ITSM Reading Time: 36 minutes

Comodo One. Understanding Windows Profiles in ITSM

How to hide/show security client and communication client tray icons in devices?

Step 1: Go to ‘ITSM’ > ‘Configuration Templates’> ‘Profiles’. User able to view list of available profiles.

Configuration Templates

Step 2: Click profile applied to your devices.

profile client2

Step 3: Client’s tray icons configuration options are available in ‘UI settings’. To configure ‘UI settings’ please follow below steps,

1. Click ‘Add Profile Sections’ button in profile

2. Choose ‘UI Settings’ from drop down menu

profile client3

Step 4: Under ‘UI Settings’ tab set following configuration as explained below,

1. Show security client tray icon – Selecting check box associated with this option enables Comodo One Client Security tray icon in devices.

2. Show communication client tray icon – Selecting check box associated with this option enables Comodo One Client Communication tray icon in devices.

profile client4

Step 5: Click ‘Save’ button to apply required changes. Profile will automatically update settings in associated devices.

profile client5a

How to define a list of device classes that should be blocked on endpoints?
Step 1: Go to ITSM > CONFIGURATION TEMPLATES and click ‘Profiles’ menu.

profile block1

Step 2: Click ‘Create’ icon and Select Create Windows Profile from the drop-down.

profile block2

Step 3: Fill the form ‘Create Windows Profile’ and submit.

1. Name – Enter the name of the profile you want. Example: External Device Classes to be blocked on End-Point

2. Description – Enter the description of the profile. Example: this is to block external devices accessing End-Point

3. Click ‘Create’ button

profile block3

Step 4: Click ‘Add Profile Section’ icon and select ‘External Devices Control’ from the drop-down.

profile block4

Step 5: Fill the form ‘External Device Control’.

1. Enable Device Control – This option blocks devices of a client computer from accessing, such as USB drives, Bluetooth devices, printers, and serial and parallel ports.

2. Log Detected Devices – To log detected devices then and there

3. Show notifications when devices disabled or enabled – To get notification from the ITSM for your endpoint, check the option enabled

profile block5

Step 6: If you would like to block the device classes, click ‘Add’ icon.

1. Select the ‘Device Classes’ from the list of Pop-Window and click ‘OK’ button.

2. Select the device classes. Example: Smart card readers, Ports.

3. Click ‘OK’ button.

Profile Block 6a

profile block 6b

Step 7: Check if you have the list of selected device classes are added into the blocked list table.

"profile

Step 8: *In case, you would like to delete the added classes into the blocked list, No worry we have Delete option to remove from there.

1. Select the ‘Device Classes’ and click the ‘Delete’ icon

2. Confirm the ‘Device Class Remove Window’

"profile

"profile

profile block8c
Step 9: If you would like to don’t block the device classes.

1. Click the ‘Exclusion’ tab
2. Click ‘Add’ icon

profile block 9a

profile block 9b
Step 10: Fill the form ‘Add Exclusion’.

1. Enter ‘Device Custom Name’. Example: Mobile

2. Enter the ‘Device ID’. Example: 4D36E967-E325-11CE-BFC1-08002BE10318

3. Click ‘Add’ button

profile block 10a

profile block 10b

Step 11: *In case, you would like to delete the item from the exclusion list, follow the steps below

1. Select the item from the ‘Exclusion’ table

2. Click ‘Delete’ icon

3. Confirm the ‘Alert Window Exclusion Remove’

profile block11a

Profile block 11b

"profile

Step 12: Click ‘Save’ button to apply changes.

profile block 12

**Use the defined profile with devices you want to block external device access.

How to configure baseline settings?
Baseline settings enable us to set time period during which unknown files will not be auto contained. Instead unknown files are analysed using Valkyrie for the configured period.

Step 1: Go to ITSM → Configuration Templates and select ‘Profiles’ menu.

profile baseline 1

Step 2: Select a name of a profile from the list, to which you need to enable the baseline.

profile baseline 2

Step 3: Click the “ Add Profile Section” and select the “Containment” from the drop-down. In turns an alert pop up, click “Confirm”.

profile baseline 3a

profile baseline 3b

Step 4: Go to ‘Containment’ tab, the Baseline option will be available only if the “Valkyrie” is added to your profile.

1. If Valkyrie is already added to your profile. Go to Step 5 and continue.

2. Or to add ‘Valkyrie’, click the “ Add Profile Section” and select the “Valkyrie ” from the drop-down and customize it.

Step 5: Go to ‘Containment’ tab, click the “Baseline”.

Profile baseline5

Step 6: Select the “Enable Baseline” check box.

profile baseline6

Step 7: Select any of the below three option of your choice.

