New ESM 1.5.1 has been issued

That particular case yes. I also tried sitting in front of the pc and it never finds CESM.

That’s what I found on the one I tried to install that way - I used offline install package of Agent and CIS when sitting in front of the user machine. After reboot, I could not connect to machine from CESM console. Even though the config fig in the install package had the correct (seemingly) info for CESM server - IP, Name, etc - the Agent was attempting to connect to (per CESM) some other server. Didn’t understand it.

Fortunately, I was able to uninstall locally and push the agent across the network from CESM; then everything was okay.


Well, Guys.

Let’s clear this issue.

ESM at the present time propose 3 way to install agent:

  1. Using Remote installation (more convenient, but less reliable)
  2. Using Manual Agent installation (It mean, that you use Tools → Create Agent installation package).

This package can be run manually on the remote computer. I would not recommend to use RDP for this purpose, because CIS breaks network connection during installation, while being installing network drivers for Firewall.

  1. Off-line package which can be downloaded from web:

To use correctly the last one You have add parameters.

The setup file 'CESM_Endpoint_Setup_.exe', has to be run via a command line with the following additional parameters:

/host=hostname - where ‘hostname’ is the name of the host upon which CESM has been installed. This can be in the form of a hostname or IP address.

/port=portnumber - where ‘portnumber’ is the agent port that was configured when CESM was originally set up. If the administrator accepted the default of 9001 during CESM setup then they can omit this parameter if they choose.

For example:

“C:\Documents and Settings\Username\Desktop\CESM_Endpoint_Setup_1.5.4747.11689.exe” /host=CESMhostname /port=9001


“C:\Documents and Settings\Username\Desktop\CESM_Endpoint_Setup_1.5.4747.11689.exe” /host=168.456.567.1 /port=9001

Note: Agent should be able to resolve hostname of the ESM Server. Agent connection port should be opened.

After agent installation, if computer is not present in the computer tree, request appears. You have accept request from remote agent to add the remote computer to the tree.

Computer automatically became managed and online if the are no license restrictions (i.e. if number of currently managed computers less then allowed according by license and it is possible to manage one more)

I haven’t tried to create a agent package. I used the offline package. It doesn’t work. I’m sorry, but I manage machines outside of my office so I have to be able to use RDP. The only way I see to get around it is to have the firewall disabled on install.

You have to understand that all companies will be different. One company may be fine with CESM in it’s current state. That company may have all machines in one location using desktops. Other companies like myself manage several branch offices with every users having a laptop. It makes it a bit more difficult. I must have the ability to install a piece of software remotely via the CESM or RDP(using offline package). The CESM doesn’t always work. There are times that I can take a new machine with no firewall or anything blocking connections and the CESM can’t seem to install the agent. In that case I have no choice, but to use the offline install. If that machine is not in front of me I have to be able to remote into that machine some how to do the install.

I appreciate you taking the time to work with us. I have been with CESM since beta and have seen the product come a long way. After working with other companies like CA and Symantec, I like your software much better. It’s a all in one solution not only for AV/FW/D+/CDE, but I see potiential in other aspects like inventory/asset management. If this solution works out I see it replacing my current system KBOX for inventory and monitoring pc’s. All in all I am behind the product 100% and hope to see it in more offices.

Thanks again,

Really appreciate your feedback.

Have a solution for you.

  1. Create manual agent installation package. Tools → Create Agent Installation package.
  2. Do not choose any products (you only need to make remote workstation online)
  3. Copy created folder to the remote share.
  4. Connect to remote computer via RDP.
  5. Copy created folder the remote computer.
  6. Run setup.exe.
  7. Process agent installation.

This seven “magic” steps will allow you to avoid unpleasant experience with CIS installation.
Then you can install CIS Remotely using Product installation wizard (Tools → Product installation wizard)

Thanks for you feedback one more time.

I will give that a shot and report back with the results.

Thanks for the support.

You are welcom

Sorry for the delay. I have been a bit busy with other big projects.

I did try your method of a remote install. I noticed that using the remote install adds the firewall feature, but the CESM doesn’t. I found it easier to just install the agent using your method and was able to have it connect to the CESM to push out the CIS. Thanks for that suggestion.

