Feedback CESM 2.1 (Beta)

Hi guys,

I am back home. :azn:

Thanks for your support and thanks for including the most requested features. :-TU

Presently, I am trying to simulate my Work atmosphere in Virtual machines, but quite not so lucky now with the new beta somehow.

I have installed CESM 2.1 beta on an XP system (in VM). The installation was smooth. I am trying to deploy CIS on to two clients both running XP (in VM). The network is perfect. I am able to ping each other, share folders etc.

But, when I am trying to deploy CIS I am getting “The network name cannot be found” error 67.

Even trying to deploy CIS on to the same system where CESM is installed is also giving the same error.

Please help me proceed with the deployment. I am not able to do any further investigation.

[attachment deleted by admin]

Tried to test it on my office PC trying to deploy agent on to the same PC, still no luck. :-[

It says bad username or password. But, both id and pwd are correct and they are the same id and pwd used to login to CESM console.

By the way, the error message is a bit confusing. It should be more clear whether the registry key should be “0” or “1” in the attached message. The message simply says check if “HKLM.…\forceguest=0”, should it be “0” or should it not be “0”?

I am stuck here on both VM and my office PC. Please help me to proceed further. :frowning:

Besides, My existing ESET multiple license in my office is expiring and I am in a kind of urgent situation where I need to decide between switching to CESM (I would love to if it fits my environment which does not have internet connection) or renewing the ESET license :-. Please make it quick ;).

Although I could not deploy agent through CESM, connecting CIS to CESM from client side i.e., from CIS interface worked for me.

But, hey, where are the changes? :frowning:

Where is the updates storage? I mean how should I supply bases.cav downloaded from net to CESM? ???

Where are the settings inside policies? I could not figure how to get inside policy actually… ???

When I was trying to run a program on my system (which is now managed by CESM), the program is getting sandboxed and is not trusted (which is normal).

But, when I am trying to add it to “Trusted files”, it says I have to switch back to “local admin” mode to do that, that’s understandable. we do not want users to have control over it when we are managing thgrough CESM . I definitely like that.

I would like to do it from CESM only…, but, how??? ???

I do not even have a sign in my CESM console of something tried to run and was sandboxed on a managed client.???

Hey, I could now get to see the settings inside an imported policy. (I actually had to create a new policy by importing from existing clint to get one)

Although the settings provided in the policies of CESM console look good, they are not yet complete or sufficient.

Besides, I strongly feel that there should be a way of strong communication and alerting mechanism between CESM and it’s clients.

Whenever something is done to clients from CESM (may it be a database update or the start of a system scan or a new policy change), there must be (at least an option to display) an alert (for a predefined time period) on the client system notifying this change. and this alert should be available in CIS local interface (until the end of the event, i.e., database update or system scan)for any client side user to notice that something is happening from CESM side.

The user should be able to contact/request for a permission for a possible temporary override or something getting done from CESM admin (for example trusting an application or excluding a folder from scan or temporarily pausing the system scan) which gives a corresponding alert on the CESM console asking the admin to take decision.

Similarly, there should be a notice or alert on CESM console that a client side override has happened on some system (like somebody with admin rights has changed something inside the settings-the CESM admin should be able to see what settings have been changed or how the policy is now non compliant…so that he can take the required action to whether reapply policy on client or to keep it and import as a new policy)
or
a some client side activity has happened (like programs getting sandboxed or virus infection found), and user is unable to take any decision.

Anyway, this is quite a good move in the correct direction. I appreciate your work and I am looking forward to a more powerful and configurable CESM in the next beta.

Note: Somebody please answer my previous posts. I am waiting… :frowning:

I have seen in the release notes that we can create a deployment package with CIS along with the updates and predefined policy settings. Can some one explain to me how to do this.

Hi SivaSuresh ! Thank you for your feedback.

I think there is a problem with the server name resolving. “The network name cannot be found” error usually occurs when the CESM server is not accessible by NAME. Please check that you can ping the server by name from clients. The list of supported server names you can find in the CESM Configuration Tool. This list is used during CIS deployment to connect to the server . If you use a static IP-address for the server you can add it into this list. Though it is preferable to use DNS names always.

Also as a workaround you can download the Agent setup with the latest version of CIS and server settings embedded into the package (Computers->Update->Checked-in Packages ). Then you can manually install CIS on clients.

Surprisingly, this is happening even if I am trying to deploy agent on to the same system on which CESM is installed.

Yes, I am able to ping the client and CESM server (both are the same in this case) with name.

Hi Siva!

Thanks for the feedback!

Concerning updating endpoints with CIS through CESM. ESM 2.1 Beta contains a component Caching Proxy that is being installed with ESM server. You just need to configure endpoints (using Policy Editor General CIS Settings/Connection) to use ESM server as a http proxy.

P.S.
I’m going to publish a set of videos with all the new features covered. Stay tuned.

