I’m evaluating the comodo ESM with the 10 user license pack.
So far its been a very bumpy journey.
The issues i’ve encountered are as follows
The deployment -
I’ve not had one deployment work smoothly, every machine I’ve had to manually intervene on to get the software installed, all the machines were already running some form of comodo software either just the antivirus/defense or the full IS, the deployment failed on all machines without uninstalling the comodo product first, some of the machines it installed alongside and then would not let me uninstall without using a third party tool. Some of the machines I had to copy the installer to and run.
Randomly for no reason the the list of computers will go into a non-compliant state and I have to go and re-apply the policy.
I also can’t see a way of defining a global rule to allow windows RDP through the firewall.
It sends out a report each day after I enabled email notifications, this report regardless of what language is selected is always in Chinese???
I also have a machine permanently reporting that it is infected, when it is not. A full scan detects nothing yet the dashboard says the machine is infected and the infection report also says what is infected and the files do not exist on the machine or in quarantine.
Finally once the software is deployed and running and everything is as it should be, I love the software.
The features it has are superb, managing aps,processes,services etc denying access to USB all really very cool.
Looks like you are not having much fun, and that isn’t on.
What OS is ESM host running?
What CPU(s), RAM and free HDD space does the ESM host machine have?
Are you using the LocalDB SQL database or an external (even if it is on the same box) SQLExpress DB?
What OSs are the endpoints running?
What version of CIS (or CES) was on those machines that ESM couldn’t uninstall?
What OSs are the endpoints randomly going non-compliant running?
RDP can be globally allowed as an Application rule but it is easier to use ESM’s built-in encrypted VNC viewer
The Chinese report is weird, the devs have been notified but we made need to contact you to investigate your ecosystem
Which version of CES and what OS is on the infected clean machine.
Please could you let us have the above info so that we can start resolving your problems. We have a new release coming out in a couple of days which (I suspect) will fix most of these but I don’t want to seem to be ‘buck-passing’ here.
1 ) ESM is on windows server 2012
2 ) Intel Xeon E5450 3.00Ghz, 8GB Ram, 100+GB free space
3 ) Using the localDB that it provides
4 ) All windows 7 Pro
5 ) Most people were running the latest version of just the AV, I was running the latest CIS
6 ) Windows 7 Pro
7 ) OK, I would like to know how to add it though
8 ) Yes very odd
9 ) The machine has now sorted itself and is showing as clean
Regarding 7.‘I also can’t see a way of defining a global rule to allow windows RDP through the firewall.’
If you are referring to Comodo Firewall,you can create a rule for RDP on an endpoint from which you will be discovering the CES policy.
On the endpoint on which CES is installed, open the user interface of CES and try out the following rule:
Open COMODO Firewall menu and go to Global Rules.
Create a new global rule that looks like this:
Source IP: the IP of the computer you are connecting from
Destination IP: ANY
Source port: ANY
Destination port: 3389
Enable Comodo Firewall and check it you are able to connect.
I did add the firewall rule to the endpoint then create a policy based on that endpoint, alas it still did not work.
Also if you modify the endpoint then the policy gets re-applied it removes those rules (as you’d expect)
I may try again to add the custom rule and re-create the policy.
Please set the endpoint on Locally configured policy, modify it (add the rule) and then try again.
5a. If you still have a CIS standalone version installed , please open the user interface->click on ‘?’ and click on About and copy paste back the numbers from Product version . It should show something like this ‘6.3.294583.2937’
5b.Please reply with the ESM version too.In the ESM console click on Help->About ESM from the drop down menu from the right. Reply back with the ESM version .It should be something like ‘3.0.6xxxx.x’
5c.On the endpoint on which you have deployed CES , right click on it and click Properties. In the General tab you should have something like CES Version. Please reply back with the CES version installed on the endpoint.
For the endpoint that was shown as infected, please create from the ESM console Reports->click on ‘+Add’->CES/CAV logs for Firewall,Antivirus and Defense+ and reply back with them.
Is the Rdp issue still present? After creating the policy based on the endpoint that was set on locally configured and the RDP rule added?
After applying this policy on another endpoint, are you able to RDP into that endpoint?
6.For the endpoints that go in Non -compliant please create a 2 reports and reply back with them:
Reports->add->policy delta report->select the non compliant endpoint(s)
Reports->add->policy compliance report->select the non compliant endpoint(s)
9.For the endpoint that was shown as infected, please create from the ESM console Reports->click on ‘+Add’->CES/CAV logs for Firewall,Antivirus and Defense+ and reply back with them.