Give us your feedback! Help us improve the product!

Melih

Thank you very much. I look forward to this being the start to a long and profitable relationship!

Now, I must get installing…

Regards

Frank

same here.
pls let me know if you need help so that i can get our support guys in touch with you.
thanks
Melih

Let the fun begin!

Thanks, Melih, for the links. Thanks, Comodo for rolling out the product!

LM

Thanks! Downloading now.

BTW - Here are the links without the
in it the link causing it to be broken.

CIS_RM_Setup_3.8.65951.477_XP_Vista_x32.msi
CIS_RM_Setup_3.8.65951.477_XP_Vista_x64.msi
CESM_Setup_1.1.1813.31_XP_Vista_x32.msi
CESM_Setup_1.1.1813.31_XP_Vista_x64.msi

Thanks,
LHammonds

Comodo Endpoint Security Manager 1.1.1813.31

Software Requirements

CESM Central Service computer

1. Windows 2008 Server, Windows 2003 Server SP1, Windows XP SP2 or Windows Vista
2. .NET Framework 2.0
3. MS SQL Server 2005 Express SP2 or higher

CESM Administrative Console computer

1. Windows XP SP2 or Windows Vista
2. .NET Framework 2.0

CESM Agent computer

1. Windows XP SP2 or Windows Vista

QUESTION: The requirements list “MS SQL Server 2005 Express SP2 or higher” but the installation package fails to recognize my SQLExpress instance on the “Service parameters” step in the installation. I also tried to type in the instance name manually but also fails on the next step. I have SQL Server 2008 Express installed and running. Does this product only work with 2005 Express?

QUESTION: I am curious, what other products do you plan to incorporate with CESM and in what order do you expect to work on them? (assuming you release a new package as you go)

Other products I would be interested in rolling out and managing would be:

• BOClean (biggest priority)
• Anti-SPAM
• SecureEmail (maybe)

EDIT: I removed SQL 2008 Express and installed SQL 2005 Express Adv and the installation worked. So apparently, this software “REQUIRES” 2005 only. I did use the SP3 version of 2005.

Disk Encryption will be incorporated as the next stage…

Good point!

Also note that if you’re installing on an XP SP3 box, you will likely run into issues with MSXML6.

Reason is that XP SP3 includes a newer version than what comes w/MS SQL Server 2005 Express SP3. Apparently MS SQL can’t tell a newer version already exists and not install that part, so the whole thing gets hosed.

If so, use MSICUU2 to remove the XP SP3 version of MSXML6, then reinstall MS SQL Server 2005 Express. Not the cleanest way, but until XP and SQL coders can work together it may be all you can do…

LM

What exactly gets hosed up? Everything seems to be working OK. I have 2 machines managed with the CIS product remotely installed.

I had the following installed PRIOR to install WinXP SP3:

• MSXML 4.0 SP2 (KB954430)
• MSXML 4.0 SP2 Parser and SDK
• MSXML 6.0 Parser

Here are the version details of my system as it currently stands:

• Comodo CESM Agent - Version 1.0.0.0
• Comodo Endpoint Security Manager - Version 1.1.1813.31
• Comodo Internet Security - Version 3.8.6595.1477
• MSXML 4.0 SP2 (KB954430) - Version 4.20.9870.0
• MSXML 4.0 SP2 Parser and SDK - Version 4.20.9818.0
• MSXML 6.0 Parser - Version 6.10.1129.0
• Microsoft .NET Framework 1.1
• Microsoft .NET Framework 1.1 Hotfix (KB928366)
• Microsoft .NET Framework 2.0 Service Pack 2 - Version 2.2.30729
• Microsoft .NET Framework 3.0 Service Pack 2 - Version 3.2.30729
• Microsoft .NET Framework 3.5 SP1
• Microsoft SQL Server 2005 Express Edition with Advanced Services SP3 - Version 9.00.4035
• Windows Installer 4.5
• Windows Internet Explorer 7 - Version 7.0.5730.11
• Windows PowerShell™ 1.0 - Version 2
• Windows XP Service Pack 3

LHammonds

If you had MSXML6 prior to update from XP SP2 to SP3, you might be fine. The SP3 installer might be “smart” enough see XML already there and not overwrite the install.

Here’s the way it tends to happen, though:

XP SP3 installs MSXML6.

MSSQL Server 2005 Express comes with MSXML6 as well. Their installer can’t tell (or doesn’t “care”) that XML is already installed. Rather than skip it, it reinstalls over (but doesn’t uninstall the existing one first). However, it can’t complete the install because a newer version (from SP3) is already installed, so it errors out.