1. Stop Baseline and enable Auto-Containment after countdown
Set baseline time in Days and Hours. The unknown files will be sent to Valkyrie without containment. Once after the defined baseline time expires ,the containment will be resumed.

2. Stop Baseline and enable Auto-Containment after Valkyrie submit
When the baseline period is not mentioned , this option will be applied . After the files are submitted to the Valkyrie, the Comodo Client Security holds an individual unknown file.
3. Stop Baseline and enable Auto-Containment after Valkyrie response
When the baseline period is not mentioned , this option will be applied . After the Valkyrie response, the Comodo Client Security holds an individual unknown File.

profile baseline 7a

Profile baseline 7b

Profile baseline 7c

How to restrict access to Comodo Client Security (CCS) and Comodo Client Communication (CCC) on the endpoints?
Step 1: Go to ITSM > CONFIGURATION TEMPLATES > ‘Profiles’.

profile access1

Step 2: Click ‘Create’ icon and select ‘Create Windows Profile’ menu.

profile access2

Step 3: Fill the form ‘Create Windows Profile’.

1. Enter Name, Example: Profile to restrict the client access CCS and CCC

2. Enter Description, Example: Profile to restrict client access CCS and CCC for the target Endpoints

3. Click ‘Create’ button

Profile access3

Step 4: Click ‘Add Profile Section’ icon and select ‘Client Access Control’ menu.

Profile access4

Step 5: Fill the form that loads from the tab ‘Client Access Control’ and click ‘Save’ button to submit the form details.

1. Check ‘Apply password protection settings for enabling or disabling access for the listed clients’

  • Comodo Client – Security, If enabled then the client is password protected
  • Comodo Client – Communication, If enabled then the client is password protected

2. Check the field Require Password and use the below options as per your requirement

  • Computer administrator, If the field is enabled then the above client will use the Administrator as credentials
  • Custom password, If the field is enabled then the above client will use the given Password as credentials
    • Password
    • Confirm Password

3. Click Save button to submit the settings


Usage: ** Use the profile with the specified device to experience the benefits.

How to import the security configuration of CCS from a managed endpoint and save it as a new profile

In ITSM, a security configuration of a device can be used to create a new profile. Apart from cloning a existing profile and a profile can be created by exporting the security configuration of any existing devices in a ITSM. The newly created profile includes all the security related profile section, thus it provides a very efficient and secured profile to the user.

Note: To Export a security configuration file of a device:

  • Go to “Devices”->”Device List” and select a device from the list and click the “Export security configuration” button. The file will be exported and will be available in the “Exported Configuration” tab. Navigate to the tab and click the file. The file will be downloaded.

Step 1: Go to “Configuration Templates” -> “Profiles”.

Step 2: Click ‘Import’ button at the top.

Select “Import from Comodo Client – Security Config File’ from the drop-down.

Step 3: Enter the name for the profile and click “Browse” button to choose the exported file and give the description for the profile then click ‘Import’ button.
The profile will be added to the list.

Example:
Name: Advanced Security setting.
Description:The profile with advanced security options.

Step 4: Select the imported profile from the list. The profile will open and based on the setting of the imported configuration file, the profiles contains predefined security components.

Step 5: The “ Is Default” option will be in disabled state. To enable, go to “General” tab of that profile, click ‘Edit’ button then select the checkbox of “Is Default” option and click “Save” button.

Step 6: A new profile components can be added to the profile and finally the profile can be applied to the devices (endpoints).

How to configure CCS and Virus Database Update Settings in Windows Profiles

A virus database and the updates can be automatically downloaded from the devices by installing the “Comodo Client – Security” Software in the devices. A user should add the ” updates” section to their desired profile to check and download the updates from the server automatically.

Step 1: Go to “Configuration Templates ” -> “Profiles” .The profiles list will be displayed.

Step 2: Select the profile of the device to which you want to check the update.


Step 3: Click “Add Profile Section” button.

Select the “Updates” from the drop-down.

Step 4: In ‘Updates’ there are two subsections they are:

i. Schedule – The frequency of the schedule and restart options are set here.

ii. Server – The download locations will be mentioned here. By default, the updates will be downloaded from http://download.comodo.com. The user can add more server details.

Step 5: Go to ‘Schedule’ tab, define the “update frequency” and reboot options.

1. Update Frequency has following options:

i. Every Day – It checks for the update at the mentioned time every day.
ii. Once a Week – At the specified day and the time, it checks for the update.
iii. Update when idle – The update and the downloading will be done when the devices goes idle.
iv. Skip updates if the device is offline – If this option is enabled, the updates will not be applied to the device in an offline state.

2. Reboot has different options,

i. Force the reboot in – Specify the time and warning message in the text box. And the reboot will be forced to perform at mentioned time.
ii. Suppress the reboot – Enables this option to stall the reboot.
iii. Warn about the reboot and let users postpone it – Select this option and gives the warning message in the text box to the user so that the user can reboot the machine later.

