System information

Comodo Endpoint Security Manager - SME - Administrator Guide
Groups - ESM allows computer groups to be created as required by the structure of the corporate organization. Once groups
have been created sorting the computers in the network, admins can run tasks (such as applying security policy, running AV
scans and deploying agents) as required for specific groups.
Policy - A policy is the security configuration of Comodo Internet Security (CIS) deployed on an endpoint or a group of
endpoints. Each policy determines the antivirus settings, Internet access rights, firewall traffic filtering rules, sandbox
configuration and Defense+ application control settings for an endpoint. For creating new policies, the administrator has to
configure CIS at an endpoint in local mode and then import it as a policy into ESM. The imported policy can be applied to
computer groups or individual endpoints as required. Although ESM cannot apply policy or run tasks like AV scans on an
endpoint that is in 'local administration' mode, it can still fetch data from such machines for generating real time reports.
Local Mode - When an endpoint is in ‘Local Mode’, CIS settings are considered as being locally administered and ESM will not
enforce (although it will continue to report on) policy compliance (the endpoint will continue to use the security configuration
already in effect on that machine). Administrators should enable ‘Local Mode’ (or apply the ‘Locally Configured’ policy) and leave
it in this mode while editing policy on the local machine using the endpoint's CIS interface. If returned to 'Remote Mode', ESM
will automatically re-apply assigned policy overwriting administrator's change. While in ‘Local Mode’, the endpoint will continue
to report connectivity and virus outbreak details.
Remote Mode - ESM can apply a security policy and can run tasks like AV scans and database updates only if CIS in an
endpoint is maintained in Remote Management Mode (i.e., it is being remotely administered through ESM).
Unassigned Group - The 'Unassigned' group is the default computer group in ESM. Any target computer, imported into ESM by
installing the agent automatically through the ESM admin console or manually, will be first placed in the 'Unassigned' group and
will be assigned the 'Locally Configured' Policy. The administrator can create new groups as required and import computers into
those groups from the 'Unassigned' group.
'Locally Configured' Policy - 'Locally Configured' is a security policy that allows CIS settings to be changed by the local user
without being monitored for compliance with settings policy.
Reports - ESM allows the administrators to generate highly informative, real-time and active graphical summaries of the security
and status of managed endpoints. Each type of report is fully customizable and can be ordered for anything from a single
machine right up to the entire managed environment.
Next:
Best Practices
Quick Start Guide
1.5.Best Practices
1. In ESM, security policies should be applied to 'groups' of computers rather than individual endpoints. So the
administrator should first create computer groups that mirror their organization from the administrative console, before
importing policy. See Creating Endpoint Groups for explanation on creating new groups.
2. It is recommended to maintain the default group 'Unassigned' with the policy 'Locally Configured' until all the required
endpoints in the network are imported. This will prevent ESM from overwriting existing CIS security settings on a new
endpoint at the instant it becomes managed after deploying the agent.
3. Policy is implemented in a typical PC environment 'imaging' strategy - just as a PC is 'imaged' for replicating it to
others. A policy can be created or edited at an endpoint and tested to ensure it works as required before creating an
image. The image can then be imposed on other endpoints. The purpose of the administrative console is to alert,
centrally deploy software and enforce policy.
4. If the policy of a remote computer is to be changed, it can be pushed to a special test/imaging PC or any nearby PC.
The CIS on the test/imaging computer can be set to local administration mode in order to edit its configuration. The
configuration can be then and imported as a new policy for application to remote computers. If needed the
test/imaging computer can be reverted to its original policy.
5. An endpoint serving as a test/imaging computer can be left in 'Local Administration Mode' so that administrators can
easily use it to create/modify and import new policies. Even if the PC has an assigned policy other than 'Locally
Configured', the endpoint will not be overwritten with policy from the ESM console until it is returned to remote
management mode (even if the PC reboots).
6. Regardless of whether the agent and CIS are installed automatically from the administrative console or manually at
the endpoints using the 'Manage this Endpoint' feature of CIS 2012 or offline deployment, they should be updated
only through ESM.
Endpoint Security Manager - SME Administrator Guide | © 2013 Comodo Security Solutions Inc. | All rights reserved 17