Thus, MSSQL can’t complete it’s install because of a problem w/VSS Writer (MSXML6 issue). Existing MSXML6 is at that point non-functional; it cannot be repaired, nor uninstalled, because there is an incomplete installation pending, and MSSQL still “wants” to install its version of MSXML in order to finish installing.

The work-around then is to install MSICUU2 to remove the now-corrupt MSXML6, then reinstall MSSQL.

The issue is well-documented online (although not so much by MS…).

LM

After testing the software, I have a few comments that would make it easier to use/administer for our environment. It is possible I missed a few of these things in the documentation. If I have, please point me to the right places.

For information:
Client machines - All Windows XP (x86) with all of the latest patches/service packs.
Server - Windows 2003 Server (x86) with SQL Server 2k5 Express

1: Ability to enable/disable portions of the software during install or from the admin console.
Specifically, we’d like to implement the virus scanner now on all machines, but not enable the firewall. I don’t see any convenient way to do this. If I need to use the import/export configuration piece (under tools I think), either give an easier way to find documentation or just implement a basic configuration manager for setting certain components for certain groups of users. I guess what I’d eventually like to see is service classes for different machines.

2: The ability to allow virus scanning to be initiated on the client machines. I installed the remote management version of the Comodo software and noticed a few things weren’t working properly (or at least it didn’t appear to be).
a: Real-time scanning didn’t look to be enabled by default.
b: There wasn’t any way to have the end-user right-click on a file/directory and scan something immediately.
c: The user couldn’t initiate a scan of the entire disk/machine from the comodo interface on the client machine. Everything popped up that it was disabled in the Remote Administration Mode.

3: There were a few minor issues with the software removal portion capability. Specifically, it was the list of installed software wasn’t 100% accurate. When I went into Add/Remove programs, Hamachi was installed. In the list of installed software that I had Comodo pull, Hamachi wasn’t in the list. So… in this case, there is a disparity between the installed software lists.

I would like to be able to easily unlock some of that functionality for some users. I know I can install the normal free version on client machines… but that removes the ability for me for force a scan across the entire network.

It looks like you’re off to a great start. I will enjoy seeing it evolve as time goes on. ;D

Adding To The Above Points Mentioned By Wlovins, I Would Also Like To Mention That An Option Should Be Added Where The Client PC’s Can Fetch The Vir. Def. Updates Which Is Been Already Downloaded To A Centralised Server. Since We Don’t Have This Option In The Versions Released So Far, All My Client PC’s Has To Connect To The Internet Individually To Update The Vir. Definitions Which Eat’s The Bandwith. Moreover Its Been Something Like Making Mandatory That The Client PC’s Should Have An Internet Connection.

I agree with Wlovins and napsterz. The three main functions I would like to see are user initiated scanning, delete computers, and move computers.
Currently I only have the 5 free licenses but I will have the full product soon, so this may not be an issue. But if a user thinks they have a virus I go look at their PC and run scans, even logged in as admin to their box I cannot run a manual scan. However, getting CIS deployed throughout the network should stop the virus from getting in, in the first place.
I am in a network where the AD changes quite frequently. I am in process of cleaning it up and that involves deleting old computers and renaming current computers and putting them in the appropriate OU.
Comodo will import the AD structures just fine and when I rename a computer in AD doing another import will update the CESM database. However, it will not delete computers or move the renamed ones to the new OU.
I understand not deleting a computer to preserve the integrity of the database and history of alerts and logs. But I have 375 computers and only 5 are managed at this time. If a computer has never been managed, you should be able to delete it. Also I don’t think changing its place in the computer tree will affect the integrity of the database.

Thank you,
dlehman

Hello!

I just want to comment some of you post to give you updated information about COMODO products.

wlovins

1: Ability to enable/disable portions of the software during install or from the admin console. Specifically, we'd like to i....

CIS 3.11 support partial installation. You can select components to install - Defence+ and Firewall or Defence+ and Antivirus.

napsterz
Comodo Offline updater can be used to update antivirus, so for now computers can have no internet connection. Just connection to Comodo Offline updater.

dlehman
You cannot delete computer, but can hide them, which actually equivalent of deleting.

Ratz thanks for the info on the other thread. However I will still lay out my ideas here as this is the feedback thread.
To start I want to say I first evaluated ESM 1.3 and when I went to purchase 1.4 had just been released and I upgraded before I deployed. Now I just upgraded to 1.5 this past Monday 4/19.

