2 Comodo IT and Security Manager Software Version 6.2 Administrator Guide Guide Version 6.2.021517 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Comodo IT and Security Manager - Administrator Guide Table of Contents 1. Introduction to Comodo IT and Security Manager..................................................................................................7 1.1.Key Concepts....................................................................................................................................................11 1.2.Best Practices...................................................................................................................................................12 1.3.Quick Start........................................................................................................................................................13 1.4.Logging into the Admin Console.......................................................................................................................61 2. The Administration Console.................................................................................................................................64 3. The Dashboard...................................................................................................................................................66 4. Users and User Groups.......................................................................................................................................82 4.1.Managing Users................................................................................................................................................84 4.1.1.Creating New User Accounts...................................................................................................................86 4.1.2.Enrolling User Devices for Management..................................................................................................90 4.1.2.1.Enrolling Android Devices................................................................................................................95 4.1.2.2.Enrolling iOS Devices....................................................................................................................102 4.1.2.3.Enrolling Windows Endpoints........................................................................................................107 4.1.2.4.Enrolling Mac OS Endpoints..........................................................................................................109 4.1.3.Viewing User Details...............................................................................................................................116 4.1.3.1.Updating the Details of a User.......................................................................................................121 4.1.4.Assigning Configuration Profile(s) to a Users' Devices..........................................................................123 4.1.5.Removing a User....................................................................................................................................125 4.2.Managing User Groups...................................................................................................................................127 4.2.1.Creating a New User Group...................................................................................................................128 4.2.2.Editing a User Group..............................................................................................................................130 4.2.3.Assigning Configuration Profiles to a User Group..................................................................................134 4.2.4.Removing a User Group.........................................................................................................................137 4.3.Configuring Role Based Access Control for Users.........................................................................................138 4.3.1.Creating a New Role..............................................................................................................................140 4.3.2.Managing Permissions and Assigned Users of a Role...........................................................................143 4.3.3.Removing a Role....................................................................................................................................148 4.3.4.Managing Roles Assigned to a User......................................................................................................149 5. Devices............................................................................................................................................................152 5.1.Device List.......................................................................................................................................................153 5.1.1.Managing Windows Devices..................................................................................................................157 5.1.1.1.Viewing and Editing Device Name.................................................................................................160 5.1.1.2.Viewing Summary Information.......................................................................................................161 5.1.1.3.Viewing Hardware Information.......................................................................................................162 5.1.1.4.Viewing Network Information.........................................................................................................163 5.1.1.5.Viewing and Managing Profiles Associated with a Device.............................................................164 5.1.1.6.Viewing Files on a Device..............................................................................................................166 5.1.1.7.Viewing CCS Configurations Exported from the Device and Importing Profiles............................172 5.1.1.8.Viewing MSI Files Installed on the Device through ITSM..............................................................174 5.1.1.9.Viewing and Installing Windows Patches......................................................................................176 Comodo IT and Security Manager - Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved 2 Comodo IT and Security Manager - Administrator Guide 5.1.1.10.Viewing Antivirus Scan History....................................................................................................178 5.1.1.11.Viewing and Managing Device Group Membership.....................................................................179 5.1.1.12.Viewing Alert Logs.......................................................................................................................182 5.1.1.13.Viewing Monitoring Logs..............................................................................................................182 5.1.1.14.Viewing Procedures Logs............................................................................................................185 5.1.2.Managing Mac OS Devices....................................................................................................................188 5.1.2.1.Viewing and Editing Mac OSX Device Name................................................................................190 5.1.2.2.Viewing Summary