Note: On next scheduled time, the skipped updates will be checked and applied to the device.

Step 6: The proxy server from which the updates should be downloaded will be added ‘Servers’ tab.

1. Go to Server tab.

2. Click “Add” button to add the server details. The ‘Add Server’ dialog box appears. Enter the server detail and click ‘Add’ button.

Step 7: Enable a server by clicking the “ON” in the status.

Step 8: Select the check box of the server and click any one of the following options.

1. Edit – Edits the server details.
2. Remove – Removes the server.
3. Move up – Moves above a server the list.
4. Move Down – Moves down a sever in the list.

How to define exclusions for files and folders

Step 1: Go to ITSM > CONFIGURATION TEMPLATES and click ‘Profiles’ menu.

Step 2: Click Create icon and Select Create Windows Profile from the drop-down.

Step 3: Fill the form Create Windows Profile and submit.

1. Name – Enter the name of the profile you want. Example: To Exclude A PATH OR Group of Files or Folders from Scanning by AV
2. Description – Enter the description of the profile. Example: this is to exclude the specific files or folders from scanning by the COMODO Antivirus Scan tool
3. Click ‘Create’ button

Step 4: Click ‘Add Profile Section’ icon and select ‘Antivirus ‘from the drop-down.

Step 5: Click ‘Confirm’ button to add the ‘Comodo Antivirus‘ to your End-Point.

Step 6: Select the ‘Exclusions’ tab from the screen presence after your confirmation.

Step 7: If you would like to exclude any path to be prevented from scanning on your End-Point, click ‘Add’ button to add a path.

Profile Enclusion1

Step 8: Fill the form ‘Add Excluded Path’

1. Enter the path in the text box. Example: %systemroot%\*.* – you may also use exact path or any other pattern

2. Click ‘OK’ button

Profile Enclusion2

Step 9: If you would like to exclude any application to be prevented from scanning on your End-Point, Select ‘Excluded Applications’ tab and click the ‘Add’ button.

Profile Enclusion3

Step 10: Fill the form ‘Add Excluded Application’.

1. Enter the Application’s complete path into Path text box. Example: %systemroot%\explorer.exe

2. Click ‘OK’ button

Profile Enclusion4

Step 11: If you would like to exclude any group to be prevented from scanning on your End-Point, select ‘Excluded Groups’ tab and click the ‘Add’ button.

Profile Enclusion5

Step 12: Fill the form ‘Add Excluded Group’.

1. Click the ‘Group’ drop-down list
2. Choose the appropriate group from the drop-down. Example: Windows System Applications
3. Click ‘OK’ button

Profile Enclusion6

Profile Enclusion6b

Step 13: Click ‘Save’ button to save excluded list.

Profile Enclusion7

**Use the profile with the device and perform the scan over the device.

How to configure and manage file ratings from windows profiles?

Step 1: Go to ITSM > CONFIGURATION TEMPLATES > ‘Profiles’ menu and select the ‘Create Windows Profile’ menu from the drop-down presents after the ‘Create’ icon is clicked.

file_rating1

Step 2: Fill the form ‘Create Windows Profile’ presents there.

1. Enter the name of the profile you would prefer for into ‘Name’ field. Example, Setting File Rating

2. Enter the purpose or summary or any text to explain about the profile into ‘Description’ field

3. Click the ‘Create’ button

file_rating2

Check whether you have properly created with the given information. If not, please click the ‘Edit’ icon and modify the required content.

file_rating2b

Step 3: Click the ‘Add Profile Section’ icon and select the ‘File Rating’ menu from the drop-down menu.

file_rating3

 

Step 4: Fill the form ‘File Rating’ presents from under the ‘File Rating’ tab.

1. Enable Cloud Lookup (recommended) – It is recommended to the ‘Cloud Lookup’ analyze the unknown files from the endpoint.

2. Analyze unknown files in the cloud by uploading them for instant analysis – Allows you to analyze the files instantly

3. Enable upload metadata of unknown files to the cloud.

4. Show cloud alert – If disabled, automatically applies “Block and Terminate” action to the malware detected by cloud scanning.

5. Detect potentially unwanted applications – Allows you to analyze unwanted Softwares and files which are potentially not recommended.

6. Auto purge is enabled – Only the files whose absolute path is specified and which no longer exist will be purged. That is, only the local unrecognized files will be affected.

7. Custom FLS access ports – If you would like FLS to communicate through given UDP port or TCP port, please enable this option and provide the configuration details.

8. Enable report for non-executable files – CCS sends reports to ITSM for non-executable files, If the option is enabled.

9. Show non-executable files – ITSM shows non-executable files from the endpoints once the option is enabled.

10. Click the ‘Save’ button.

file_rating4a

Check the field information after saving the form. If not properly given, you may click the ‘Edit’ button and modify them.

file_rating4b

** The configuration is effective when you run the profile over devices only.

How to export a profile from ITSM then import it as a new profile

The profiles are used to apply the defined settings to the enrolled devices in ITSM.

A profile can be reused by a exporting the existing profile. Import the profile and the profile has all defined setting except the following “Monitoring Settings”, CCM Certificate Settings’, ”Procedure Settings’. You can add or remove the setting from the profiles as per the need and apply it the devices.

Export a Profile

Step 1: Go to “Configuration profiles” -> “Profiles” menu.

Step 2: Go to “Profiles” tab. Select the check box of the profile from the list (Example: “Advanced Security setting” profile )and click the “Export Profile” button.

”Export Profile Information” dialog box appears with a warning message.

Click ‘Confirm’ button.

Step 3: The profile will be exported. Note: The profile will be saved in “.cfg” format.

Import a Profile

Step 1: Go to “Configuration profiles” -> “Profiles” menu.

Step 2: Go to “Profiles” tab. Click “Import” button.

1. Select “Import from Exported Profile” from the drop-down.

2. Navigate to the path where the file is saved and select the file and click ‘Open’. Example: Advanced_Security_setting.cfg

 

3. The profile will be imported.

Step 3: The user can edit the profile as per the requirements and apply it to the devices.

Example: General setting has been edited.

How to configure antivirus settings in Windows Profiles

The guide helps how the user to configure Antivirus Settings through a profile. The settings include all low-level details to be parameterized from ITSM hence the Realtime Scan (at the time of threats encountered), Scans (when the user invoke scan explicitly) and Exclusions (excludes specific paths, applications, and built-in groups) are executed as per the user conditions and expectations.

Step 1: Go to ITSM > CONFIGURATION TEMPLATES > ‘Profiles’.

Step 2: Click ‘Create’ icon and choose the ‘Create Windows Profile’ from the drop-down menu.

Step 3: Fill the form with Name, Description of the profile and Click Create button

Step 4: Click ‘Add Profile Section’ icon and choose ‘Antivirus’ from the drop-down menu.

Step 5: Click ‘Confirm’ button to confirm the ‘Device Restart Alert’.

Note: Wait for few seconds to get the Antivirus tab on the page – There are important parameters are available to complete the setup such as Realtime Scan, Scans and Exclusions.

Step 6: Let us have a look at ‘Realtime Scan’.

Options with the explanation:

  • Enable Realtime Scan (recommended)’ – This option enables virus scanning when your computer is used and prevents threats before they enter your system.
  • Enable scanning optimizations (recommended)’ – Use this option to activate the performance improving technologies for Realtime Scanning.
  • Run cache builder when the computer is idle’ – To boost the scanning, ITSM runs the Cache Builder when the computer is idle.
  • Scan computer memory after the computer starts’ – Scans the computer memory when the computer starts up
  • Show Antivirus alerts’ – Antivirus shows alerts when malware is encountered, if not selected then Antivirus does not show the alert
  • Quarantine threats’ or ‘Block threats’ – If ‘Quarantine threats’ is selected then threats are quarantined. If ‘Block threats’ is selected then threats are blocked directly.

‘Decompress and scan archive files of extension(s)’ – decompresses and scans the files which are in the defined extensions.

To add or edit or remove extensions from the section, please follow the steps below:

To Add Extensions:
Click over the link Extensions: value1, value2, …, valueN

Click ‘Add’ button from the pop-up form.

Enter the Extension only without ‘.’ (DOT) and ‘*’ (Asterix) and click ‘OK’ button.

Check whether the given extension is created in the pop-up table and then click ‘OK’ button if you finish adding extension.

To Edit Extension:
Click over the link Extensions: value1, value2, …, valueN.

Use the ‘Edit’ icon on the pop-up form.

To Remove Extension:
Click over the link Extensions: value1, value2, …, valueN.

Select the appropriate check box of the extension and click ‘Remove’ icon then click ‘OK’ button.

  • Set new on-screen alert timeout to (sec.) – number of seconds the alert stays on the screen.
  • Set new maximum file size limit to (MB) – number of files within the limit is set to be scanned on access.
  • Set new maximum script size limit to (MB) – number of script files within the limit is set to be scanned on access.
  • Use heuristic scanning – level of sensitivity of detecting unknown threats [Low – fewest false positive, Medium – false positive more than low level and High – possible false positive]

Step 7: Select the ‘Scans’ tab.

Options with the explanation:
Check you have desired profiles from the table to enable it. If not, you can create a new profile and enable the profile for scans.

  • To add items, click ‘Add’ button.

User can add files, folders, and region to be scanned.
Add File:
Click ‘Add File’ icon.

Enter the full path of the file and click ‘OK’ button.

Add Folder:
Click ‘Add Folder’ icon
Enter the path of the folder and click ‘OK’ button

Add Region:
Click ‘Add Region’ icon -> ‘Region’ drop-down.

Select any value from the drop down then click ‘OK’ button.

Options:

  • Enable scanning optimizations – This option increases the scanning speed significantly.
  • Decompress and scan compressed files – This option allows the scanner to decompress archive files e.g. .zip, .rar, etc. during scanning.
  • Use cloud while scanning – This option allows the scanner to connect to the cloud to query file ratings.
  • Automatically clean threats – When the threats are identified, perform the selected action automatically.
  • Show scan results window – Show results of scheduled scans and scans launched from a remote management portal.
  • Use heuristics scanning – Use the selected level of sensitivity while scanning heuristically.
  • Limit maximum file size to (MB) – While scanning, if a file size is larger than specified, it is not scanned.
  • Run this scan with – Priority of scanner determines how much of the computer resources are used among other tasks.
  • Update virus database before running – This option makes sure the database is updated before running the scan.
  • Detect potentially unwanted applications – Potentially unwanted applications are programs that are unwanted despite the possibility that users consented to download it.

Schedule:

  • Frequency – Choose any option of Do not schedule this task, Every day, Every week and Every month.
  • Run only when computer is not running on battery – If you want to save the battery power of laptops you can enable the option.
  • Run only when computer is idle – If you want to do not disturb your (user) work, enable the option.
  • Turn off the computer if no threats are found at the end of the scan – Enable the option when you want to shutdown the computer once the scanning is complete.
  • Check whether you have the profile listed on the table which was created.

If you want to edit the specific profile then use the edit icons from the table per profile.

Step 8: Select the ‘Exclusions’ tab and click ‘Add’ button.

Enter the Path and click ‘OK’ button. To add more paths, repeat the steps.

Select the ‘Excluded Applications’ tab and click the ‘Add’ button.

Enter the full path of the application installed and click ‘OK’ button – To add more applications, repeat the steps.

Select the ‘Excluded Groups’ tab and click the ‘Add’ button.

Click on the field ‘Group’ drop-down.

Select any value from the ‘Add Excluded Group’ drop-down then click ‘OK’ button.

 

Step 9: Click ‘Save’ button to save all the parameter’ setup.

Step 10: Once the information is saved then click ‘Profiles’ menu and check whether the name of the profile is available on the table.

How to configure basic Firewall settings in a Windows Profile

Firewall Settings allows the users to set the parameters of Firewall Components.

Step 1: Go to ITSM > ‘CONFIGURATION TEMPLATES’ -> ‘Profiles’.

Step 2: Click ‘Create’ icon and choose the ‘Create Windows Profile’ from the drop-down menu.

Step 3: Enter the Name, Description of the profile and click the ‘Create’ button.

Step 4: Click ‘Add Profile Section’ and choose ‘Firewall’ from the drop-down.


Step 5: Click ‘Confirm’ button.

Note: There are some necessary settings to be completed to continue further on advanced firewall profile such as:

Step 6: Fill the form loads from ‘Firewall Settings’ tab.

Explanation:

1. Enable Firewall (recommended) – Enables firewall which filters inbound and outbound traffic.

i. Custom ruleset – Firewall protect the endpoint based on the user rulesets (Described in Application Rules).
ii. Safe mode – Application access connection based on the Comodo ratings and suppose a new application’ access is found then you will be prompted whether trust the application and allow the connection or not.
iii. Training mode – Automatically creates the ruleset based on the application behavior (Monitors the network connection and resource of the connection).

2. Show popup alerts – You get alerted when the firewall find new request. If you would like to hand over the decision to Comodo then Disable the option and use the “Auto action” option as follows.

3. Auto action:

i. Allow Request – Allows requests automatically if the connection is trusted.
ii. Block Request – Blocks requests automatically if the connection is not trusted.

4. Turn traffic animation effects on – CIS on the endpoint displays an animation icon for incoming (yellow down arrow) and outgoing (green up arrow) connection. Hence to the endpoint to do so, you will have to keep the option enabled. If you don’t want the effect on the endpoint then disable the option.

5. Create rules for safe applications – There are three set of activities that are followed by Comodo to rule the application as trusted. The activities are checks the files at ‘Trusted File’ list, checks the vendor at ‘Trusted Software Vendor’ list, and constantly Updated Comodo Safelist. Hence CIS start analyzing and reconsider the safe application rules.

6. Set alert frequency level – Sets a number of alerts of Comodo generate.

i. Very High – shows each request individually (separate alerts for outgoing and incoming connection requests for both TCP and UDP protocols on specific ports and for specific IP addresses, for an application)
ii. High – Shows separate alerts for outgoing and incoming connection requests for both TCP and UDP protocols on specific ports for an application.
iii. Medium – Shows alerts for outgoing and incoming connection requests for both TCP and UDP protocols for an application.
iv. Low – Shows incoming and outgoing connection requests for an application.
v. Very Low – shows one alert for an application.

7. Set new on-screen alert timeout to (sec.) – Allows to set amount of time the alert should stay on the endpoint.

8. Filter IPv6 traffic – filter IPv6 network traffic.

9. Filter loopback traffic (e.g. 127.x.x.x, ::1) – filter traffic sent through loopback channel (http://localhost).

10. Block fragmented IP traffic – If the data are larger than the MTU (Maximum Transmission Unit) while transferring b/w two computers then the data are divided into smaller (fragmentation) and which are sent separately.

Hence the packets can create threats and can double the amount of time it takes for single packet transfer and which cause your download speed gets slow down.

11. Do protocol analysis – checks every packet conforms to that protocols standards.

12. Enable anti-ARP spoofing – If enabled, blocks requests of ARP (Address Resolution Protocol) cache.

Step 7: Click ‘Save’ button once you have completed the setup on the ‘Firewall Settings’ tab.

Step 8: Click ‘Profiles’ menu and check whether the profile has been added to the table.

How to create firewall application rules in a Windows profile

Application Rules allows the users to add or modify or remove Custom ruleset for firewall settings.

Step 1: Go to ITSM > ‘CONFIGURATION TEMPLATES’ > ‘Profiles’.


Step 2: Click ‘Create’ icon and choose the ‘Create Windows Profile’ from the drop-down menu.

Step 3: Enter the Name, Description of the profile and click the ‘Create’ button.

Step 4: Click ‘Add Profile Section’ and choose ‘Firewall’ from the drop-down.

Step 5: Click the ‘Confirm’ button.


Note: There are some necessary settings to be completed to continue further on advanced firewall profile such as:

Step 6: Select the ‘Application Rules’ tab.

Step 7: Click ‘Add’ button and Fill the form ‘Application Rule’ if you want to add more application rules. Otherwise leave the setting as in the beginning.

Step 8: Choose the choice ‘using existing target’ or ‘using new target’.

Enter the name if you would like to create a new file group target.

Choose the choice ‘using existing target’ or ‘using new target’.

If you would like to use existing target then click the ‘Browser ‘drop-down and choose the specific option from there.

Step 9: There are two possible options to continue further with adding new ruleset. Choose the option ‘Use ruleset’ or ‘Use a custom ruleset’ from the form.

  • Use ruleset – Predefined ruleset by Comodo.
  • Use a custom ruleset – Custom ruleset which can be set by the user (you).

If you would like to create a predefined ruleset, click the ‘Use ruleset’ radio button.

Options:

1. Web Browser – All applications belongs to browse the internet, Example: IE, Firefox, Chrome, Opera, and etc.
2. Email Client – All applications belongs to email client interface, Example: Thunderbird, and etc.
3. FTP Client – All applications belongs to FTP interface, Example: FileZilla, and so on.
4. Allowed Application – All applications which are set to be allowed.
5. Blocked Application – All applications which are set to be blocked.
6. Outgoing Only – All applications which are set to be allowed for outgoing connection.

Choose application category from the drop down and click O’K ‘button.

If you would like to copy from the existing rulesets, click the ‘Use a custom ruleset’ radio button and click ‘Copy from…’ drop-down.

Options:

  • Ruleset – Helps to copy from desired existing predefined rulesets.
  • Another Application – Helps to copy from desired existing user-defined rulesets.

If you want to use predefined Ruleset then choose Ruleset from the ‘Copy from…’ drop-down.

Choose desired predefined ruleset from the drop-down. Example: Web Browser.

Explanation:

From the table, you can add or remove rules or you can modify a specific rule from the table.

If you want to add rules then click ‘Add Rule’ button.

Fill the Firewall Rule form and click ‘OK’ button to submit .


Explanation:

1. Action – Allows setting the action that firewall would take over the rule.

a. Allow – If chosen, which allows the connection.
b. Block – If chosen, which blocks the connection.
c. Ask – If chosen, which asks you (user) to confirm the connection to be allowed or blocked.

2. Log as Firewall event if this rule is fired – Enabled or disabled for logging the event into Firewall Events when it is triggered.

a. Protocol – Allows setting the type of protocol for the rule.
b. TCP – If chosen, the rule applied only for TCP connection.
c. UDP – If chosen, the rule applied only for UDP connection.
d. TCP or UDP – If chosen, the rule applied only for TCP or UDP connection.
e. ICMP – If chosen, the rule applied only to ICMP connection.
f. IP – If chosen, the rule applied only for IP connection.