I no longer receive the DNS named changed alert, this is a plus
The “Database updating: The virus signature database is up-to-date” alert now comes across as information instead of a warning. This is another plus

I had a previous issue where the esm console thought a task was still executing (for months) and held up similar tasks because esm thought it was still executing. This was resolved in this release as far as I can tell another plus

The ability to switch to local mode looks to be promising now only if the user could start a scan while in remote administration mode.

A few things I would like to see…

The ability to move and delete computers. As I stated in my last post my ad was changing very frequently then and I had many computers in a generic ou now identified and put in the proper ou, but esm will not update their location in the tree.

Also I have a large project this summer of decommissioning some old machines and installing new ones, this once again will change AD and I would like to delete those old machines.

The ability to have the response to an application to update a central configuration file and then deployed to everyone. When I rolled this out in November I skipped the firewall and defense+ for the time because of all the alerts it generates. I can get most of the configuration done on one machine and deploy that but there is always something missing. So say

Allow
Allow (for all computers)
Block
Block (for all computers)
Etc

Currently I am attempting to set a good configuration for defense+ and firewall. I enable this for a few test machines answer the alerts, discover that config and deploy again.
Doing this is confusing just in my test of ten machines I opened or saved the wrong config and lost some responses. If I get a new application or decided to make changes to firewall rules and deploy I lose all responses for that machines.

Keep up the good work guys a great product overall

As far as you can see we try to make ESM better according to customer feedbacks.
We are working on most of your suggestions, so let’s move on together - to the next release.

A few things I would like to see…

1. From the Overview/Status area, if it shows infected systems, the ability to click that to automatically see a list of the systems reporting infections, and if possible, what infection for each.

2. The ability to interact with one aspect of configuration for a given system. The menu options are there, but do not appear to do anything. At present, we have to click “Custom” which pulls up the full profile.

3. The ability to run a scan on a given system from right-click on that system, and see some progress indicator. At present, the option to scan is there, but nothing appears to happen when clicked.

4. When viewing endpoint configuration (in order to interact with and change settings) I would like to see it as seen from local administration/system side. There are options available from the system side that are not from within CESM.

5. This applies to CIS (both in CESM and end-user version) regarding the Sandbox. CIS does not appear to “remember” that we tell it to run an application outside the Sandbox (responding to the popup); it will generate a popup every single time the application launches.

6. As a note, there is still some “glitch” with Agent on the endpoints. Sometimes it won’t start properly when a user boots their computer, and so the endpoint cannot be managed/interacted with, even though Agent and CIS are installed. I think it may be tied to Limited User accounts and the service starting, but I cannot state that conclusively (at this point it is just a hunch).

Thank you for building in the local administration mode; that is extremely useful for us, and thanks for continuing to improve the product.

LM

Thanks for your feedback.
You are welcome.

Hello at all . Many thanks for your indications Little Mac Kind regards

I wanted to get some real CESM-user feedback from this idea that I posted about a few weeks ago in the “Which product do you want Comodo to develop next” category, but didn’t getting any biters, so I am re-suggesting it here.

The objective I am trying to accomplish is get my remote off-network computers that are out there in the wild (non-domain laptops using Sprint cards) to be completely managed on the CESM console.

Here is the pseudo-plan for Comodo, but I am not sure if we can accomplish this ourselves:
We can create a split-tunnel VPN into our network and lock it down for authenticated access; having the ports open only for the CESM console, it seems like the ability to maintain/administrate the CIS product on the endpoint would be very effective at securing the endpoint itself AND the (typically very unsafe) split-tunnel connection to our corporate network.

I can visualize the end-product, but don’t have the knowledge to bring the project together. How I see it now, would simply be a modified Comodo Trustconnect which uses OpenVPN. Configure the client to connect to our network, but only allow CESM agent traffic, which is on ports 9900 and 9001, I believe. It would be absolutely perfect to gain the ability to have the off-network computer be domain computers as this would add another layer of security and central management of network computers. The big problem with a standard VPN connection is the inability for us to pipe all web traffic back in to our network from a couple hundred off-network laptops. The connection speed of Sprint cards can be an issue also… Trying to pipe in their (already relatively slow) web traffic back to our central office is probably not feasable.

Perhaps a standard VPN connection and a custom Comodo Firewall configuration would work instead. After discussing this entire “off-network PC support with CESM” with a colleage today, I think it may be a lot easier than I am making it seem.

Here was my original post that may give more detail:
https://forums.comodo.com/which-product-do-you-want-comodo-to-develop-next/which-product-to-develop-next-t125.0.html;msg456962#msg456962

Let me know if you all have any ideas.

Thanks!

mug

Thanks for your suggestions.
We appreciate your attention.