Other items on my list are as follow:

  • Local Admin- I love this feature. It’s one of the best feature you have added to the CESM package. I would like to request if possible to have the CIS only accept whatever password I set instead of both that and local admin of the PC. The reason behind that is the majority of my software engineers need to be local admins to create and run the software they create. I would like to be set a local admin with the CESM and have it disable the Local Admin feature.

  • If you right click on a user and create a Custom Config you get a My Trusted Software Vendors list with populated vendors. Why is this not in the Custom Config when you create a task?

  • I am having issues with the CESM not remembering when I select ignore / Accept / Treat as Trusted / etc. I have had several cases of the CIS blocking certain programs for example VNC and throwing up a flag in the CESM. I would then select perma ignore and it would come right back up for the same user.

  • This is more of a suggestion to rename the CIS - Set Update Host List back to what your document calls it or either update your document which is CIS - Set Update URL. I was a bit confused at first to set the URL to my offline update server.

  • I have a small issue of when it pulls computers from AD it does’t list them properly. It will pull a complete list of Computers under my domain and then it will have some computers in other list that are in different OU’s in AD. It doesn’t seem to place the computers in the correct OU’s. If I try to import OU only it doesn’t update them to my current AD’s OU computer setup.

-Suggestion for the Start Page. I would like to see an area that shows threats found. It has the Overall Endpoint Security pie chart that may say there 2 Infected, but what does that mean and what computers are infected? Half the time the infected are false positives, but still I would like to know so I can address the problem.

  • The schedule needs to have the ability to run the same task at intervals of Hours / Minutes. For examples I want to send out my config every hour. All my users are on laptops and are on and off the network so with the current setup I have to wait until I can catch them on the network to send a config if I make a change to it. Having the ability to setup a task to run say every 30 minutes to an hour will make the chances of a remote use that VPN’s to the network will get the updated config.

  • I think the CESM should show what machines have agents and what machines have CIS. Currently the only notifications we get are blue for managed and Green if they are online. It’s hard to tell if a blue actually has the agent and also if that computer has CIS installed.

  • This is kind of a wishlist item. It would be nice for Comodo to have a new section on the site with the latest Virus/Malware attack and what not. It would also be nice for that to be pushed out to the CESM for admins to check out what the latest threats are.

  • Another wishlist item: I am not sure if this is possible now, but I am not willing to try until I get an official response. Can CIS scan Microsoft Exchange databases or SQL? The CA we had came with an Exchange feature for e-mail virus protection.

This is all I have for the moment. I’m sure there are other items that I just can’t think of at the moment.

It mean that by default cis.msi installs without firewall.
But you can configure it with CESM. Just add installation parameters:
to installation sequence.

It will be implemented in later builds of CIS.

There are another (separate actions):

Discovery profile: CIS - Trusted Vendors - to discovery list of trusted vendors for some workstation.
CIS - Set Trusted Vendors - to set NEW list of trusted vendors.
CIS - Append to Trusted Vendors - add some new vendor(s) to exsisten list of trusted vendors.

I would recommend you to use the last one.

This may happen if request is expired.

This feature actually allow you to add several hosts - so if CIS could not get update form one host it checks another one. For example if user with Notebook would leave the office and connect to the Internet form home, he would receive AV updated not from your COU server, but from Comodo update server.

We will check this issue.
But in next CESM release this functionality will be improved.

Good idea.

You can check if CIS is installed on some computer with right click on it.
If CIS is not active in the menu it means that CIS is not installed.

Good idea.

Thanks for you feedback.

Just out of curiosity… When might we expect another release? I know you guys are working ■■■■■■■ the CESM and I don’t know about the rest of the users, but I appreciate it. It’s starting to come together real nice. Thanks for working with the customers and community to make this a better product.

Thanks again,


I think a big thank you goes to you too for working with us to improve the product! This was truly a team work with our users and developers working hand in hand!

thank you!


ESM console inform you about new CESM available immediately after official release.
We worry that our customers were informed about the available product updates.