Mark Duplicate Devices by MAC address
In addition to the device name, you can now use MAC addresses to identify duplicate devices. This improves search accuracy when devices in separate organizations or networks may have the same name.
Here is the wiki of this feature.
‘Added ‘Quarantined Files’ tab to the Mac OS device details. You can get a list of ‘Quarantined files’ from particular device. ’
Here is the wiki of this feature.
We improved file searches in Endpoint Manager’s Valkyrie page by adding Start/end date filters.
Here is the wiki of this feature.
Here is the wiki of this feature.
We started ‘Export to csv’ action in Audit logs (from all pages).
'Threat history' became 'Android threat history'. We continue collection all logs. But right now, all logs from Mac/Win/Linux are not available to view from Threat History page.
Fixed an issue of "Unable to add network path to Containment virtualization exclusions"
Fixed an issue of "FW blocking communication (missing cmdprots.exe in predefined file group)"
Audit logs now record all command prompt and PowerShell actions.
Here is the wiki of this feature.
Admins can now choose whether to access the remote device as the current user or as a local system user. This choice is available for file explorer, process explorer, service explorer and the command interface.
Here is the wiki of this feature.
Added ability to pause and resume file transfer.
Added ability to suspend and resume file transfer session.
Here is the wiki of this feature.
Fixed an issue of "Takeover failed to start.Connection data is invalid." while connecting to macOS devices.
Enable / Disable Patch Management from Profiles
You can now disable all patch management operations in active profiles. Admins can disable all updates/installations via:
Here is the wiki of this feature.
Here is the wiki of this feature.
Local distribution of CCC and CCS agents (Torrent)
More Granular RBAC for devices, device groups, and remote control
We improved role based access control (RBAC) for device operations, and to differentiate device operations with remote control permissions:
Results per Page Option for Device Tree
You can now view device tree with additional pagination options, as you can already in the regular device list. Users can now limit the device tree results with the following number of item options:
Added support for Ubuntu 19.0
Endpoint Manager clients now support devices using Ubuntu 19.04.
Dark Mode for Android MDM Client
Devices on Android 10+ can now switch to the MDM client to dark mode.
CCS - End of Support for Windows 7
Here is the wiki of this feature.
Profile Section Addition with Default Settings - Windows profile (HIPS/Antivirus/Containment sections): Import profile settings while adding new section
You can now schedule virus scans on specific days of the week in a Windows profile.
AV usability improvements, Windows: On demand items request operation from portal: Quarantined items
Data Loss Prevention:
You can now populate keyword groups by importing keywords from a file. This, for example, allows customers to populate the ‘Names’ group with a list of client users or employees.
New DLP monitoring rules let you block users from copying or moving files to USB devices.
Added ‘Quarantine’ action to DLP discovery rules. This lets admins isolate files containing sensitive information to prevent their exfiltration while a review of the files is in progress.
Here is the wiki of this feature.
Added ability to use the command prompt and PowerShell to manage remote devices:
Added file versioning to file transfer operations. Endpoint Manager can now rename files that have the same name as a file on the remote machine, adding a version number to the name of the new file. This allows admins to retain both versions of the file on the destination.
Clone Monitors
Users can now clone generic and network monitors
Here is the wiki of this feature.
SNMP Monitoring: Performance and Disk Monitor
Admins can now retrieve the following device information over SNMP:
Performance
CPU Usage
RAM Usage
Disk
Free space left on the system drive
Free space left on all drives
Free space change on the system drive
Here is the wiki of this feature.
Run Procedures on device groups and customer
Admins can now run procedures on all devices belonging to a customer or to a group. You can run procedures on:
Device groups
User groups
Customers
Here is the wiki of this feature.
Fixed the issue of scheduled procedures being executed outside of the maintenance window.
Security Vulnerability Notifications
Added recipient logic for 'Security Vulnerability' notifications
Improved patch information
Patch Management interface now shows the most recent successful and failed patch scans dates for OS and 3rd party patches.
Maintenance mode for Windows 7
Comodo Client Security Mac – Added support for macOS Catalina
Mac OSX Catalina Support
Endpoint Manager agent now supports Mac OSX 10.15 Catalina
Improved processes for old and duplicate devices
Changes made to the device list to help admins identify and deal with old/duplicate devices.