Information.......................................................................................................191 5.1.2.3.Viewing Installed Applications........................................................................................................192 5.1.2.4.Viewing and Managing Profiles Associated with the Device..........................................................194 5.1.2.5.Viewing OSX Packages Installed on the Device through ITSM....................................................196 5.1.2.6.Viewing and Managing Device Group Memberships.....................................................................197 5.1.3.Managing Android/iOS Devices..............................................................................................................199 5.1.3.1.Viewing and Editing Device Name.................................................................................................201 5.1.3.2.Viewing Summary Information.......................................................................................................203 5.1.3.3.Managing Installed Applications....................................................................................................204 5.1.3.4.Viewing and Managing Profiles Associated with a Device.............................................................207 5.1.3.5.Viewing Sneak Peek Pictures to Locate Lost Devices..................................................................209 5.1.3.6.Viewing the Location of the Device................................................................................................210 5.1.3.7.Viewing and Managing Device Group Memberships.....................................................................211 5.1.4.Viewing User Information.......................................................................................................................214 5.1.5.Removing a Device................................................................................................................................216 5.1.6.Remote Management of Windows Devices...........................................................................................218 5.1.7.Remotely Installing and Updating Packages on Windows Devices.......................................................223 5.1.8.Remotely Installing Packages on Mac OS Devices...............................................................................228 5.1.9.Installing Apps on Android/iOS Devices.................................................................................................230 5.1.10.Generating an Alarm on Devices..........................................................................................................231 5.1.11.Locking/Unlocking Selected Devices....................................................................................................233 5.1.12.Wiping Selected Devices......................................................................................................................234 5.1.13.Assigning Configuration Profiles to Selected Devices..........................................................................237 5.1.14.Setting / Resetting Screen Lock Password for Selected Devices........................................................239 5.1.15.Updating Device Information................................................................................................................241 5.1.16.Sending Text Message to Devices.......................................................................................................243 5.1.17.Restarting Selected Windows Devices ................................................................................................245 5.1.18.Changing a Device's Owner................................................................................................................248 5.1.19.Changing BYOD status of a Device.....................................................................................................250 5.1.20.Applying Procedures for Windows Devices..........................................................................................251 5.2.Managing Device Groups................................................................................................................................254 5.2.1.Creating Device Groups.........................................................................................................................256 5.2.2.Editing a Device Group..........................................................................................................................258 5.2.3.Assigning Configuration Profiles to a Device Group..............................................................................263 5.2.4.Removing a Device Group.....................................................................................................................266 5.3.Bulk Enrollment of Devices.............................................................................................................................267 Comodo IT and Security Manager - Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved 3 Comodo IT and Security Manager - Administrator Guide 5.3.1.Enroll Windows and Mac OS Devices by Installing the ITSM Agent Package.......................................268 5.3.1.1.Enroll Windows Devices Via AD Group Policy...............................................................................268 5.3.1.2.Enroll Windows and Mac OS Devices by Offline Installation of Agent..........................................272 5.3.1.3.Enroll Windows Devices using Comodo Auto Discovery and Deployment Tool............................276 5.3.2.Enroll Android and iOS Devices of AD Users.........................................................................................280 6.Configuration Templates.....................................................................................................................................287 6.1.Creating Configuration Profiles.......................................................................................................................289 6.1.1.Profiles for Android Devices...................................................................................................................290 6.1.2.Profiles for iOS Devices.........................................................................................................................322 6.1.3.Profiles for Windows Devices.................................................................................................................377 6.1.3.1.Creating Windows Profiles.............................................................................................................377 6.1.3.1.1.Antivirus Settings..................................................................................................................381 6.1.3.1.2.CCS and Virus Database Update Settings...........................................................................394 6.1.3.1.3.File Rating Settings...............................................................................................................398 6.1.3.1.4.Firewall Settings....................................................................................................................400 6.1.3.1.5.HIPS Settings........................................................................................................................432 6.1.3.1.6.Containment Settings............................................................................................................461 6.1.3.1.7.VirusScope