Comodo One. Viewing Security Systems on ITSM
- How to view all threats identified on Android, Windows and Mac OS X devices over time on ITSM
- How to view a list of all programs that have been executed inside containment on ITSM
- How to check antivirus update status and scan statuses that are run locally
- How to filter files that don’t exist on any endpoint
- How to view all common list of files with verdicts over “File List”
How to view all threats identified on Android, Windows and Mac OS X devices over time on ITSM
The threat files that are identified in the devices will be listed under the “Threat History“ option in ITSM. The “Threat History” displays both the removed and non-removed threats in the devices.
Step 1: Go to “Security Sub-Systems” -> Antivirus.
Step 2: Go to “Threat History” tab. The files that are classified as threats will be displayed here.
Step 3: The threats can also be sorted and filtered out using the filter. To filter the result, click the funnel button .
A dialog box appears, provide the details and click “apply” and the threats satisfies the filter data will be displayed.
1. OS – Choose the type of the OS. Example: Windows.
2. Device name – Enter the name of the device.
3. Application name – Enter the name of the application.
4. Package name/File name – For an Android, enter the name of the package and for the Windows and Mac OS X devices, give the file path.
5. Status – Mention the status of the threat. Example: Infected.
6. First detection – Provide the From and To date, between which the threat is identified for the first time. Example: 2017-12-01.
7. Last detection – Provide the ‘From’ and ‘To’ date between which the threat is identified for the last time. Example:2017-02-17.
Step 4: Select the threat file from the list and click “Clean History for this file” button.
A “Delete File History” dialog box appears.
Click confirm and the files will be removed from the list.
How to view a list of all programs that have been executed inside containment on ITSM
The rules that are set in the containment profile section identifies certain applications/files in the device. Such files will be listed under “Containment” menu in the ITSM.
The containment provides a protected environment to run such unrecognized application. The advantage of running from the containment is, the application are not allowed to access the data on the remote machines.
Step 1: Go to “Security Sub-Systems” and select “Containment” menu. All the containment files will be listed in here.
Step 2: The files can be filtered and sorted out using the filter option.
To apply filters, click the funnel icon, and fill the form and click “Apply” button .
1. Name – Enter the name of the file. Example :rundll32.exe.
2. Path – Enter the path.
3. Hash – Enter the hash value.
4. Status – Provide the status .Example: Complete.
5. Last run date – Provide the last run date. Example : From: 2017-02-08 To:2017-02-08.
6. Show ignored files – Choose the check box, to display the Ignored files.
Step 3: Click on the name of the file and view the details on “File Info” and “Device List”.
1. File Info – The detailed information about the file such as “Hash” value,”Age ”,”Version” will be available here.
2. Device List – The details of the device will be mentioned here.
Step 4: A file can be rated either as “Malicious” or “Trusted”. To rate a file, select the check boxes of one or more files and click “Rate as Trusted” or “Rate as Malicious”.
Step 5: A file can be removed from the contained list by clicking the name of the files and click the “Clean History from File List” button.
A “Delete File History” prompts open. Click “Confirm” button to remove the file.
How to check antivirus update status and scan statuses that are run locally
Antivirus update and scan status of the ITSM can be viewed through ITSM → SECURITY SUB-SYSTEMS → Antivirus. This feature enables the admin to keep track Antivirus and scan details are performing regularly on the local user machine as per the request.
Note: To run the antivirus scan, device have to installed with Comodo Client Security.
1. Observe Endpoint Antivirus scan statuses in ITSM
Step 1: Open the Comodo Client Security application in the endpoint.
Step 2: Select the scan button, on that select any scan option for performing it. The scan starts after pressing the scan button on the application. For example: Quick Scan,
Users able to keep track the application in portal. Once the scan starts one endpoint, the status of the antivirus scan will be changed to Scanning in the portal.
Step 3: On Successful Completion of the scanning process, it will be denoted as Scan Finished Status on the endpoint.
On the portal, the status of the Scan State changed to Complete after the completion of antivirus scanning on endpoint.
Users able to stop the scan if it is necessary. It can be notified as scan aborted on the endpoint.
This process has been notified in portal as canceled in scan state.
Users able to update database by selecting ‘Update’ button on the endpoint. On complete update of the antivirus scanning process will be seen as updated in the ITSM portal.
2.Quick actions on Endpoint antivirus from ITSM portal
Step 1: Go to ITSM > SECURITY SUB-SYSTEMS > ‘Antivirus’ and select the ‘Device’ in the “Device List” to perform the antivirus scan.
Step 2: Choose the type of scan to perform in the Device. On pressing the scan option the command for scan request will be sent to chosen device. Then the scan state will be changed to command sent and starts to performing the scan. For example: Antivirus Quick Scan,
Step 3: On Completion of Scanning the Scan State will be changed to Complete.
Step 4: Users can able to update the scan by enabling the update antivirus DB by selecting particular device. And then the database will been updated.
Step 5: User can stop the scan if it is necessary.
How to filter files that don’t exist on any endpoint
Purged File(s) which are permanently removed old and unneeded data from the endpoints. Security clients of the windows now updating the auto-purged files into the ITSM. Admin can retain the purged file by this new feature.
Step 1: Click ‘SECURITY SUB-SYSTEMS’ menu then click “Application Control” from the drop -down. It will list all type of files (Trusted, Malicious, Unrecognized and None) available in the endpoints.
Step 2: View the purged Files.
Click the ‘Filter’ option at the top right. Select check box “Show Purged File(s)” and click ‘Apply’ button. It will list out all the purged file with the detail of type, Comodo Rating and Admin Rating.
Step 3: To get the file detail. Select the file and then click “File Details” button . It displays the file details such as version, path of the file etc and device list also.
Step 4: If any of the purged file has malicious behavior or trusted or unrecognized , its admin rating can be changed.
Select the appropriate file from the list then click “Change Rating” drop-down and choose the appropriate rate. Finally the admin rating of the file is changed.
How to view all common list of files with verdicts over “File List”
Admins can able to preview all common list of files with verdicts over “File List” tab under Security Sub-Systems> Application Control menu. Unrecognized, trusted, malicious tabs are merged which allows admins to monitor all the common list of the file verdicts in a unified menu.
Step 1: Go to ‘SECURITY SUB-SYSTEMS’ –> ‘Application Control’. It will display all the common files as a list under the categories such as trusted, malicious, unrecognized.
Step 2: To view trusted files under Comodo Rating use ‘Comodo Rating’ filter.
For viewing the trusted files approved by admin can be filtered by using ‘Admin Rating’ filter.
Step 3: To view unrecognized files on the list of common files use ‘Comodo Rating’ filter.
Unrecognized files based on admin rating it can be filtered as,
Step 4: Likewise malicious files can also be seen as a list on Comodo Rating.
Admin approved malicious files are shown under admin rating,