Forward CCC logs to SIEM tool
You can now forward CCC logs to a SIEM server, emulating the feature already available for CCS.
Dark Mode for iOS MDM Client iOS clients on devices
with iOS 13+ can now switch to Dark Mode
Data Loss Prevention:
New discovery scans allow you to audit and control sensitive data on a network. Discovery rules let you scan for specific document types and patterns, and to create scan exclusions. We also added discovery scan logs.
Split the 'Unrecognized and Quarantined files' scan into 2 separate scans. This allows admins to run highly targeted scans which are relevant to their needs.
Added ability to cancel ‘in-progress’ uploads or downloads in the file transfer feature
Added ability to drag and drop files between local and remote machines
Added ability to select and delete multiple files
Added ability to search and sort files and folders
File transfer dialog now closes automatically once the transfer is complete
Added Mac OSX Catalina support
Fixed the issue of a monitor still being triggered after it is removed.
Fixed the issue of RMMService using x86 architecture download link for x64 applications while performing software upgrade operation
Fixed the issue of RMMService running at 25% CPU constantly.
Fixed the issue of monitoring tickets not being closed automatically when metrics goes down below threshold.
Added ‘Reboot Pending’ status to patch manager
New ‘Reboot Pending’ status informs you that a device needs to be restarted for the patch to become effective
Fixed the issue of incomplete logs for third party application installations.
Fixed the issue of third party patch procedure failing on Microsoft OneDrive.
Split ‘Unrecognized and quarantined files’ scan into two separate scans
Schedule antivirus scans on specific days of the week.
More Granular Role Management
Updates to the role management interface include:
‘Read Only’ mode added to roles
Added as a master-switch on the permissions screen, ‘read only mode’ allows users to view pages in Endpoint Manager, but not makes changes nor download reports.
Separate Proxy Settings for CCC & CCS
You can now configure separate proxy settings for the communication client and the security client. Previously, both clients had to use the same settings.
Support for Android 10
Endpoint Manager now supports mobile devices which use Android 10 OS (KNOX is excluded)
Export License Details
Can now export license data from the following pages:
New restriction added to iOS profiles
Added ability to disable personal hotspots on iOS devices.
Scan DLLs loaded by processes
Added new option, 'Monitor DLL files loaded by running processes', to ‘Advanced Protection’ > ‘Miscellaneous’
Improved Windows Boot Protection
Comodo Client Security (CCS) now monitors untrusted DLLs & autoruns before the CCS service launches. This includes untrusted apps and unknown PE files which attempt to load via system vulnerabilities.
Add virtual desktop support for the 'Windows Fax and Scan' application
Windows fax and scan can now access COM/DCOM interfaces direct from the virtual desktop.
Additional Valkyrie options
Added ability to submit files for ‘Automated and human-expert analysis’. This option is available if you have a premium Valkyrie license.
Removal Tool
New tool allows you to quickly uninstall Comodo Client Security.
Protected Objects in Containment Section
Ability to add protected data and registry keys in the containment section
You can now tell the remote control tool to revert to a direct internet connection if your proxy server fails
Added 2 Factor Authentication for Endpoint Manager logins on Remote Control application.
You can now create favorite folders and view recent directories in the file transfer window.
Improved logs for the remote tool application.
MacOS Monitoring
You can now monitor the following items on Mac OS devices:
Active Directory Discovery
New discovery feature locates any unenrolled devices in your Active Directory (AD) network. You can run AD discovery scans with or without a probe device.
Fixed the issue of a monitor still being triggered after it is removed.
Expanded the database of CVEs in the vulnerability management tab (‘Applications’ > ‘Vulnerability Management’)
Added ability to start scans from a scan profile
Changes to client security UI
You can now resend staff activation emails from ‘Management’ > ‘Staff’ ● CCS removal tool added to the ITarian ‘Tools’ page.
You can now remove or hide purchased modules from the store interface.
You can now use any valid character in your ITarian sub-domain.
Added support for the following languages:
Fallback connections for proxy servers
You can now tell CCC and CCS to use a direct internet connection if your proxy server is not reachable for any reason.
Two-factor authentication on standalone Endpoint Manager
Two-factor authentication has been an option on Comodo One and ITarian portals for some years now. With this release, we extend the feature to the standalone version of Endpoint Manager.
Endpoint Manager admins can now:
Flag and remove options for old and duplicate devices
New device management options allow admins to:
Support for iOS 13
Endpoint Manager now supports mobile devices running on iOS 13.
Change Passwords Manually
You can now manually reset an Endpoint Manager user account password. Admins can now specify, or auto-generate, a new password on behalf of users.
Shellcode injection moved to Miscellaneous tab
The shellcode injection option has been moved from the HIPS section of a Windows profile, to the ‘Miscellaneous Settings’ section. This was done for consistency with the Windows security client (CCS)
‘Skipped’ status added to antivirus logs
Antivirus logs in the security dashboard now state ‘Skipped’ if a file was not scanned. The new description is more useful for troubleshooting purposes than the previous description of ‘Unknown’.
Ability to restore disabled services, autoruns and scheduled tasks
You can now view all disabled services, autoruns and scheduled tasks in the ‘Antivirus’ area of Endpoint Manager. Admins can re-enable these items on selected devices, or all devices.
Proxy Configuration Fallback
Admins can now have the Remote Control tool revert to a direct connection if their proxy is unavailable.
File Transfer Improvements
The latest release sees the following incremental improvements to remote file transfers:
Procedure workflows:
You can now receive reports after a procedure is successful on targeted devices.
More details about a failed procedure have been added to auto-generated Service Desk tickets.
Fixed bug which caused the RMM service to crash (specifically RMMService 6.30.29303.19090)
OS patching on vulnerable devices
Admins can now install operating system patches on at-risk/vulnerable devices.
Improvements to the patch manager log collector
Scan DLLs loaded by processes
Added new option, 'Monitor DLL files loaded by running processes', to ‘Advanced Protection’ > ‘Miscellaneous’
Improved Windows Boot Protection
Comodo Client Security (CCS) now monitor untrusted DLLs & autoruns before the CCS service launches. This includes untrusted apps and unknown PE files which attempt to load via system vulnerabilities.
Scan from VDT session or via 'Windows Fax and Scan' application
Added list for application which allowed to access COM/DCOM unrestricted from containment and be a part of configuration.
Monitor Un-trusted DLLs & autoruns before CCS service launches
Added new option "Use direct connection if proxy is unreachable" the Proxy and Host settings.
Two-factor authentication added to Unknown File hunter (UFH)
After setting up 2FA in the portal, users will also be able login to UFH with the same system of Google Authenticator codes.
Onboarding Wizard for Enrollment
Device enrollment process is redesigned and made much more easier. Now you will be able to enroll and protect your device in a single wizard, with a couple of clicks.
With this feature, administrators will be able to:
Apple DEP Integration
iOS devices which are added to DEP can now be enrolled automatically with Apple DEP integration. All iOS devices that are managed over DEP will be synced automatically into Endpoint Manager.
With this feature, admin will be able to:
For more information about Apple DEP, please visit DEP Guide
Device Tree in Security dashboard pages
Displaying VD Logs on Security Subsystems
Now, you will be able to track Virtual Desktop logs inside Event View tab on Security Dashboards.
Virtual Desktop status in Device list
There will be a new column as "Virtual Desktop" in device list, which indicates whether virtual desktop session is initiated or not. There will be 3 different icons:
Ability to disable network ccsm realtime antivirus scans from MacOS Profiles
Now, you will be able to enable/disable realtime antivirus scans directly from Endpoint Manager Portal MacOS Profiles
Device Tree in Security dashboard pages
Similar to Device List section, device tree is added in Security Dashboards so that you can view and take action for specific device groups.
SNMP Monitoring
With this feature, you will be able to use SNMP monitoring to monitor network devices as well. Also it is possible to:
Auto Enrollment for Network Devices
Now, it is possible to define auto enrollment preferences for network discoveries.
Clearer, Filterable, Exportable Procedure Logs
With this feature, exporting data, procedure log and status appearance and procedure details are improved.
Showing Results
With this feature, now it is possible to email scheduled procedure logs and procedure details and logs are improved.
CVE Visibility - Vulnerability Management
Now, you will be able to detect vulnerable devices among the enrolled devices and see CVE details.
ITSM Service Inventory
Now, you will be able to Remote Connect to the endpoint silently (without disturbing the user) and manage the services inventory.
Multi-language support on Remote Control app for Mac OS devices
You can use Remote Control app for Mac OS devices in German, French, Portuguese and Chinese.
Multi-language support on Remote Control app for Windows devices
You can use Remote Control app for Windows devices in German, French, Portuguese and Chinese.
Proxy Mechanism for Clients
You can now specify local endpoints as proxies from which other endpoints can collect installation packages and database updates. This helps save network traffic and accelerates package deployment when a large number of endpoints are involved.
You distribute the following packages with this feature:
Virtualization Exclusions for Removable Media
You can now exclude removable media such as USB sticks and external drives from virtualization. Doing so allows apps in the Virtual Desktop to write and make changes to specific media attached to the endpoint. This provides another way to export data from the Virtual Desktop in addition to Shared Space.
You can configure these exceptions in the ‘Containment’ section of an Endpoint Manager profile.
Set Custom Disclaimer for Virtual Desktop
Expanding our white-label options, you can now configure a custom disclaimer message for the Virtual Desktop. Users must accept the disclaimer before starting the virtual session.
You can configure the disclaimer in the ‘Containment’ section of an Endpoint Manager profile.
Allow User to Override Virtual Desktop settings
When enabled, Endpoint Manager will not reverse local Virtual Desktop settings that are different to those in the endpoint's profile. Ordinarily, Endpoint Manager checks devices to see if the local settings match those in the device profile. It will re-implement the profile settings if it detects any deviation.
The new setting gives admins greater flexibility and control over individual endpoints. For example, you can now disable the exit password on a specific endpoint, avoiding the need to create a whole new profile just to accomplish this one task.
This addition complements the existing override option in the ‘Client Access Control’ section of a profile, which allows local changes to *every* CCS setting. Admins can now allow local override of just the virtual desktop settings, while preventing changes to other CCS settings.
You can configure the override setting in the ‘Containment’ section of an Endpoint Manager profile.
Show only Virtual Desktop settings on endpoint
New option to only show virtual desktop options when users click the CCS tray icon on an endpoint. End-users can then access and launch the virtual desktop, but cannot change other CCS settings.
This feature is useful when used with the override option described above.
You can configure this setting in the ‘UI Settings’ section of an Endpoint Manager profile.
Auto-updates disabled by default in CCS
Automatic updates to the CCS client are now disabled by default in predefined profiles. This change was made after valued feedback from our customers who manage complex, sometimes delicately balanced networks. To avoid potential disruptions, customers prefer to be notified when updates are available so they can review them before installation.
New default actions for unknown autorun entries
This setting determines what CCS should do if an application tries to create/modifiy a service, auto-start entry, or scheduled task. You can find it at ‘Configuration Templates’ > ‘Profiles’ > open a level 2 or 3 profile > Click the ‘Miscellaneous’ tab.
The previous default was ‘Ignore’. The new defaults are:
You can find background information on this setting at Help Center
File Transfer: Folder Transfers
You can now send/receive folders via file transfer in the Remote Control application.
You can track folder transfer status in the file transfer queue pane.
Role-based access control for Remote Control file transfer
You can now limit file transfer capabilities for specific devices and/or device groups.
Similarly, you can now limit file transfer capabilities by role.
‘Virtual Desktop only’ mode
As mentioned in the Endpoint Manager section earlier, we have added the ability to show only virtual desktop options when users click the CCS tray icon on an endpoint.
When enabled in a profile, CCS will only show these two items when you click the tray icon:
End-users cannot access any other area of CCS.
Improved password policy for the Virtual Desktop
Admins can prevent end-users from accessing the local computer by setting an ‘exit’ password on the Virtual Desktop. Once set, users will need to enter the password if they want to switch from the virtual environment to the local environment. We added the following settings to improve the security of this password:
Detection of msi installation through URL
Added a default containment rule that prevents the installation of msi packages via a URL in a command line. This feature is tightly coupled with Script Analysis as it will be detected in the list of enabled interpreters.
Virtualization exclusions for removable media.
Under default conditions, apps in the virtual desktop write to a virtual file system, and cannot save changes to the host or any peripherals. As covered earlier, you can now create exceptions to this rule for specific removable media. Creating such an exception allows users to more easily export data from the virtual desktop to USB sticks, external storage drives, or CD/DVD.
Extended Virtual Desktop Logs
Virtual desktop logs have been moved out of the ‘Containment Logs’ section and now have their own section. This improves log visibility and makes it easier to conduct investigations, analysis and forensics.
Disable real time scans on network items
Real time virus scans are now optional for items on shared network drives. This can improve performance by eliminating needless scans on write-restricted files. If an endpoint does not have the rights to delete/quarantine files in a shared folder anyway, then there is little reason to scan them at this point. Any files copied to the endpoint will, of course, still be scanned locally.
External Device Control logs
We added event logs for the USB control rule. The rule allows admins to block the use of USB devices on Linux endpoints. The new logs let you analyze events where there was an attempted breach of the rule.
Bulk installation packages for Linux
Customers can now create bulk installation packages of the Linux communication and security clients, simplifying the mass-enrollment of Linux devices. A much requested feature, MSPs can now use the same fast setup process they currently use for Windows and MAC devices.
Improved Maintenance Windows
A maintenance window is a designated time-slot for your Endpoint Manager procedures to run. You can assign multiple procedures to a single window so they all run at the same, convenient time. Since introducing the feature in the last release, we’ve made several improvements to make maintenance windows even more useful:
Individual maintenance window settings
The previous version allowed you to add multiple maintenance windows to a profile, and to set whether you want to randomize task start times and/or stop monitors during the window. However, you had to use these same randomize and monitor settings for all maintenance windows on the profile. The June release lets you create different settings for each window, and we’ve also added some totally new settings:
Set procedure options for non-responsive devices:
Block the following tasks if someone tries to run them outside of the maintenance time-slot:
Automatic reappraisal of quarantined items
This new scan type lets you re-check all quarantined items on your endpoints to identify and restore false-positives. The new scan will be added to predefined profiles by default. You can find the related settings in under Scan Profiles under Antivirus settings.
Additional Virtual Desktop Settings
The virtual desktop is a sandbox environment in which users can run programs and browse the internet without fear those activities will damage the endpoint. Applications in the virtual desktop are isolated from other processes, write to a virtual file system, and cannot access user data. Admins can even set up their endpoints so users and guests log straight into the virtual desktop, denying them access to the host.
We added the following new features and settings to the virtual desktop:
Linux and Mac antivirus logs now available in ‘Security Dashboards’
CCS antivirus events on Linux and Mac endpoints are now recorded as logs in the security dashboard. This is part of our commitment to create a truly centralized event management system for endpoints of all stripes.
Full Parent Process Tree for Contained Applications in ‘Containment’
Virtualized application with process name and id are recorded including all process tree starting from the first contained one. With the help of this feature, investigation of the containment can be done with more details. You can display the logs by clicking the file name in Parent Process column in File Details under Containment. A pop-up will be prompted with the tree which will show the exact recorded chain for the contained application in corresponding device.
Maintenance Window compliance warnings
Endpoint Manager will warn you if you set an end-time for a patch procedure which is outside that of the maintenance window. The warning will list the maintenance window times so you can adjust accordingly.
Passing Parameters for Custom Script Monitors
You can now use custom procedures with parameters when creating a monitor.
Procedure Log Enhancements
You can now filter execution logs by the following columns:
New fields added to device execution logs. You can now export these logs with the following additional fields:
The engineering team investigated the issue from the first day of the incident, as some firewall-sourced connectivity issues were reported from some customers. Eventually, the issue is identified as it sourced from the complications of Firewall module refactoring during the transition from v11.1 to 11.2. Therefore, it has been decided that these refactorings should be reverted in this release. Internal tests and the tests on several customer environments were completed successfully. The team will keep working in depth to prevent recurrence of similar incidents. Due to this reversion, a few recent Firewall features will disappear. The detailed feature list can be found below. Please note that these features were not reflected to Endpoint Manager. Therefore, it will not require you to make any changes on your configuration under usual circumstances.
License expiration mails are extended with:
AV DB, CCC, CCS Update Management
Last production AV DB, CCC and CCS versions will be available with distributed on-premise solution without internet connection requirement (admin have to configure profile update from his own domain)
License Management for Advanced Endpoint Protection
With this release, you will be able to manage licenses for Advanced Endpoint Protection to manage licenses for devices with Comodo Client Security is installed.
