Tags
autoruns Proxy servers fallback flag Inactive discovered devices SNMP Apple Device Enrollment Program set up service explorer manually deploy Comodo EDR agent parent process multiple ticket selection selected tickets security events folder transfer discoveries network management remote folder TLS TLS1.2 pci dss pci compliance ITarian Portal Endpoint Manager vdi environment vdi clone environment instant clone documentation vendor notice security dashboard events resolution remote tool partner onboard itarian unknown file hunter TLS Encryption procedure parameters pass profiles history performance metrics real time remote endpoints download browse Subscriptions service URL Security Components system Global Software Inventory 2 minutes Integrate intagrate Active Directory Portable Interception SSL enable reporting Rule Threat Protection Rule Advance spam Customize archived outgoing incoming administrator validate domains add Antispam type PCI data loss Location Network information start software session extensions appoinments resource connection computers Comodo Rescue Disk infected opportunity opportunities custom relationship management quote COMODO-CRM protect mac device email notifications registry COM Quarantined point system restore msi contained applications processes security client events Release date department registration particular os section Two Factor Authentication Login interface dashboard report generate Direct Download Link One drive Google drive HIPS mode cleanup automatic suspicious suspicious certificates shellcode injection detect Elevated Access system user access default charging groups move current malware list store push IP address ip installer acronis auto-remediation server machine icon Product Logos Rebrand backup Device Control data Chromoting WebRTC ports Protocol skip offline manual time entries ticket assignee Help Guide Tour schedule Reschedule appointment unknown application protection virtual desktop Local Verdict server manage calculation cost configuration charging SD contract prepaid hours products classification inventory analyze Device list OS patches global search bar Tool bar Windows Defender Security Center file group white Citrix record SPF work billable time onsite email template template variables emails Gmail SMTP disable Add collaborators admin action Audit logs feature requests submit vote remotely Reset proxy swg secure web gateway dome error disk ticket detail page thread section tickets section internal notes Sub-help topic help topic features Application control white_list Patch Management child parent scheduled customized get to headers columns company restrict customer technician remote access list iOS devices field Reports iOS device APN Certificate MAC OS X options Linux block Comodo Client Communication (CCC) allow Comodo Client Security (CCS) network zones active component tray icon hide show packages additional install block port baseline installation package bulk implement restrict firewall endpoints security and communication global export virus import Database folders files define exclusions change staff admin rating check reassign assign permissions new role create for user of device enroll associated use how profile specific Removing Devices Uninstall windows profile Configuration templates latest version clients comodo file ratings monitoring script procedure custom All Devices Ratings Track widgets Agent valkyrie malware files Kill chain report automated establishing endpoint remote session Users prevent Android organization windows assets Mac OS billing identified threats Sort Closed inside Program executed containment service desk remote control Locally runs update scan antivirus SLA Business Hours control CCS Password access Client Auto Specific Device Response Application Third party Status View Logs intended devices alert fails Company Information Configure Verdict Patch Procedures Executable Comodo Internet Security ITSM Analysis Command Line Heuristic Filter Unrecognized Trusted File Rate Malicious Purge Calendar Device Exclusion USB Admin Panel Settings ticket Default system-wide Specific Path Details Monitor Multi Set Currency Connected Who Quick Actions Comparison Version Enterprise Managed Service Provider C1 Portal Remote management Comodo Remote Control ticket management staff panel assign tickets
More

How to configure antivirus settings in a Mac OS profile

Release Time
06/10/2018
Views
548 times
Category
profiles
Tags

  • The antivirus section of a profile lets you control how the virus scanner in CCS operates on managed Mac devices. There are two main sections:
     
    • Preferences – Configure general CCS settings, update server, password protection, and log settings.
       
    • Antivirus – Has three sub-sections:
       
      • Scanner Settings – Configure options for real-time, manual and scheduled scans. Choose files you want to exclude from scans.
         
      • Scan Profiles – Scan profiles tell CCS which items to scan. You can pick a full or quick scan, or create a custom profile to scan specific areas. Once saved, you can apply a scan profile to any scheduled scan.
         
