) ~122MB, grows in memory to ~550MB Processor load 100%
Several min. later receives from third agent (2.1/5.10) ~67MB, ~15 min 100% load, process memory changes - 950MB - 550MB - 1GB - 1.5GB, then "OutOfMemoryException processing queue" and memory frees. I have recorded 25min. screen capture http://yadi.sk/d/ijycjlzx2m3lp Screenshot at maximum load and  event log attached.
Sometime service crashes and restarts instead of OutOfMemoryException.
I think, this happens every hour (if service don't crash). In 13 hour logging server received 28*13 and 67*13 MB of data from corresponding computers.

Order of packet and time between arrivals can vary. But each computer always sends packets of the same size.
Other computers never send such packets. These are:
agent 3.0/CIS 6.0 beta (agent reports that there is no CIS there)
Two computers 2.1/5.9
One 2.1/5.10 Recently it was 4'th sending (~240MB packets) and there was agent 2.1 and CIS 5.9, but after uninstall/install CIS & agent it keeps silent.
It seems that "122MB" computer started activity after upgrading agent 2.0 to 3.0
Configurations on all CIS's are custom and nearly identical. Changing config on "bad" computer from custom to standard ("Internet security") changes nothing.

Excuse my bad english



[attachment deleted by admin]
« Last Edit: February 21, 2013, 07:03:02 AM by lepota »

Offline MichelB

  • Comodo's Hero
  • *****
  • Posts: 516
Re: CESM 3.0 RC Early Reports/Comments/Opinions
« Reply #14 on: February 21, 2013, 05:29:20 PM »
Hi lepota,

I have forwarded your comments to the developers and asked them to investigate. I will get back to you a.s.a.p.

Regards,
Michel.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek