Comodo One. Understanding Windows Profiles in ITSM

• How to hide/show security client and communication client tray icons in devices
• What is ‘Monitoring’ in ITSM profiles
• How to configure baseline settings
• How to restrict access to Comodo Client Security (CCS) and Comodo Client Communication (CCC) on the endpoints
• How to define exclusions for files and folders
• How to configure and manage file ratings from windows profiles

How to hide/show security client and communication client tray icons in devices?

Step 1: Go to ‘ITSM’ > ‘Configuration Templates’> ‘Profiles’. User able to view list of available profiles.

Step 2: Click profile applied to your devices.

Step 3: Client’s tray icons configuration options are available in ‘UI settings’. To configure ‘UI settings’ please follow below steps,

1. Click ‘Add Profile Sections’ button in profile

2. Choose ‘UI Settings’ from drop down menu

Step 4: Under ‘UI Settings’ tab set following configuration as explained below,

1. Show security client tray icon – Selecting check box associated with this option enables Comodo One Client Security tray icon in devices.

2. Show communication client tray icon – Selecting check box associated with this option enables Comodo One Client Communication tray icon in devices.

Step 5: Click ‘Save’ button to apply required changes. Profile will automatically update settings in associated devices.

How to define a list of device classes that should be blocked on endpoints?
Step 1: Go to ITSM > CONFIGURATION TEMPLATES and click ‘Profiles’ menu.

Step 2: Click ‘Create’ icon and Select Create Windows Profile from the drop-down.

Step 3: Fill the form ‘Create Windows Profile’ and submit.

1. Name – Enter the name of the profile you want. Example: External Device Classes to be blocked on End-Point

2. Description – Enter the description of the profile. Example: this is to block external devices accessing End-Point

3. Click ‘Create’ button

Step 4: Click ‘Add Profile Section’ icon and select ‘External Devices Control’ from the drop-down.

Step 5: Fill the form ‘External Device Control’.

1. Enable Device Control – This option blocks devices of a client computer from accessing, such as USB drives, Bluetooth devices, printers, and serial and parallel ports.

2. Log Detected Devices – To log detected devices then and there

3. Show notifications when devices disabled or enabled – To get notification from the ITSM for your endpoint, check the option enabled

Step 6: If you would like to block the device classes, click ‘Add’ icon.

1. Select the ‘Device Classes’ from the list of Pop-Window and click ‘OK’ button.

2. Select the device classes. Example: Smart card readers, Ports.

3. Click ‘OK’ button.

Step 7: Check if you have the list of selected device classes are added into the blocked list table.

Step 8: *In case, you would like to delete the added classes into the blocked list, No worry we have Delete option to remove from there.

1. Select the ‘Device Classes’ and click the ‘Delete’ icon

2. Confirm the ‘Device Class Remove Window’

Step 9: If you would like to don’t block the device classes.

1. Click the ‘Exclusion’ tab
2. Click ‘Add’ icon

Step 10: Fill the form ‘Add Exclusion’.

1. Enter ‘Device Custom Name’. Example: Mobile

2. Enter the ‘Device ID’. Example: 4D36E967-E325-11CE-BFC1-08002BE10318

3. Click ‘Add’ button

Step 11: *In case, you would like to delete the item from the exclusion list, follow the steps below

1. Select the item from the ‘Exclusion’ table

2. Click ‘Delete’ icon

3. Confirm the ‘Alert Window Exclusion Remove’

Step 12: Click ‘Save’ button to apply changes.

**Use the defined profile with devices you want to block external device access.

How to configure baseline settings?
Baseline settings enable us to set time period during which unknown files will not be auto contained. Instead unknown files are analysed using Valkyrie for the configured period.

Step 1: Go to ITSM → Configuration Templates and select ‘Profiles’ menu.

Step 2: Select a name of a profile from the list, to which you need to enable the baseline.

Step 3: Click the “ Add Profile Section” and select the “Containment” from the drop-down. In turns an alert pop up, click “Confirm”.

Step 4: Go to ‘Containment’ tab, the Baseline option will be available only if the “Valkyrie” is added to your profile.

1. If Valkyrie is already added to your profile. Go to Step 5 and continue.

2. Or to add ‘Valkyrie’, click the “ Add Profile Section” and select the “Valkyrie ” from the drop-down and customize it.

Step 5: Go to ‘Containment’ tab, click the “Baseline”.

Step 6: Select the “Enable Baseline” check box.

Step 7: Select any of the below three option of your choice.

1. Stop Baseline and enable Auto-Containment after countdown
Set baseline time in Days and Hours. The unknown files will be sent to Valkyrie without containment. Once after the defined baseline time expires ,the containment will be resumed.

2. Stop Baseline and enable Auto-Containment after Valkyrie submit
When the baseline period is not mentioned , this option will be applied . After the files are submitted to the Valkyrie, the Comodo Client Security holds an individual unknown file.
3. Stop Baseline and enable Auto-Containment after Valkyrie response
When the baseline period is not mentioned , this option will be applied . After the Valkyrie response, the Comodo Client Security holds an individual unknown File.

How to restrict access to Comodo Client Security (CCS) and Comodo Client Communication (CCC) on the endpoints?
Step 1: Go to ITSM > CONFIGURATION TEMPLATES > ‘Profiles’.

Step 2: Click ‘Create’ icon and select ‘Create Windows Profile’ menu.

Step 3: Fill the form ‘Create Windows Profile’.

1. Enter Name, Example: Profile to restrict the client access CCS and CCC

2. Enter Description, Example: Profile to restrict client access CCS and CCC for the target Endpoints

3. Click ‘Create’ button

Step 4: Click ‘Add Profile Section’ icon and select ‘Client Access Control’ menu.

Step 5: Fill the form that loads from the tab ‘Client Access Control’ and click ‘Save’ button to submit the form details.

1. Check ‘Apply password protection settings for enabling or disabling access for the listed clients’

• Comodo Client – Security, If enabled then the client is password protected
• Comodo Client – Communication, If enabled then the client is password protected

2. Check the field Require Password and use the below options as per your requirement

• Computer administrator, If the field is enabled then the above client will use the Administrator as credentials
• Custom password, If the field is enabled then the above client will use the given Password as credentials
  • Password
  • Confirm Password

3. Click Save button to submit the settings

Usage: ** Use the profile with the specified device to experience the benefits.

How to define exclusions for files and folders?
Step 1: Go to ITSM > CONFIGURATION TEMPLATES and click ‘Profiles’ menu.

Step 2: Click Create icon and Select Create Windows Profile from the drop-down.

Step 3: Fill the form Create Windows Profile and submit.

1. Name – Enter the name of the profile you want. Example: To Exclude A PATH OR Group of Files or Folders from Scanning by AV
2. Description – Enter the description of the profile. Example: this is to exclude the specific files or folders from scanning by the COMODO Antivirus Scan tool
3. Click ‘Create’ button

Step 4: Click ‘Add Profile Section’ icon and select ‘Antivirus ‘from the drop-down.

Step 5: Click ‘Confirm’ button to add the ‘Comodo Antivirus’ to your End-Point.

Step 6: Select the ‘Exclusions’ tab from the screen presence after your confirmation.

Step 7: If you would like to exclude any path to be prevented from scanning on your End-Point, click ‘Add’ button to add a path.

Step 8: Fill the form ‘Add Excluded Path’

1. Enter the path in the text box. Example: %systemroot%\*.* – you may also use exact path or any other pattern

2. Click ‘OK’ button

Step 9: If you would like to exclude any application to be prevented from scanning on your End-Point, Select ‘Excluded Applications’ tab and click the ‘Add’ button.

Step 10: Fill the form ‘Add Excluded Application’.

1. Enter the Application’s complete path into Path text box. Example: %systemroot%\explorer.exe

2. Click ‘OK’ button

Step 11: If you would like to exclude any group to be prevented from scanning on your End-Point, select ‘Excluded Groups’ tab and click the ‘Add’ button.

Step 12: Fill the form ‘Add Excluded Group’.

1. Click the ‘Group’ drop-down list
2. Choose the appropriate group from the drop-down. Example: Windows System Applications
3. Click ‘OK’ button

Step 13: Click ‘Save’ button to save excluded list.

**Use the profile with the device and perform the scan over the device.

How to configure and manage file ratings from windows profiles?

Step 1: Go to ITSM > CONFIGURATION TEMPLATES > ‘Profiles’ menu and select the ‘Create Windows Profile’ menu from the drop-down presents after the ‘Create’ icon is clicked.

Step 2: Fill the form ‘Create Windows Profile’ presents there.

1. Enter the name of the profile you would prefer for into ‘Name’ field. Example, Setting File Rating

2. Enter the purpose or summary or any text to explain about the profile into ‘Description’ field

3. Click the ‘Create’ button

Check whether you have properly created with the given information. If not, please click the ‘Edit’ icon and modify the required content.

Step 3: Click the ‘Add Profile Section’ icon and select the ‘File Rating’ menu from the drop-down menu.

Step 4: Fill the form ‘File Rating’ presents from under the ‘File Rating’ tab.

1. Enable Cloud Lookup (recommended) – It is recommended to the ‘Cloud Lookup’ analyze the unknown files from the endpoint.

2. Analyze unknown files in the cloud by uploading them for instant analysis – Allows you to analyze the files instantly

3. Enable upload metadata of unknown files to the cloud.

4. Show cloud alert – If disabled, automatically applies “Block and Terminate” action to the malware detected by cloud scanning.

5. Detect potentially unwanted applications – Allows you to analyze unwanted Softwares and files which are potentially not recommended.

6. Auto purge is enabled – Only the files whose absolute path is specified and which no longer exist will be purged. That is, only the local unrecognized files will be affected.

7. Custom FLS access ports – If you would like FLS to communicate through given UDP port or TCP port, please enable this option and provide the configuration details.

8. Enable report for non-executable files – CCS sends reports to ITSM for non-executable files, If the option is enabled.

9. Show non-executable files – ITSM shows non-executable files from the endpoints once the option is enabled.

10. Click the ‘Save’ button.

Check the field information after saving the form. If not properly given, you may click the ‘Edit’ button and modify them.

** The configuration is effective when you run the profile over devices only.

The post Comodo One. Understanding Windows Profiles in ITSM appeared first on Comodo News and Internet Security Information.