Comodo One. Viewing Security Systems on ITSM
- How to view all threats identified on Android, Windows and Mac OS X devices over time on ITSM
- How to view a list of all programs that have been executed inside containment on ITSM
- How to check antivirus update status and scan statuses that are run locally
How to view all threats identified on Android, Windows and Mac OS X devices over time on ITSM
The threat files that are identified in the devices will be listed under the “Threat History“ option in ITSM. The “Threat History” displays both the removed and non-removed threats in the devices.
Step 1: Go to “Security Sub-Systems” -> Antivirus.
Step 2: Go to “Threat History” tab. The files that are classified as threats will be displayed here.
Step 3: The threats can also be sorted and filtered out using the filter. To filter the result, click the funnel button .
A dialog box appears, provide the details and click “apply” and the threats satisfies the filter data will be displayed.
1. OS – Choose the type of the OS. Example: Windows.
2. Device name – Enter the name of the device.
3. Application name – Enter the name of the application.
4. Package name/File name – For an Android, enter the name of the package and for the Windows and Mac OS X devices, give the file path.
5. Status – Mention the status of the threat. Example: Infected.
6. First detection – Provide the From and To date, between which the threat is identified for the first time. Example: 2017-12-01.
7. Last detection – Provide the ‘From’ and ‘To’ date between which the threat is identified for the last time. Example:2017-02-17.
Step 4: Select the threat file from the list and click “Clean History for this file” button.
A “Delete File History” dialog box appears.
Click confirm and the files will be removed from the list.
How to view a list of all programs that have been executed inside containment on ITSM
The rules that are set in the containment profile section identifies certain applications/files in the device. Such files will be listed under “Containment” menu in the ITSM.
The containment provides a protected environment to run such unrecognized application. The advantage of running from the containment is, the application are not allowed to access the data on the remote machines.
Step 1: Go to “Security Sub-Systems” and select “Containment” menu. All the containment files will be listed in here.
Step 2: The files can be filtered and sorted out using the filter option.
To apply filters, click the funnel icon, and fill the form and click “Apply” button .
1. Name – Enter the name of the file. Example :rundll32.exe.
2. Path – Enter the path.
3. Hash – Enter the hash value.
4. Status – Provide the status .Example: Complete.
5. Last run date – Provide the last run date. Example : From: 2017-02-08 To:2017-02-08.
6. Show ignored files – Choose the check box, to display the Ignored files.
Step 3: Click on the name of the file and view the details on “File Info” and “Device List”.
1. File Info – The detailed information about the file such as “Hash” value,”Age ”,”Version” will be available here.
2. Device List – The details of the device will be mentioned here.
Step 4: A file can be rated either as “Malicious” or “Trusted”. To rate a file, select the check boxes of one or more files and click “Rate as Trusted” or “Rate as Malicious”.
Step 5: A file can be removed from the contained list by clicking the name of the files and click the “Clean History from File List” button.
A “Delete File History” prompts open. Click “Confirm” button to remove the file.
How to check antivirus update status and scan statuses that are run locally
Antivirus update and scan status of the ITSM can be viewed through ITSM → SECURITY SUB-SYSTEMS → Antivirus. This feature enables the admin to keep track Antivirus and scan details are performing regularly on the local user machine as per the request.
Note: To run the antivirus scan, device have to installed with Comodo Client Security.
1. Observe Endpoint Antivirus scan statuses in ITSM
Step 1: Open the Comodo Client Security application in the endpoint.
Step 2: Select the scan button, on that select any scan option for performing it. The scan starts after pressing the scan button on the application. For example: Quick Scan,
Users able to keep track the application in portal. Once the scan starts one endpoint, the status of the antivirus scan will be changed to Scanning in the portal.
Step 3: On Successful Completion of the scanning process, it will be denoted as Scan Finished Status on the endpoint.
On the portal, the status of the Scan State changed to Complete after the completion of antivirus scanning on endpoint.
Users able to stop the scan if it is necessary. It can be notified as scan aborted on the endpoint.
This process has been notified in portal as canceled in scan state.
Users able to update database by selecting ‘Update’ button on the endpoint. On complete update of the antivirus scanning process will be seen as updated in the ITSM portal.
2.Quick actions on Endpoint antivirus from ITSM portal
Step 1: Go to ITSM > SECURITY SUB-SYSTEMS > ‘Antivirus’ and select the ‘Device’ in the “Device List” to perform the antivirus scan.
Step 2: Choose the type of scan to perform in the Device. On pressing the scan option the command for scan request will be sent to chosen device. Then the scan state will be changed to command sent and starts to performing the scan. For example: Antivirus Quick Scan,
Step 3: On Completion of Scanning the Scan State will be changed to Complete.
Step 4: Users can able to update the scan by enabling the update antivirus DB by selecting particular device. And then the database will been updated.
Step 5: User can stop the scan if it is necessary.