Tags
analysis tool UFH check policy test policy Virtual Appliances DNS Resolver register invite graphs Dynamic IP Dome shield Integration O365 Comodo Office 365 removal tool CCS removal tool Comodo Secure Email Gateway subscriptions service Dome Antispam Valkyrie report info web Comodo SWG tutorial policy DLP PAC file iboss Bluecoat Websense Comodo Dome ICAP Dome Agent traffic URL C1 account SWG portal SSL Encrypted Traffic Dome Cloud enable widget chart endpoint dashboard file groups Rules exceptions Wi-Fi networks Wi-Fi setup security restrictions iCloud auto containment containment settings virtual file system sandbox environment client access control local configuration Comodo Client Security Rebranding Communication Client Rebranding security client re-brand Comodo Clients application rules global rules Portsets port sets Firewall ruleset rule set rulesets global proxy server global proxy antivirus settings Client Proxy remote control tool Firewall protection firewall settings configuration file export profile PowerShell VBS script Windows Standard Account Endpoint Manager Client Communication (EMCC) server security clients updates vulnerable security patches installed Client Communication Communication Client (CC) submission Communication Client tray icon script OS Patch Third Party Patch Installation Uninstallation Discovery additional package External Device Control external ITarian remote Windows device apps signed-in logged-in identify License wizard on-boarding local Comodo Client Security Mac devices Linux devices MSP customers EM profile Mac OS profile MAC OS X device user device configuration profile copy invoice enrollment Logging Settings SIEM tool external server Account Security mobile console EM device owners ownership remove MAC third party application remote uninstallation software inventory duplicate Name Master Image Golden Image Bulk Installation Package Windows Operating Systems summary information local time External IP address OS summary Devices list MDM profile iOS push certificate create APNs Apple account portal APN Apple Push Notification search bar filter options customer device group group membership managed device trust rating old duplicates removal device name MAC address MSP (Managed Service Provider) Versions Marketing & Sales Customer Relationship Management (CRM) Enroll New Device New Ticket quick actions bar release notes security status activity status profile status Sales funnel Secure Internet Gateway application launch Two factor Time zone Language Lockout time Change Password tokens device enrollment User Groups Manage Profiles User List Management customer report customer assessment customers End-User forms auto response attachments time entry address support User Directory scripts Knowledgebase canned Banlist announcements Hostname mail delivery CommandLine Power Shell PowerShell interface File Explorer Commands Interface Remote devices Remote Tools Paranoid Mode Training Mode Custom Ruleset Safe Mode The charging flow edit contracts Charging Flowchart Global Asset Rates Charging Plans Contracts charges calculated Remove role Edit a role staff interface Exclusions data loss prevention (DLP) network discoveries ITarian Remote Access Tool Tarian Remote Access Tool inactive devices Device removal settings Portal Set-up Malware File Name Security Sub-System communication client UI settings Communication Client Tray remove a department ticket submission configure department synchronize department submit ticket distributing Bandwidths client updates device management Bandwidth conservation malware activity virus scope autoruns Proxy servers fallback flag Inactive discovered devices SNMP Apple Device Enrollment Program set up service explorer manually deploy Comodo EDR agent parent process multiple ticket selection selected tickets security events folder transfer discoveries network management remote folder TLS TLS1.2 pci dss pci compliance ITarian Portal Endpoint Manager vdi environment vdi clone environment instant clone documentation vendor notice security dashboard events resolution remote tool partner onboard unknown file hunter TLS Encryption procedure parameters pass profiles history performance metrics real time remote endpoints download browse service URL Security Components system Global Software Inventory 2 minutes Integrate intagrate Active Directory Portable Interception SSL enable reporting Rule Threat Protection Rule Advance spam Customize archived outgoing incoming administrator validate domains add Antispam type PCI data loss Location Network information start software session extensions appoinments resource connection computers Comodo Rescue Disk infected opportunity opportunities custom relationship management quote COMODO-CRM protect mac device email notifications registry COM Quarantined point system restore msi contained applications processes security client events Release date department registration particular os section Two Factor Authentication Login interface dashboard report generate Direct Download Link One drive Google drive HIPS mode cleanup automatic suspicious suspicious certificates shellcode injection detect Elevated Access system user access default charging groups move current malware list store push IP address ip installer acronis auto-remediation server machine icon Product Logos rebrand backup Device Control data Chromoting WebRTC ports Protocol skip offline manual time entries ticket assignee Help Guide Tour schedule Reschedule appointment unknown application protection Virtual Desktop Local Verdict server manage calculation cost configuration charging SD contract prepaid hours products classification inventory analyze Device list OS patches global search bar Tool bar Windows Defender Security Center file group white Citrix record SPF work billable time onsite email template template variables emails Gmail SMTP disable Add collaborators admin action Audit logs feature requests submit vote remotely Reset proxy swg secure web gateway dome error disk ticket detail page thread section tickets section internal notes Sub-help topic help topic features Application control white_list Patch Management child parent scheduled customized get to headers columns company restrict customer technician remote access list iOS devices field Reports iOS device APN Certificate MAC OS X options Linux block Comodo Client Communication (CCC) allow Comodo Client Security (CCS) network zones active component tray icon hide show packages additional install block port baseline installation package bulk implement restrict firewall endpoints security and communication global export virus import Database folders files define exclusions change staff admin rating check reassign assign permissions new role create for user of device enroll associated use how profile specific Removing Devices Uninstall windows profile Configuration templates latest version clients comodo file ratings monitoring custom All Devices Ratings Track widgets Agent valkyrie malware files Kill chain report automated establishing endpoint remote session Users prevent Android organization windows assets Mac OS billing identified threats Sort Closed inside Program executed containment service desk remote control Locally runs update scan antivirus SLA Business Hours control CCS Password access Client Auto Specific Device Response Application Third party Status View Logs intended devices alert fails Company Information Configure Verdict Patch Procedures Executable Comodo Internet Security ITSM Analysis Command Line Heuristic Filter Unrecognized Trusted File Rate Malicious Purge Calendar Device Exclusion USB Admin Panel Settings ticket Default system-wide Specific Path Details Monitor Multi Set Currency Connected Who Quick Actions Comparison Version Enterprise Managed Service Provider C1 Portal Remote management Comodo Remote Control ticket management staff panel assign tickets
More

How to configure client updates in a Windows profile

Release Time
07/11/2019
Views
none

Click ‘Configuration Templates’ > ‘Profiles’ > open a Windows profile > Click ‘Add Profile Section’ > ‘Updates’

  • The updates section of a Windows profile lets you configure how and when managed devices should check for client updates.
     
  • Endpoint Manager uses two types of clients:
     
    • Communication Client (CC) - The communication client is an agent installed on your managed devices. It receives commands and tasks from Endpoint Manager and implements them on those devices. The client also informs the Endpoint Manager of the endpoint's status.
       
    • Comodo Client - Security (CCS) - This is the security software. CCS provides advanced endpoint protection such as antivirus, firewall, threat-containment, web-filtering, and more.
       
  • You can enable automatic updates, specify which version to install, choose update frequency, and enable local updates.
     
  • This article explains how to add and configure an 'Updates' section on a configuration profile.

Use the following links to jump to the task you need help with:

Add 'Updates' section to a profile

  • Login to ITarian
     
  •  Click 'Applications' > 'Endpoint Manager'
     
  • Click 'Configuration Templates' > 'Profiles'
     
  • Click the ‘Profiles’ tab
     
  • Open the Windows profile applied to your target devices
     
    • Open the 'Updates' tab

      OR
       
    • Click 'Add Profile Section' > 'Updates', if it hasn't yet been added


 

There are three tabs:

Update settings for the communication client (CC)

  • Open the 'Updates' section of a profile
     
  • Click the 'Communication Client' tab then 'Edit':



 

  • Enable auto-updating Communication Client - Forces the endpoint to check for and install CC program updates at the selected frequency. You can set the location of the download server in the 'Download Servers' tab. Deselect if you want to disable auto-updates
    .
    • You can also manually update clients by clicking 'Devices' > 'Device List' > select your target devices > Click 'Install or Update Packages' button.
       
    • See this help page if you want more assistance with manual updates. 
       
  • Use default Communication Client version - Choose whether or not to always update to the 'default' version.
     
    • Enabled - The client will always update to the default version (Default). Under normal conditions, the default version is the latest version.
       
    • Disabled - You choose the version to which the client updates. Make sure you choose a higher version than already installed.

Note 1. You can change the ‘default’ version in 'Settings' > 'Portal Set-up' > 'Client Settings' > 'Windows' > 'Comodo Client'.

Note 2. You can only change the version if 'Change version while updating' is enabled in 'Settings' > 'Portal Set-up' > 'Client Settings' > 'Windows' > 'Comodo Client'. If it is not enabled then the default version is automatically deployed.




 

See Global CC settings at the end of this page to read more.

  • Update Frequency - Choose how often CC should check for updates:
     
    • Daily (Default) - The client checks for updates every day at 6:00 am.
       
    • Daily (custom) - The client checks for updates every day at the time you specify
       
    • Weekly - Select the days and times that you want the client to check for updates
       
    • On selected days - Choose one or more days in a month to check for updates. For example, you might want to update on the first and third Wednesdays of every month.
       
    • Monthly - Select the date and time in a month to check for updates



 

  • Enable Communication Client to distribute updates to clients in the same network - Download updates to a managed endpoint, then use that endpoint as the source from which other endpoints collect their updates.

    This saves internet bandwidth and accelerates updates in large networks.

    If enabled, your endpoint clients will follow this process at update time:

    • The endpoint first checks other endpoints to see if the update is installed on them
       
    • If available, the client fetches the update from the local endpoint
       
    • If not available, the client downloads the update from the server set in the 'Download Servers' tab
       
    •  This endpoint then becomes the source from which other endpoints collect their updates.

      You can also choose the types of updates that use this mechanism:
       
    • Communication Client updates (Version 6.29 or higher)
       
    • Comodo Client Security updates (Version 11.4 or higher)
       
    • Antivirus Database updates (Version 11.4 or higher)



 

  • Select specific devices to be proxy for distributing packages - Choose specific devices from which endpoints should collect updates. If you do not enable this option then any device in the local network can act as a source.
     
    • Enter the names of the target devices in the field provided.
       
    • You can add multiple devices as sources. Endpoints will collect from the first source they find which has the update.



 

  • Enable Network traffic limitation - The maximum % of network bandwidth that can be used to share updates. (Default = 30%)
     
  • Enable device count limitation - The maximum number of devices with which the client is allowed to simultaneously share updates. (Default = 10, Maximum = 20).
     
  • Use download servers directly in case of any communication issue - If the endpoint cannot contact other endpoints it will instead collect the update from the server in the 'Download Servers' tab.
     
  • Click 'Save'.

The following table shows how clients will collect updates in different scenarios:

 

 

                                         Option

 

  Client fetches    update from:

     Enable   Communication Client to distribute ...

   Select specific devices to be proxy ...

  Use download servers directly in case ...

Scenario 1

      

  

           X

 

           X

 

Any local device which already has the update

Scenario 2

      

          

 

 

            X

Only from selected devices

Scenario 3

       

 

           X

 

           

 

1. Any device in the local network

2. Download servers

Scenario 4

     

          

        

1. Selected devices

2. Download servers

 

Update settings for the Comodo Client Security (CCS)

  • Open the 'Updates' section of a profile
     
  • Click the 'Comodo Client - Security' tab then 'Edit':



 

  • Enable auto-updating Comodo Client - Security - Forces the endpoint to check for and install CCS program updates at the selected frequency. You can set the location of the download server in the 'Download Servers' tab. Deselect if you want to disable auto-updates.
     
  • Use default Comodo Client - Security version - Choose whether or not to always update to the 'default' version.
     
    • Enabled = The client will always update to the default version (Default)
       
    • Disabled = You can choose the version to which the client updates. Make sure you choose a higher version than already installed. You cannot install a lower version than the current version.
       




 

Note 1. You can configure the default version in 'Settings' > 'Portal Set-up' > 'Client Settings' > 'Windows' > 'Comodo Client'. Under normal conditions, the default version is the latest version.

Note 2. You can only change the version if 'Change of version while updating' is enabled in 'Settings' > 'Portal Set-up' > 'Client Settings' > 'Windows' > 'Comodo Client - Security'.

  • Update Frequency - Choose how often CCS should check for updates. The available options are:
     
    • Daily (Default) - The client checks for updates every day at 6:00 am.
       
    • Daily (custom) - The client checks for updates every day at the time you specify
       
    • Weekly - Select the days and times that you want the client to check for updates
       
    • On selected days - Choose one or more days in a month to check for updates. For example, you might want to update on the first and third Wednesdays of every month.
       
    • Monthly - Select the date and time in a month to check for updates
       
  • Skip updates if the device is offline - Updates will not be installed if the endpoint is not connected to EM.
     
  • Reboot Options - Configure how the endpoint should restart after the update is installed:
     
    • Force the reboot in - Restart the end-point a certain period of time after installation. You can choose 5, 10, 15 or 30 minutes. Enter a message in the field provided to inform users about the reboot.
       
    • Suppress the reboot - Do not restart the machine after the updates. CCS will only become fully functional after the device is restarted.
       
    • Warn about the reboot and let users postpone it - Show an alert to the user which advises them that their computer needs to be restarted. Please type the message in the space provided.

The alert lets end-users restart the endpoint immediately or postpone the restart till later.

  • Virus database Updates - Choose when the endpoint should check for and download virus signature updates
     
    • Check for database update every - Specify how often CCS should check for and install virus updates.
       
    • Do not check for updates if running on battery - Only check for updates if the computer is connected to the mains supply. Useful for laptops and other battery-driven devices.
       
    • Check for updates during Windows Automatic Maintenance - CCS will check for virus updates when Windows enters maintenance mode. The check will run at maintenance time in addition to the configured schedule. Only applies to Windows 8 and later.
       
  • Click 'Save'.

Setup local download servers

The download servers tab lets you configure proxy servers from which endpoints should collect updates.

Local proxies can help save bandwidth and accelerate the update process when a large number of endpoints are involved.

You can configure different servers for Comodo Client Security and Comodo Client Communication.

Prerequisite - You need to install 'ESM Update Mirror' on your proxy to collect the initial update files from Comodo servers. Your endpoints will then download the updates from the proxy.

  • Download the setup file from https://drive.google.com/file/d/0B4qKr5xfENWBS0FOUHM2VDFQMnc/view.
     
  • Run the setup file on a Windows server and follow the installation wizard.
     
  • Ensure that the service has started:
     
    • 'Run' > Enter 'services.msc' > locate 'Apache2.2'.
       
    • Click the 'Start' link on the left if the service is not running.

Configure download servers

  • Open the 'Updates' section of a profile
     
  • Click the 'Download Servers' tab then 'Edit':
     


 


By default, endpoints will download updates from Comodo servers (download.comodo.com). You can add your local proxy servers here and enable/disable servers as required.

  • Click 'Add'



 

  • Transfer Protocol - Select HTTP or HTTPS
     
  • Host – Enter the IP address or hostname of your proxy
     
  • Client - Select which items should be collected from the proxy:
     
    • Communication Client - Endpoints will collect communication client (CC) updates from the proxy server.
       
    • Client Security - Endpoints will collect security client (CCS) updates from the proxy server, including virus database updates.
       
    • Communication Client + Client Security - Endpoints will collect both CC and CCS updates from the proxy.
  • Click 'Add'.
     
  • Repeat the process to add more servers.



 

  • Use the 'on-off' switch to enable or disable a server. You need to enable the server in order for endpoints to use it
     
  • Endpoints will request updates from servers in the order they appear in this list, with the server at the top getting consulted first.
  • You can re-prioritize the list by selecting a server then clicking 'Move Up' or 'Move Down'
     
  • Click 'Save' for your changes to take effect

Global CC settings

Click 'Settings' > 'Portal Set-Up' > 'Client Settings' > 'Windows' > 'Communication Client'

The settings area lets you:

  • Configure update intervals
     
  • Set the 'Default client version' which is installed on your endpoints. This is set to always fetch and install the latest version unless you specify otherwise.
     
  • Specify whether admins can change the version of the client installed on an endpoint.
     
  • Choose whether to use an endpoint as the source from which other endpoints collect their updates. This can save time and bandwidth versus each endpoint downloading directly from the server.

Configure the communication client

  • Click 'Settings' > 'Portal Set-Up' > 'Client Settings'
     
  • Click the 'Windows' tab > 'Communication Client'




 

  • Click the edit button    on the right to modify the default settings



 

Device dynamical information update - How often the client should provide Endpoint Manager with device status updates. This includes, for example, available memory, name of the device, OS summary, CCS configuration, and network information.

  • Use the slider to set the update interval. (Default = 15 minutes)

Request device commands - The frequency at which the client should query the Endpoint Manager for new tasks and updates.

  • Use the slider to set the update interval. (Default = 15 minutes)

Send device online status confirmations - The frequency at which the client should send a message confirming the device is online and connected. Endpoint Manager changes the device status to 'Offline' if it does not receive a confirmation in the set time period.

  • Use the slider to set the update interval. (Default = 15 minutes)

Default Client Version - Determines which agent version should be installed on endpoints.

  • Choose the default agent version from the drop-down. (Default = 'Latest').

Enable change of version while installing – Choose whether installation wizards allow admins to change the version of the client that gets installed. 

If enabled, admins can choose the version of the client they want to install in the following wizards:

  • Enroll devices - 'Devices' > 'Device List' > 'Enroll Device'
     
  • Bulk installation - 'Devices' > 'Bulk Installation Package'

Enable change of version while updating – Choose whether admins can update a client to a version other than the 'Default’ version. (Default = Disabled)

If enabled, admins can choose the version of the client they want to update to in the following wizards:

  • Update additional packages - 'Devices' > 'Device List' > 'Install or Update Packages' > 'Update Additional Packages'
     
  • Updates section of Windows profile - 'Configuration Templates' > 'Profiles' > 'Windows Profile' > 'Updates' profile section

          Note - Make sure to upgrade to a higher version. Installing a lower version than the existing agent is not supported.

Enable Communication Client to distribute update packages among the clients in the same network to reduce network inbound traffic - Download updates to a managed endpoint, then use that endpoint as the source from which other endpoints collect their updates.

This saves internet bandwidth usage and accelerates updates in large networks.

If enabled, your endpoint clients will follow this process at update time:

  • The endpoint first checks other endpoints to see if the update is installed on them
     
  • If available, the client fetches the update from the local endpoint
     
  • If not available, the client downloads the update from the default download servers
     
  • This endpoint then becomes the source from which other endpoints collect their updates.
     
  • You can choose the type of updates that use this mechanism:
     
    • Communication Client updates (Version 6.29 or higher)
       
    • Comodo Client Security updates (Version 11.4 or higher)
       
    • Antivirus Database updates (Version 11.4 or higher)



 

  • Enable Network traffic limitation - The maximum % of network bandwidth that can be used to share updates. (Default = 30%)
     
  • Enable device count limitation - The maximum number of devices with which the client is allowed to share updates. Default = 10.
     
  • Use download servers directly in case of any communication issue - If the endpoint cannot contact other endpoints it will collect the update from the main server.
     
  • Click 'Save' to apply your changes.

Notes:

  • The settings described in this section are 'global' settings that apply to all endpoint clients. However, you can also configure client update settings in the  'Updates' section to profile.
     
  • There is one overlapping item between these two - 'Enable the communication client to distribute packages to other clients in the network'.
     
  • Endpoint Manager prioritizes this setting as follows:
     
    • If you do not add an update section to the profile, then the global settings apply
       
    • If you do add an update section, then Endpoint Manager will ignore the '...distribute...' settings in global settings