Thank you

We are working on providing an ability to manage trusted files/vendors and antivirus exclusions from ESM right now. This feature will be included into the next release.

Thank you.

Tried all the above but no success. Adding from CIS interface worked though.

I do not want to give client side users the chance to do whatever they want even if it is for a short period. Can I install CIS with a predefined policy settings and password ?

https://forums.comodo.com/empty-t83574.0.html;topicseen
Thanks. I will be watching them now. I just thought it would be useful to post this link here.

I just watched the videos. All I could find is that now we can specify the system with CESM installed as a http proxy to all the clients. So good so far.

My primary concern still exists, that I have been repeating everytime. What if I do not have internet on my CESM machine (that’s exactly my case in all the 3 places I am planning to install it).

I have internet at home and I can download bases.cav and other .msi files as well. But, the place where I work, nor the other places where I want to implement offline updates do not have internet connectivity, we are not planning to have in future too (just a waste of resources both money and users wise also, we can not control the users once we provide internet from not using it. Besides, the only need for Internet at my workplace is to have AV updates, which I am presently doing offline from home).

I could not figure it out by myself or from the videos just where to put the downloaded bases.cav or .msi files or how to import them in to CESM…

Please guide me in achieving this.

Siva,

One way to accomplish your task is to install CESM and CIS on a machine where internet connection is available (your home). You should enable Caching Proxy on it and configure CESM and CIS to use this. Then, perform CIS AV updates and download CESM update packages, if any, so the Caching Proxy could save it in its cache. Locate the Proxy folder on disk (you can find it in the COMODO folder in the %ALLUSERSPROFILE% location) and copy all the contents to a CD or USB disk.

Now, provided that you have also enabled Caching Proxy on your workplace CESM installation, replace its data folder with the one you have copied. Ensure Caching Proxy is configured to provide content from cache when the content’s source is not available (enabled by default), and configure all the clients to use it. Having this done, all clients will now receive updates as if Internet connection is available.

Please be aware of the following, however:

  1. This solution is a workaround only, there were no use-cases nor testing for it;
  2. Caching Proxy saves only content requested from the downloads.comodo.com host;
  3. There will be some delay serving each request in offline mode, this is a known issue.


Best regards,
Denis

I have done the same today, but did not get any files or data in “cache” folder. May be the delay you proposed has something to do with it. I will check it again tonight.

even a workaround is fine for me as long as it works and until we get a proper solution. I do not yet understand why the procedure is not working for me. I will any way repeat it twice and thrice and come back with the report.

Ok. It works now. It took some time but it worked.

What I observed is that the bases updated from now on are included in the cache and the complete bases are not.

How can I include the complete bases ? (I have a cruel idea though… I will just delete the bases.cav scanners and repair folder and run an update from scratch, is it OK?)

Are the CIS version upgrades included in the cache?

Can I create the deployment package including both settings and latest bases?

I have observed one more important problem with CIS clients running under CESM. :-[ (Edit:May be it has to do something with me manually deleting bases.cav from the corresponding folders.)

Whenever I run a new program or application, after clicking the “do not isolate again” in the sandbox alert, the file is not getting in to the trusted files list. It gives the same alert everytime I try to open the file, no matter how many times I click the “do not isolate again” link. :o???

I was first unaware of the fact that it is a CESM issue, so I tried all other things, and, I was surprised to see that CIS is now being managed remotely. So we expect it to deny clicking “do not isolate again” or any kind of other popup since CIS now being managed at CESM level. Instead it is accepting the click and just not applying the action. :o

After switching back to local admin mode also I could not get it to work and I had to disable D+ to run the program. :o ???

It’s fine, I will live without that program(thunderbird daily) for a day without any problems. But I would like to see what more problems I will have to face with this kind of configuration. :wink:

I am now reverting back to remote management mode. I will see what more happens… ;D

That might happen because the proxy settings had not yet been applied to CIS at the time it started AV update. Looks like you specified it manually, some time after computer reboot. The best way to apply proxy settings is via policy, set on Unassigned group before the endpoint is managed. Then, when Agent and CIS are deployed, they acquire the configured settings immediately and no connection from CIS will bypass proxy.


Best regards,
Denis

Actually I have installed CESM on a system with already CIS installed and running. I simply added CIS to CESM as a client manually from CIS console. (I failed to do otherwise, you can read my previous posts).
I have now added the proxy settings through CESM console only, but what I feel is CESM proxy cache started caching bases from the version present in CIS to the current version (Obviously that is what is downloaded after CESM installation)

One of the major problems I reported previously with the GUI design still remains.

Whenever I move from one page/screen to another by clicking an internal link, I can not get back to my previous screen in any way.

If I click the “back” button inside CESM console screen, it takes me to the screen above or before the present screen in the CESM hierarchy and not the actual previous screen.

If I click the “back” in the explorer window, it simply offers me to disconnect from CESM.

I have to move through a number of screens again and again just to get back to the previous screen I just visited…

Please change this behaviour…Please…Please…Please…