3. Direction – Allows setting the direction of the connection

a. In – Incoming connection.
b. Out – Outgoing connection.
c. In or Out – Either Incoming or Outgoing connection.

4. Description – Allows describing the rule.

5. Source Address – Allows you to apply the rule for the Address of the device that tries to access your endpoint.

6. Destination Address – Allows you to apply the rule for the Address of the device that your endpoint tries to access it.

Options:

Exclude – If enabled, allows to set up devices to be excluded from the rule

 

  • Type – Types of the Address of the device
  • Any address – any devices
  • Hostname – device that has the same name of hostname
  • IPv4 address range – device from the range of IP addresses
  • IPv4 single address – device from the same IP address
  • IPv4 subnet mask – device from the same subnet mask
  • IPv6 single address – device from the same IP address
  • IPv6 subnet mask – device from the same subnet mask
  • MAC address – device that has the same MAC address
  • Network zone – device that belongs the same network zone
  • Source Port – Allows you to apply the rule for the port number or ranges of the device that tries to access your endpoint
  • Destination Port – Allows you to apply the rule for the port number or ranges of the device that your endpoint tries to access it

Options:

  • Exclude – If enabled, allows to set up the port number or range to be excluded from the rule
  • A port range – port from the range of ports
  • A set of ports – port from the set of ports
  • A single port – port which is same of the given port
  • Any – any port

Check whether you have the specified rule and click ‘OK’ button.

Step 10: Check whether you have the application rule on ‘Application Rules’ and click ‘Save’ button.

Step 11: Click ‘Profiles’ menu and check whether the profile has been added to the table.

How to create firewall global rules of the firewall in windows profile

Global Rules allows you to create rules setting which are used globally.

Step 1: Go to ITSM -> CONFIGURATION TEMPLATES -> ‘Profiles’.

Step 2: Click ‘Create’ icon and choose the ‘Create Windows Profile’ from the drop-down menu.

Step 3: Enter the Name, Description of the profile and click the ‘Create’ button

Step 4: Click ‘Add Profile Section’ and choose ‘Firewall’ from the drop-down.

fw_global_rule4

Step 5: Click the ‘Confirm’ button.

Note: There are some necessary settings to be completed to continue further on advanced firewall profile such as:

Step 6: Select the ‘ Global Rules’ tab and click the ‘Add’ button if you would like to add a new rule.

Fill the form Firewall Rule and click the ‘OK’ button to submit the rule.

Step 7: Check whether you have the rule on the table and click ‘Save’ button to submit the changes.

Step 8: Click ‘Profiles’ menu and check whether the profile has been added to the table.

How to create firewall rule sets in windows profile

Rulesets allows you to combine rules as ruleset as a predefined one.

Step 1: Go to ITSM > ‘CONFIGURATION TEMPLATES’ -> ‘Profiles’

Step 2: Click ‘Create’ icon and choose the ‘Create Windows Profile’ from the drop-down menu.


Step 3: Enter the Name, Description of the profile and click the ‘Create’ button.

Step 4: Click ‘Add Profile Section’ and choose ‘Firewall’ from the drop-down.


Step 5: Click ‘Confirm’ button.


Note: There are some necessary settings to be completed to continue further on advanced firewall profile such as:

Step 6: Select the Rulesets tab and click the ‘Add Ruleset’ button if you would like to add new Ruleset.

Options:

Name – Enter the name if you want to customize.

Copy from… – Select the ruleset if you want to copy existing ruleset for the new ruleset.

If want to use predefined ruleset,

Select Ruleset from ‘Copy from …’ drop-down.

Select the desired one from the ‘Please select …’ drop-down and click ‘OK’ button.

Check whether you have the added ruleset on the table and click the ‘Save’ button.

If you want to use user-defined ruleset,

Select ‘Another Application’ from the ‘Copy from …’ drop-down.

Select the desired one from the ‘Please select …’ drop-down and click ‘OK’ button.

Check whether you have the added rule set on the table and click the ‘Save’ button to submit your settings.


Step 7: Click ‘Profiles’ menu and check whether the profile has been added to the table.

How to create and control firewall network zones in a Windows profile

This guide helps the user to configure trusted ports or block untrusted ports from Windows profile.

Step 1: Go to ITSM > ‘CONFIGURATION TEMPLATES’ > ‘Profiles’.

fw_portset1

Step 2: Click ‘Create’ icon and choose the ‘Create Windows Profile’ from the drop-down menu.

Step 3: Enter the Name, Description of the profile and click the ‘Create’ button.