Settings..............................................................................................................476 6.1.3.1.8.Valkyrie Settings....................................................................................................................477 6.1.3.1.9.Global Proxy Settings............................................................................................................480 6.1.3.1.10.Clients Proxy Settings.........................................................................................................480 6.1.3.1.11.Agent Discovery Settings....................................................................................................481 6.1.3.1.12.UI Settings ..........................................................................................................................482 6.1.3.1.13.Logging Settings.................................................................................................................484 6.1.3.1.14.Client Access Control..........................................................................................................486 6.1.3.1.15.External Devices Control Settings......................................................................................487 6.1.3.1.16.Monitoring Settings.............................................................................................................493 6.1.3.1.17.CCM Certificate Settings.....................................................................................................499 6.1.3.1.18.Procedures Settings............................................................................................................503 6.1.3.2.Importing Windows Profiles...........................................................................................................505 6.1.4.Profiles for Mac OS Devices..................................................................................................................510 6.1.4.1.Creating Mac OS X Profiles...........................................................................................................510 6.1.4.1.1.Antivirus Settings for OS X Profile........................................................................................513 6.1.4.1.2.Certificate Settings for OS X Profile......................................................................................527 6.1.4.1.3.CCM Certificate Settings for OS X Profile ............................................................................529 6.1.4.1.4.Restrictions Settings for OS X Profile...................................................................................531 6.1.4.1.5.VPN Settings for OS X Profile...............................................................................................533 6.1.4.1.6.Wi-Fi Settings for OS X Profile..............................................................................................534 6.2.Viewing and Managing Profiles.......................................................................................................................536 6.2.1.Exporting and Importing Configuration Profiles......................................................................................539 6.2.2.Cloning a Profile.....................................................................................................................................540 6.3.Editing Configuration Profiles..........................................................................................................................541 6.4.Managing Default Profiles...............................................................................................................................543 Comodo IT and Security Manager - Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved 4 Comodo IT and Security Manager - Administrator Guide 6.5.Managing Alerts..............................................................................................................................................552 6.5.1.Create a New Alert.................................................................................................................................553 6.5.2.Edit / Delete an Alert...............................................................................................................................556 6.6.Managing Procedures.....................................................................................................................................557 6.6.1.Viewing and Managing Procedures........................................................................................................558 6.6.2.Create a Custom Procedure...................................................................................................................563 6.6.3.Combine Procedures to Build Broader Procedures ..............................................................................570 6.6.4.Review / Approve / Decline New Procedures ........................................................................................571 6.6.5.Add a Procedure to a Profile / Procedure Schedules ............................................................................572 6.6.6.Import / Export / Clone Procedures........................................................................................................574 6.6.7.Change Alert Settings.............................................................................................................................577 6.6.8.Directly Apply Procedures to Devices....................................................................................................578 6.6.9.Edit / Delete Procedures........................................................................................................................581 6.6.10.View Procedure Results.......................................................................................................................586 7. Applications......................................................................................................................................................589 7.1.Viewing Applications Installed on Android and iOS Devices...........................................................................590 7.1.1.Blacklisting and Whitelisting Applications...............................................................................................592 7.2.Installing OS Patches on Windows Endpoints................................................................................................593 8. App Store..........................................................................................................................................................598 8.1.iOS Apps.........................................................................................................................................................599 8.1.1.Adding iOS Apps and Installing them on Devices..................................................................................601 8.1.2.Managing iOS Apps................................................................................................................................609 8.2.Android Apps...................................................................................................................................................611 8.2.1.Adding Android Apps and Installing them on Devices............................................................................614 8.2.2.Managing Android Apps.........................................................................................................................620 9.Security Sub Systems........................................................................................................................................622 9.1.Viewing Contained Applications......................................................................................................................623 9.2.Viewing Applications Installed on Windows Devices......................................................................................629 9.2.1.Viewing and Managing Unrecognized Files...........................................................................................630 9.2.2.Viewing and Managing Trusted Files.....................................................................................................637 9.2.3.Viewing and Managing Malicious Files..................................................................................................643 9.2.4.Viewing and Managing Quarantined Items............................................................................................648 9.3.Viewing and Managing Quarantined Items on Mac OS Devices....................................................................652 9.4.Viewing list of Valkyrie Analyzed Files............................................................................................................656 9.5.Antivirus and File Rating Scans......................................................................................................................658 9.5.1.Running On-Demand Antivirus Scans on Devices.................................................................................661 9.5.2.Running Rating Scans on Windows Devices.........................................................................................664 9.5.3.Handling Malware on Scanned Devices.................................................................................................665 9.5.4.Updating Virus Signature Database on Windows Devices.....................................................................668 9.5.5.Updating Virus Signature Database on Mac OS Devices......................................................................668 9.6.Viewing and Managing Identified Malware......................................................................................................669 9.7.Viewing Threats History..................................................................................................................................674 9.8.Viewing History of External Device Connection Attempts...............................................................................676 Comodo IT and Security Manager - Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved 5 Comodo IT and Security Manager - Administrator Guide 10.Managing Certificates Installed on Devices......................................................................................................678 11.Configuring Comodo IT and Security Manager..................................................................................................680 11.1.Email Notifications, Templates and Custom Variables..................................................................................681 11.1.1.Configuring Email Templates................................................................................................................681 11.1.2.Configuring Email Notifications.............................................................................................................684 11.1.3.Creating and Managing Custom Variables...........................................................................................687 11.1.4.Creating and Managing Registry Groups.............................................................................................691 11.1.5.Creating and Managing COM Groups..................................................................................................695 11.1.6.Creating and Managing File Groups.....................................................................................................699 11.2.ITSM Portal Configuration.............................................................................................................................703 11.2.1.Importing User Groups from LDAP.......................................................................................................704 11.2.2.Adding Apple Push Notification Certificate...........................................................................................715 11.2.3.Configuring the ITSM Android Agent....................................................................................................721 11.2.3.1.Configuring General Settings.......................................................................................................722 11.2.3.2.Configuring Android Client Antivirus Settings...............................................................................725 11.2.3.3.Adding Google Cloud Messaging (GCM) Token..........................................................................726 11.2.4.Configuring ITSM Windows Client........................................................................................................730 11.2.5.Managing ITSM Extensions..................................................................................................................732 11.2.6.Configuring ITSM Reports....................................................................................................................732 11.2.7.Integrating with Comodo Certificate Manager .....................................................................................733 11.2.8.Setting-up Administrator's Time Zone...................................................................................................737 11.3.Viewing and Managing Licenses...................................................................................................................739 11.3.1.Upgrading or Adding a License............................................................................................................741 11.4.Viewing Version and Support Information.....................................................................................................743 Appendix 1: ITSM Services - IP Nos, Host Names and Port Details.......................................................................746 Appendix 2: Pre-configured Profiles......................................................................................................................749 About Comodo......................................................................................................................................................750 Comodo IT and Security Manager - Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved 6 Comodo IT and Security Manager - Administrator Guide 1. Introduction to Comodo IT and Security Manager Comodo IT and Security Manager (ITSM) allows administrators to manage, monitor and secure mobile devices and Windows and Mac OS endpoints which connect to their enterprise wired and wireless networks. Administrators must first add users to the ITSM console and can then enroll devices like Android and iOS mobile devices and/or Mac OS X and Windows endpoints for those users. Once a device has been enrolled, administrators can remotely apply configuration profiles which determine that device's network access rights, security settings and general preferences. ITSM also allows you to obtain client certificates and device authentication certificates which can be used for user authentication, signing and encrypting email and device authentication (requires integration with Comodo Certificate Manager). Administrators can monitor device location; run antivirus scans; install/uninstall apps; remotely lock or wipe devices; manage running services; generate extensive reports; reset user passwords; import users from Active Directory, manage Windows patches and more. Each user license covers up to five mobile devices or one Windows endpoint for a single user. (1 license will be consumed by 5 mobile devices. 1 license could also be consumed by a single Windows endpoint). If more than 5 devices or 1 endpoint are added for the same user, then an additional user license will be consumed. Guide Structure This guide is intended to take you through the configuration and use of Comodo IT and Security Manager and is broken down into the following main sections. Comodo IT and Security Manager - Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved 7 Comodo IT and Security Manager - Administrator Guide Introduction to Comodo IT and Security Manager - Contains a high level overview of the service and serves as an introduction to the main themes and concepts that are discussed in more detail later in the guide. The Administrative Console - Contains an overview of the main interface of ITSM and guidance to navigate to different areas of the interface. The Dashboard - Describes the Dashboard area of the interface that allows the administrator to view a snapshot summary of devices and their statuses as pie-charts. Users and User Groups - Covers the creation and management of users and user groups, enrollment of devices and assigning configuration profiles to devices. • Managing Users • Creating New User Accounts • Enrolling Users Devices for Management • Viewing the Details of a User • Assigning Configuration Profile(s) to Users' Devices • Removing a User • Managing User Groups • Creating a New User Group • Editing a User Group • Assigning Configuration Profiles to a User Group • Removing a User Group • Configuring Role Based Access Control for Users • Creating a New Role • Managing Permissions and Assigned Users of a Role • Removing a Role • Managing Roles Assigned to a User Devices - Covers management and control of enrolled devices, remotely generating sirens, wiping, locking and powering off enrolled devices, remotely installing and managing apps on devices and managing device groups. • Device List • Managing Windows Devices • Managing Mac OS Devices • Managing Android/iOS Devices • Viewing the User Information • Removing a Device • Remote Management of Windows Devices • Remotely Installing Packages onto Windows Devices • Remotely Installing Packages on Mac OS Devices • Installing Apps on Android and iOS Devices • Generating Alarm on Device • Locking/Unlocking Selected Devices • Wiping Selected Devices • Assigning Configuration Profiles to Selected Devices • Setting / Resetting Screen Lock Password for Selected Devices • Updating Device Information • Sending Text Message to Devices • Restarting Selected Windows Devices • Changing A Device's Owner Comodo IT and Security Manager - Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved 8 Comodo IT and Security Manager - Administrator Guide • Changing BYOD Status of a Device • Applying Procedures for Windows Devices • Managing Device Groups • Creating Device Groups • Editing a Device Group • Assigning Configuration Profiles to a Device Group • Removing a Device Group • Bulk Enrollment of Devices • Enroll Windows and Mac OS Devices by Installing the ITSM Agent Package • Enroll Windows Devices Via AD Group Policy • Enroll Windows and Mac OS Devices by Offline Installation of Agent • Enroll Windows Devices using Comodo Auto Discovery and Deployment Tool • Enroll Android and iOS Devices of AD Users Configuration Templates - Covers creation and management of configuration profiles to be applied to enrolled iOS and Android Smartphones and Tablets and Windows endpoints. • Creating Configuration Profiles • Profiles for Android Devices • Profiles for iOS Devices • Profiles for Windows Device • Profiles for Mac OS Devices • Viewing and Managing Profiles • Exporting and Importing Configuration Profiles • Cloning a Profile • Editing Configuration Profiles • Managing Default Profiles • Managing Alerts • Create a New Alert • Edit / Delete an Alert • Managing Procedures • Viewing and Managing Procedures • Create a Custom Procedure • Combine Procedures to Build Broader Procedures • Review / Approve / Decline New Procedures • Add a Procedure to a Profile / Procedure Schedules • Import / Export / Clone Procedures • Change Alert Settings • Directly Apply Procedures to Devices • Edit / Delete Procedures • View Procedure Results Applications - Covers the management of applications installed on the managed devices, blacklist and whitelist application and OS update patches that can be pushed to Windows devices from the ITSM console. • Viewing Applications Installed on Android and iOS Devices • Blacklisting and Whitelisting Applications • Installing OS Patches on Windows Endpoints Comodo IT and Security Manager - Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved 9 Comodo IT and Security Manager - Administrator Guide App Store - Covers the management of applications that can be pushed to enrolled devices from the ITSM console. • iOS Apps • Adding iOS Apps and Installing them on Devices • Managing iOS Apps • Android Apps • Adding Android Apps and Installing them on Devices • Managing Android Apps Security Sub-Systems- Describes how obtain trust ratings for files on your devices, run AV scans, run AV scans, view threats, manage quarantined items and more. • Viewing Contained Applications • Viewing Applications Installed on Windows Devices • Viewing and Managing Unrecognized Files • Viewing and Managing Trusted Files • Viewing and Managing Malicious Files • Viewing and Managing Quarantined Items • Viewing and Managing Quarantined Items on Mac OS Devices • Viewing list of Valkyrie Analyzed Files • Antivirus and File Rating Scans • Running On-Demand Antivirus Scans on Devices • Running Rating Scans on Windows Devices • Handling Malware on Scanned Devices • Updating Virus Signature Database on Windows Devices • Updating Virus Signature Database on Mac OS Devices • Viewing and Managing Identified Malware • Viewing Threats History • Viewing History of External Device Connection Attempts Managing Certificates Installed on Devices - Manage client and device authentication certificates issued through Comodo Certificate Manager to enrolled users and devices Configuring Comodo IT and Security Manager - Explains how to set up your ITSM portal to communicate with enrolled Android and iOS devices, how to integrate AD servers and import user groups and how to configure the Windows client and various ITSM components. Also covers management of subscriptions and renewal/upgrade of licenses. • Email Notifications, Templates and Custom Variables • Configuring Email Templates • Configuring Email Notifications • Creating and Managing Custom Variables • Creating and Managing Registry Groups • Creating and Managing COM Groups • Creating and Managing File Groups • ITSM Portal Configuration • Importing User Groups from LDAP • Adding Apple Push Notification Certificate • Configuring the ITSM Android Agent • Configuring ITSM Windows Client Comodo IT and Security Manager - Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved 10
Description: