Is there a way to create an offline deployment package that would install the Agent, Antivirus, attach it to the ESM server, and assigned to the proper group all silently to the end user?
Nothing like that currently exists, but it is a feature we are looking at. For now, you could deploy 2 packages, one with the CIS 5.9 msi itself, then deploy the downloaded Agent, and endpoints will connect to the Unassigned group. From there you can move them to specified groups.
I think I understand what your saying. If I push the agent only to all the machines, then ask the users to install the CIS themselves at their leisure, I’ll be able to see in the admin console the computers coming online after the CIS install and move them to the appropriate groups. Is this correct?
I tried the above but it doesn’t seem to work.
First I pushed the Agent to a new machine.
Then I installed the CIS on the client machine manually.
But it seems the ESM never detects that the CIS was installed.
Should it? Am I missing a step?
If you do it in the reverse as I described (first CIS then Agent) it will work.
That would mean the users would be running with the CIS defaults as opposed to the defined profile until an agent is manually deployed to them and attached to the ESM. I guess it looks like it’ll be a one by one pc install. It would be nice if you guys came up with a standalone installation process for CIS installs that would automatically connect to the ESM. Thanks.
not sure if this is what you need, but try
export this key value from the managed computer
HKEY_LOCAL_MACHINE \ SYSTEM \ Software \ COMODO \ Firewall Pro \ Options
You can then use this reg file as part of the off-line installation
Looks like that was the trick.
- Export that registry value.
- Push Agent to all machines from ESM.
- On clients run exported reg file FIRST.
- Install CIS.
- Reboot after CIS install.
After the reboot the CIS will automatically be hooked to the ESM and be updated with the policies.
Could you provide some additional information to help us solve the problem?
- What OS type was your endpoint?
- Which versions were CIS and ESM?
- What was the type of CIS you have installed (standalone or not)?
- Did endpoint machine reboot after CIS installation?
Thanks for your answers in advance!
We are glad to inform you that the feature you were asking about some time ago is now available in the latest beta version, which was released yesterday. By using new updates manager you’ll be able to choose a CIS package you like to embed into ESM Agent installation and download it.
Please visit this link with the announcement for more details: https://forums.comodo.com/endpoint-security-manager-20-business-edition/endpoint-security-manager-business-edition-21-beta-released-t83315.0.html
We will be glad to hear your feedback about this feature particularly and the new version of the product in general.