New ESM 1.5.1 has been issued

Hi guys,

I’m glad to inform you we have just released new CESM 1.5.1

Comodo ESM x86/x64 installation package:
Size: 24M (25527808)
SHA1: 57b8070a116de3e1696040a556294d301309688f
MD5: be57a250a5c3649022a49699c603ab67

Comodo ESM agent and CIS installation package for offline setup on endpoints:
Size: 90M (94075392)
SHA1: 861c287285f7ba50e18076bf24105289cc42f82a
MD5: 6b782b1563244c2489d1afb33f9ecd94

Comodo Internet Security x64 for Comodo ESM installation package:
Size: 43M (45275136)
SHA1: 831d63c92b12c24c87d01bfb0d4a0f3958142293
MD5: eb558ed09c9b3e5a0501db1020dddd87

Comodo Internet Security x86 for Comodo ESM installation package:
Size: 42M (43564544)
SHA1: dd8e6c6223bfc5c41e7b3e1657bcd8ca29554dc8
MD5: 058561bc17d19d9348a5cb275c4fcc85

Comodo Offline Updater
Size: 2M (2283008)
SHA1: e6bd6f16480bbe46332c4d38365398a675517363
MD5: 0a3d51906b31c38690081aebdfcc7941

Upgrade procedure:
Size: 139K (142848)
SHA1: db5ce3c563b46bded7e9345c0e1d9bccd3f70629
MD5: 58d528bd025db5d4a2deb66bf689e7e0

New features for this release:

  1. LivePC setup is integrated into CESM setup.
  2. New Comodo Offline Updater release.

Improvements in this release:

  1. Warranty improvements.
  2. Stability improvements.

For any bugs please mention detailed description with environment and steps to reproduce, snapshots etc. We encourage users to try our new version and share any feedback!

Comodo Offline Updater with Support for CIS 4.0
That’s a product everybody were waiting for.

Compare with previous Offline Updater and you will be surprised.

excellent work guys!

keep it up!


An odd bug was in the last release and this one when installing cis
When you click Tools > Install Products cis will install normally.
When you right click a node and select install > package (in my case 4.0.143855.850_x86) it does not install firewall, only AV D+
Predefined configurations
I have not looked at the documentation yet but I do not see a difference in “Internet Security” and “Endpoint Security”
The endpoint security profile applies successfully though
The antivirus profile does not work yet
As etaftm and I talked about before the global firewall rules don’t appear to work.

  1. Apply endpoint profile
  2. Add network as zone
  3. Add global rule allow ip from zone to zone port any
  4. Move new rule to top
    Attempt to use remote desktop and then system and svchost ask permission to receive connections.
    That may be by design I don’t know, most likely I will disable the firewall and stick to AV and D+

I have only been working with this version for about an hour this morning, I will let you know more as I work with it.

This is “by design” behavior.

I am downloading and installing the 1.5.1 today. Hopefully can do some testing and post issues or improvements.

You can obtain detailed description of upgrade procedure in file:

If you will have additional questions regarding upgrade procedure please specify details of you environment (old RM CIS version, endpoints OS)

Here is a issue I have been running across on the installation of CIS to a remote machine. When it finishes the install and restarts, in order to send a config to that machine a user have to login to the machine or it gives an error. That’s a problem because the install activates AV / D+ / FW which causes me to not be able to connect to that machine via remote desktop or gencontrol.

Another issue is I can’t seem to get the offline installer agent to connect to the CESM.

Also, has anyone got the remote desktop feature in CESM to work? Mine never connects.

If your computer is green in esm it mean that agent already connected to ESM.
But you cannot apply CIS config when endpoint logged off because of CIS limitation.

It should be configured properly according to help.

RDP should be enabled on remote endpoint. If it is disabled on remote endpoint you cannot use it through ESM.

The problem is after a remote install of CIS, it starts up with everything on. I am unable to remote to the pc to login to pass the config. I would request that when we push CIS that it is auto set to disable on everything. The current method defeats the whole purpose of remote installs if a users is not around to login.

etaftm, you can build an install cfg file that will be disabled. However, you don’t have to remote in to the PC to check the config. Once you have pushed out the Agent to a Managed system, and subsequently installed the CIS package, you can right-click the system (which should be green now), go to Internet Security / Configuration / Custom and adjust settings to your heart’s content. Once you click OK/Apply at the bottom, it’s done for that system.



I’m not sure exactly how to preconfigure the installer, but I am sure it can be done, to preset certain rules. Down inside Program Files for Comodo, in Packages, you will find a setup.ini file.