Step 4: Click ‘Add Profile Section’ and choose ‘Firewall’ from the drop-down.

<

Step 5: Click the ‘Confirm’ button.

Note: There are some necessary settings to be completed to continue further on advanced firewall profile such as:

Step 6: Select the ‘Port sets’ tab and click ‘Add’ button if you want to add one more port set.

Name – Enter the port set name.
Click ‘Add’ button if you would like to add port.

Options:

  • Exclude – If enabled, the given port should not be included in the firewall port set.
  • Any – Any port can be added into the port set.
  • A single port – A single port given in the form only can be added into the port set.
  • A port range – From the range of port given in the form will be added into the port set.
  • Click ‘OK’ button.

Check the added port is available in the table Ports and click ‘OK’ button.


Step 7: Check the port set has been added into the Port sets table and click ‘Save’ button to submit the complete setup.

Step 8: Click ‘Profiles’ menu and check whether the profile has been added to the table.

How to create and control firewall port sets in a Windows profile

This guide helps the user to configure trusted ports or block untrusted ports from Windows profile.

Step 1: Go to ITSM > ‘CONFIGURATION TEMPLATES’ > ‘Profiles’.

Step 2: Click ‘Create’ icon and choose the ‘Create Windows Profile’ from the drop-down menu.

Step 3: Enter the Name, Description of the profile and click the ‘Create’ button.

Step 4: Click ‘Add Profile Section’ and choose ‘Firewall’ from the drop-down.

Step 5: Click the ‘Confirm’ button.

fw_rule_set5a
Note: There are some necessary settings to be completed to continue further on advanced firewall profile such as:

Step 6: Select the ‘Port sets’ tab and click ‘Add’ button if you want to add one more port set.

Name – Enter the port set name.

Click ‘Add’ button if you would like to add port.

fw_portset6b

Options:

  • Exclude – If enabled, the given port should not be included in the firewall port set.
  • Any – Any port can be added into the port set.
  • A single port – A single port given in the form only can be added into the port set.
  • A port range – From the range of port given in the form will be added into the port set.
  • Click ‘OK’ button.

How to control CCS client access password

Guide to set the desired password or Administrator password to access the CCS interface on the endpoint. Hence the CCS Interface Access is controlled and protected by the password provided in the profile. This setting can be done as a new profile or in be an existing profile but except the default profiles.

Step 1: Launch the ITSM.

css_access_pw1

Step 2: Go to CONFIGURATION TEMPLATES > ‘Profiles’ and select the profile or you can create a new profile.

css_access_pw2

Step 3: Verify the basic details of the profile and click ‘Add Profile Section’ and select the ‘Client Access Control’ from the drop-down menu.

css_access_pw3
Step 4: Select the check box of Comodo Client Security if not selected.

1. Computer Administrator
2. Custom Password

css_access_pw4

  • Computer Administrator – Enables CCS to be accessed by Administrator’ Password of the Endpoint.
  • Custom Password – Enables CCS to be accessed by user defined password.

Note: Setting up both options can also be possible and that allows you to access the CCS by either of Administrator’ Password or Custom Password by the time.
When the endpoint user enters the correct password, the system will not ask for the password in the following 15 minutes for improving the usability.

Step 5: Apply the profile on the device and reboot the device to get the profile settings effective on the endpoint. Now, as a user, if I try to update the ‘Advance Settings’ then the client will prompt for credentials.

css_access_pw5

 

Heuristic Command Line analysis

By default, the executables such as *\cmd.exe, “*\python.exe” are available in parses list of the heuristic command-line analysis. If the executables are enabled, Comodo Internet Security performs the heuristic analysis on the program/scripts that are run by these executables. Thereby all the security check will be done for the files.

Enable or Disable Heuristic Command Line analysis for the the executables:

Step 1: Go to ‘Configuration Templates’ menu and select the “Profiles” from the drop-down. Select a profile from the list, to which you want to apply the heuristic analysis.

Step 2: Go to ‘HIPS’ tab, checkbox of “Do heuristic command-line analysis for” and click “Certain Applications” link.

It loads the “Parses” dialog box. It includes the list of applications for which the heuristic analysis can be performed.

The python executables are now added to the list. The python executables “*\python.exe”, ”*\pythonw.exe” are being enabled by default. The executables can be either enabled or disabled based on the user needs.

Step 3: A new application can also be added to list. If the user desire to perform the heuristic analysis for that executable.

Click “Add icon at the top of parses list ,enter the application name and click “Add” button.

Step 4: Click ‘Edit’ icon, to edit the name of the executables then ‘Save’ button.

Step 5: Click ‘Delete’ icon, to remove the executable.

START FREE TRIAL GET YOUR INSTANT SECURITY SCORECARD FOR FREE