      • Scheduled Scans - Choose when you want the scan profile to run on managed devices.
         
  • It is essential to add an antivirus section to a profile if you want virus scans on your endpoints. 

Process in brief

  • Log into ITarian
     
  • Click ‘Applications’ > ‘Endpoint Manager’
     
  • Click 'Configuration Templates' > 'Profiles'
     
  • Open the MAC profile you want to work on.
     
    • You can clone a ‘default’ profile then modify it if you haven’t created any profiles.
       
  • Open the 'Antivirus' tab if it has already been added to the profile
     

OR

  • Click 'Add Profile Section' > 'Antivirus' if it hasn't been added
     
  • Configure the 'Preferences' and 'Antivirus' settings as required
     
  • Click 'Save' for your settings to take effect

Process in detail

  • Log into ITarian
     
  • Click ‘Applications’ > ‘Endpoint Manager’.
     
  • Click 'Configuration Templates' > 'Profiles'
     
  • Open the MAC profile you want to work on.
     
    • You can clone a ‘default’ profile then modify it if you haven’t yet created a profile.
       
  • Open the 'Antivirus' tab and click 'Edit'
     

OR

  • Click 'Add Profile Section' > 'Antivirus' if it hasn't yet been added




 

There are two tabs you can configure in an AV profile:

  • Preferences - General CCS settings, updates, parental control and logs
     
  • Antivirus - Settings for all scan types. Create custom scan profiles and scheduled scans.

Preferences


General Settings



 

  • Automatically check for program updates - CCS checks for program updates every 24 hours AND every time users start their computers. If updates are found, they are automatically downloaded and installed. (Default = Enabled).
     
  • Show balloon messages – CCS can generate notifications when it is learning the activity of previously unknown components of trusted applications.  The balloon messages appear in the bottom-right hand corner of the computer screen - just above the tray icons.  (Default = Disabled).

Update Settings

  • The updates tab lets you specify an alternate host from which endpoints should download updates. By default, updates are downloaded from https://download.comodo.com



 

  • You can add the URL of a different download host if required. For example, you may want to distribute the updates from a local server to conserve bandwidth.
     
  • Click 'Add':



 

  • Enter the URL / IP address of the host from which endpoints should collect antivirus updates. This can be a local, staging server that you have designated as your distribution server.
     
  • Select the 'Enable' to activate the host
     
  • Click 'OK' to apply your changes
     
  • Repeat the process to add more hosts. Endpoints will download from the first server that has the update available. They will contact the next server in the list if the first server does not have the update, and so on.

Parental Control

  • Parental control lets you password protect the CCS settings area on your endpoints. End-users will need to provide the password before they can access CCS settings. This prevents inexperienced users from making changes which could compromise the endpoint.




     
    • Enable password protection for the settings - Activates password protection for all important CCS settings. Specify the password in the 'Password' field.
       
    • Suppress Antivirus alerts if password protection is enabled - If selected, threats on the device are automatically blocked but no alert is shown to the end-user. This avoids situations where a user might click 'Allow' just to make an alert go away.

Logging



 

By default, CCS logs all virus events that occur on an endpoint. Users can view the log at ‘Antivirus Tasks’ > 'View Antivirus Events'.

  • Write to local log database (COMODO format) - Deselect if you don't want CCS to store logs locally.

Antivirus

  • Open the ‘Antivirus’ section of a profile as explained above
     
  • Click the 'Antivirus' tab
     
  • The antivirus tab has three sections:
     
    • Scanner Settings - Configure settings that apply to real-time/manual/scheduled scans, and specify items to be excluded from virus scans.
       
    • Scan Profiles - A scan profile tells CCS which files, folders, and drives should be included in the scan. You can use a scan profile in a manual/on-demand scan, or add it to a schedule. This area lists all existing profiles and lets you create new profiles.
       
    • Scheduled Scans - Choose when you want the scan profile to run on managed devices.

Scanner Settings

The scanner settings area has four sections:

Realtime Scanning


 

  • Real time scanning
     
    • Disabled - Real-time protection is switched off. Files are allowed to run without being checked for threats.
       
    • On Access - Real-time protection is enabled. The scanner constantly monitors background processes for threats and checks files whenever they are created, opened or copied. Threats are detected before they get a chance to execute (Default)
       
    • Do not scan files larger than (MB) - The maximum file size that the antivirus should attempt to scan. CCS will not scan files larger than the size specified here. (Default = 20 MB)
       
    • Keep an alert on the screen for (seconds) - How long threat notifications should stay on-screen if not dismissed by the end-user. (Default = 120 seconds)
       
    • Automatically quarantine threats found during scanning – Any discovered threats are moved to a secure holding area where they can cause no harm. You can review quarantined items and delete, ignore or restore them. (Default = Enabled)
       
    • Automatically update virus database - CCS will download any available updates at system start-up, and subsequently at regular intervals. (Default = Enabled).
       
    • Realtime scanning of files on network - Activate or deactivate automatic scans of files on network drives.
       
      • Enabled - CCS scans every file a user interacts with on a network drive, even if the file is not copied to the local machine.
         
      • Disabled - Files on network drives are not scanned when a user interacts with them. This can save time by eliminating needless scans on write-protected files. If an endpoint doesn’t have the rights to delete/quarantine network files anyway, then there is little reason to scan them at this point. The file will still get scanned if it is copied to the local machine.

             (Default = Enabled)

Manual Scanning

  • A manual scan is one you run 'on-demand' on specific files, folder or drives.
     
  • Do not scan files large than (MB) - The maximum file size that the antivirus should attempt to scan. CCS will not scan files larger than the size specified here. (Default = 20 MB)
     
  • Scan archive files - CCS scans archive files such as .ZIP and .RAR files.  (Default = Enabled).
     
  • Automatically quarantine threats found during scanning - Any discovered threats are moved to a secure holding area where they can cause no harm. You can review quarantined items and delete, ignore or restore them. (Default = Enabled)
     
  • Automatically update virus database before scanning - CCS will download any available updates at system start-up, and subsequently at regular intervals.
     

Scheduled Scanning



 

The preferences for scheduled scans are similar to manual scans as explained above, except:

  • Show scanning progress - End-users will see a scan progress bar when the scan is running. (Default = Enabled)

Exclusions

  • The 'Exclusions' tab lets you specify files and folders that should be ignored by the antivirus scanner.
     
  • Any item you exclude will be skipped by ALL types of scan - real-time, on-demand and scheduled.



     
  • Click 'Add'




     
  • Enter the full path of the item you want to exclude then click 'OK'.
     
  • Repeat the process to exclude more items.

Scan Profiles

  • Scan profiles tell CCS which files, folders or drives to scan on a device
     
  • CCS ships with two default profiles – 'Full Scan' and 'Quick Scan'
     
  • You can also create custom profiles which consist of specific items
     
  • Any profiles you create here can be added to a scheduled scan



     

    Create a scan profile

  • Click 'Add'




     
  • Enter a label for the scan profile
     
  • Click 'Add' to specify the item you want to scan. This can be a folder, drive, file or area



     
  • Enter the path of the item you want to scan then click 'Ok'
     
  • The path will be added to the profile as follows:



     
  • Repeat the process to add more paths
     
  • Click 'Ok'

The profile will be added to the list and can be selected as part of a scheduled scan.



 

Scheduled Scans

  • The highly customizable scheduler lets you set up recurring scans on managed devices. CCS scans the items in the scan profile at the times you specify in the schedule.
     
  • You can create multiple schedules to take advantage of different scan profiles.




     
  • Click 'Add' to create a new scheduled scan



     
  • Name - Label of the schedule. Pick something that describes the frequency and target of the schedule. For example, ‘Daily scan of the apps folder’, or ‘Weekly scan of sales team laptops’.
     
  • Profile - Choose the pre-defined or custom scan profile you want to use in this scheduled scan. All profiles listed in the 'Scan Profiles' tab will be available in the drop-down.
     
  • Day of week - Select the days of the week on which the scan should run.
     
  • Time - The time the scan should start.

Click 'OK'



 

  • Repeat the process to add more scan schedules
     
  • Click 'Save' to apply the schedule to your configuration profile.