The first section has info about your CESM, IP addy, port, key, etc. Then there’s config info for your installers, looking something like this:

Arguments=INSTALLFIREWALL=1 INSTALLANTIVIRUS=1 PREDEFINEDPROFILE=4eefaf48-5136-4576-ba26-6242da61f70b
Arguments=INSTALLFIREWALL=1 INSTALLANTIVIRUS=1 PREDEFINEDPROFILE=4eefaf48-5136-4576-ba26-6242da61f70b

It’s that “PREDEFINEDPROFILE=” bit that you’d be interested in. I saw something in the instructions or manual for it, about doing that, but didn’t pay too much attention to it yet. I was too excited about the ability to update the config directly from the system’s icon in the tree… :wink:


The following message is what I get if I don’t login to push a config… Insufficient system resources exist to complete the requested service.

If I can’t remote the machine to login I can’t set the config.

The only option it seems is to having everything disabled in the install.

Also, something I just noticed in the custom config is My Trusted Software Vendors. Why is that not in the Set Config?

CIS does not disable all after install.
Try our Product Installation Wizard - it install CIS and apply configuration after installation.

Is you computer green if ESM Console after CIS install?
If so, that means ESM Agent can connect to ESM Server, so CIS does not block all.

Insufficient system resources exist to complete the requested service. - this message was in all previous version of ESM/CIS. This is CIS limitation at the present time. It will be fixed in later version of CIS.

I don’t think the CIS is liking the CIS Config. I am still getting alerts for Sandbox and Firewall even though the config disables both. I just got a message on my machine saying the Firewall detected a new network, what to do. Also in the CESM I am getting message from users about applications wanting to run in sandbox.


By default settings, any “unknown” apps will automatically be run in the Sandbox, so you will see those kinds of alerts. The Sandbox does appear to have some issues, such as that it doesn’t “remember” when apps are specified to NOT run inside the Sandbox, which will generate a lot of alerts.

Depending on the end-user and the applications they are running, it probably will not matter that applications are sandboxed, nor that the alerts are not responded to from the console, since CIS won’t remember the settings anyway (until that bit is fixed).

The new network alerts will also occur, and from the CESM side, I am not sure how to turn those off (only able to do so from local side, not server, and these one-off settings from Local mode do not seem to perpetuate to the console). If you have VMWare on the endpoint, you will constantly get those. In general, they should not be a problem unless you need to make the endpoint completely visible to other systems on the network. In that case it is probably best to set a Trusted Zone for the endpoints in question.



The only reason I am concerned is I work with software engineers. I don’t want CIS automatically throwing their programs into sandbox because it doesn’t recognize it. I thought the Disable feature turned off the Sandbox completely.

Also, I still cannot get the offline to find the CESM. There needs to be a option during the install to find CESM server.

And I never got a response on why the My Trusted Vendors isn’t in the CIS config. If you do a custom config on a user it automatically places all the trusted vendors into the config. I would hate to have to type all that into the Trusted Config.

I hate to be a pain here. I know everything works like a charm in a test lab, but not in the real world. I am hoping by asking the questions can make the product better for others.

Thanks for all the help…

Sorry I don’t have all the answers for you, etaftm; some of the devs or other users who have done what you’re trying to do will need to provide some more detailed assistance there.

As far as your software engineers, I understand the need to not have apps sandboxed… You would think the “disable” would take care of it, but that may not be the case. I can’t recall off the top of my head, and don’t have CESM open at the moment, so I don’t know if you can do this from CESM or if only from the endpoint (Local admin mode), but I think that prior to Disabling Sandbox, you will want to uncheck the box so that it won’t “Automatically run unrecognized programs inside the sandbox”. Then Disable.

Not sure what you are referring to with the offline systems finding the CESM server during install. When you install the Agent, which is the first part of installing CIS on an endpoint, that Agent automatically connects to CESM, and should do so with every reboot (although I have seen some issues there from time to time, which I think may be related to limited user accounts but am not 100% certain of that). I’m not sure how that factors in if you are trying to do custom install w/custom config file. I noted that one time I tried a local install with the extracted package (which has a config file created by my CESM, for default settings), and it could not communicate with CESM afterwards; for some reason, CESM said the Agent was trying to communicate to a different CESM server, even though the details in the config file seemed to be correct. There may be an issue there as well.


I was under the impression the offline install can setup the agent and cis/cde. How does the agent talk back to the CESM server? I thought with the offline install I could install on machine that did not want to work with the remote install. For example: I have a machine or remote user that is either having a issue with remote install of agent or off the network at the time. I install the CESM Offline install. It installs the agent / CIS / CDE. How does that agent talk back to the CESM? I ran across this today with a machine that didn’t take the agent install from CESM. I install the offline package with agent. This leads to something else I was talking about. The CIS starting up Firewall / Defense / AV / Sandbox. I did this offline install remote and it automatically restarted the machine before I could manually turn off the firewall and defense. Now I can’t connect to that machine at all because the firewall is blocking me. Now… if that offline agent was able to connect back to the CESM I could atleast get back into the machine either uninstall the CIS or remote.

I hope that makes sense.

Thanks again for the replies.

So you run offline agent installer through RDP on the remote computer?