Maintenance Windows
You will be able to define maintenance windows in order to create a planned maintenance calendar. With this feature:
This feature is will be the first version. In the upcoming releases you will also be able to have below features:
blocking below on demand tasks or warning about it to the related staff
Support for operating systems
We continue to develop Endpoint Manager as the platform which lets you manage EVERY device on your network or your customer’s network. In addition to the existing list, you can now enroll devices which run the following operating systems:
Countdown timer for Training Mode.
This feature enables you to set a restriction for HIPS and Firewall modules to run in Training Mode for a specified time period. The major benefit is that CCS running in Training Mode for a long time on endpoints may overwhelm by creating excessive amount of rules which results in performance issues on the endpoints.
Valkyrie section in MacOS Profiles.
We’re proud to introduce our unique cloud file analysis system, Valkyrie to MacOS endpoints. Now, your unknown executables files (e.g. .dmg and Mach-o files) detected on MacOS endpoints will be sent to Valkyrie and be analyzed whether they are trusted or malicious. You can enable this component and unknowns on your system can be analyzed and required action taken on them automatically.
Valkyrie section in Linux Profiles.
We’re proud to introduce our unique cloud file analysis system, Valkyrie to Linux endpoints. Now, your unknown executables files (e.g. .elf and other executables) detected on Linux endpoints will be sent to Valkyrie and be analyzed whether they are trusted or malicious. You can enable this component and unknowns on your system can be analyzed and required action taken on them automatically.
Security Dashboards - Device View.
A brandnew approach to your system security monitor. With this feature, you will have an overall look to the security events based on the device that they takes place. By aggregating the security events per device, you will have the ability to display each device per the latest event and related CCS component. With the expandable line capability, you can expand and check for the latest events from the each component that reports any to the portal.
Restore Affected Autorun entries.
With this feature, the suspicious autorun entries (e.g autoruns, Windows Services, scheduled tasks) and the target files will be reported to the portal with the action taken on them. You can see their current statuses whether they are blocked or quarantined, or ignored. Furthermore, you can enable the disabled service back and restore the quarantined files affiliated with that entry. Since you have more control on your system now, you can strengthen your autoruns policies in Miscellaneous section to enhance the protection level on your systems.
Virtual Desktop.
With this feature, you can start managing Virtual Desktop environment, which was introduced in previous release of CCS. The current abilities in Profiles -> Containment-> Virtual Desktop are:
You’ll now have access to folder support via File Explorer:
File Transfer via Remote Control Application
Long waited File Transfer via Remote Control Application will be available with the April release!
What is next for File Transfer?
Create Discovery Widget
You will be able to create network discoveries even easier with two steps with necessary information, while creation process.Here is the wiki of this feature.
Schedule Discoveries
Network discoveries can now be scheduled daily, weekly or monthly. You can set schedules for different time periods.
Device View for Discovered Devices
You can now view summary and network details of a discovered device by clicking device name inside discovered devices list.
Device Type
Devices can be differentiated by type from now on. There will be "Device Type" in Device List and Discovered Devices List. Each Type of device will be represented in different icon. You will be able to easily change the type of a device manually.
Available Device Types are:
Passing Parameters for Auto Remediation
You will also be able to use procedures with parameters in auto remediation section while creating a monitor.
Procedure Logs
Procedure Log Statuses are now colored for better traceability.
Enriched Virtual Desktop functionalities.
We keep improving our recently introduced tool to make it more beneficial and easy to use.
PIN protection for the paused session.
When enabled, a PIN will be automatically generated for the paused session and displayed to the user. Then, user can continue his session when gets back to the endpoint by keeping the previous work on the endpoint.
Re-branding options.
The background, Comodo related icons can be rebranded for a more flexible usage.
Management of the applications to be presented on Virtual Desktop.
User can select which application icons to be shown on Start Menu and on the desktop so that Virtual Desktop users have access to the specified items easily.
Option to select users to be forced into Virtual Desktop at login.
Now, you can select the user types and specifis users which you want them to directly land on Virtual Desktop session when they login to the endpoint with their credentials.
Firewall for Windows Servers.
We completed the work for a better protection and are proud to announce Firewall for Windows Servers. Now, Firewall module can be installed and configured on your server systems. By default, CCS is installed without the firewall component because server environments require fine-tuned configuration.
Advanced Firewall Application Rules criteria.
With this feature, you can create more granular Firewall application rules which can check:
‘At Risk' status on Windows Servers.
The agent will switch to “At Risk” status when Containment is disabled. This information will be reported to Endpoint Manager and be reflected to the status icon in Device List as well.
Valkyrie Integration.
We are proud to announce CCS for Mac has integrated to Valkyrie, the cloud file analysis system of Comodo. When CCS detects an unknown executable file (e.g. .dmg and Mach-o files) whose size is smaller than 150 MB, it will upload the file to Valkyrie. When analysis is completed, the verdict will be applied to the file and the agent will block the file unless it is a trusted one. You can enable this component and unknowns on your system can be analyzed and required action taken on them automatically.
TLS 1.2 Upgrade.
To comply with the best industry security practices, we are upgrading the protocol used in our security client to Transport Layer Security (TLS) 1.2.
Similar to our MacOS addition, we added Valkyrie to CCS for Linux.
When CCS detects an executable with an unknown trust rating, it will upload the file to Valkyrie for behavior testing. The test results will tell CCS whether the file is trustworthy or malicious. CCS with either allow or block the file based on the result.
TLS 1.2 Upgrade
To comply with the best industry security practices, we are upgrading the protocol used in our communication client (CC) to Transport Layer Security (TLS) 1.2 You will need to make sure that the version of CC on your Windows (XP, 2003 Server, 7 and 2008 Server) devices is version 6.16.10680.18030 or higher before 07-01-2019 (July 1st 2019).
Logged in User
Added the ability to see the user logged into a device in the ‘Device List’. You can search, sort and filter according to this new field.
Improved heuristic analysis and embedded code detection settings.
With this feature, interpreter interactions with suspicious autoruns items can be configured separately for each interpreter type. This means even better protection against malicious code triggered by Windows start-up and auto-run items. You can configure the feature in the new ‘Script Analysis’ section in Profiles.
New ‘Script Analysis’ section. ‘Heuristic Command Line Analysis’ and ‘Embedded Code Detection’ have been moved to the new script analysis section in a profile. This provides more granular management of security components.
New additions to file explorer functionality. We know you’ve been looking for these and we’re excited to deliver!
New remote folder operations:
Network Management
We are proud to announce the addition of a brand new section for network management. The first feature in the new section is ‘Network Discovery’, and we’ll be adding many more network capabilities in upcoming releases.
Network Discovery:
Custom scripts failures for monitoring
With this release, custom scripts monitors could be setup by ability to select the trigger for script failures.
Prevent registry keys from being read by contained applications.
You can now stop the virtualization of specific registry keys by the containment module. This will prevent unknown applications from reading potentially sensitive data held in those keys (write access is already disabled by default). You can access the setting in CCS at ‘Advanced Settings’ > ‘Containment’ > ‘Protected Objects’
Option to disable real time scans on network items.
Real time virus scans are now optional for items on shared network directories. This will improve system performance because, if an endpoint does not have the rights to delete or quarantine items in shared folders anyway, there is less reason to run real time scans on them. Network files that are copied to the endpoint will, of course, still be scanned and handled locally.
Antimalware Scan Interface (AMSI) Integration.
CCS now provides even better malware protection via our integration with Microsoft AMSI. This means deeper software scans and stronger protection for your endpoints. The option is disabled by default, but can be enabled in ‘Advanced Settings’ > ‘AV Settings’ > ‘Real time scan’.
Virtual Desktop.
With this brand new component, you can virtualize your entire desktop and perform all tasks within a fully virtual environment. Everything!! Applications running in the virtual desktop are isolated from the rest of the endpoint, write to a virtual file system, and cannot access personal data. This makes it ideal for surfing the net without risk and even for testing out beta/unstable software. You can save any data you wish to keep to a special folder called ‘Shared Space’, which the host system can also access. You can launch the virtual desktop from CCS at Containment Tasks > Run Virtual Desktop. Go ahead and try it!
Admins can also set the following items for the virtual desktop:
‘Protected Objects’ are now under containment settings.
‘Protected Data’ and ‘Protected Keys’ have been moved to ‘Advanced Settings’ > ‘Containment’. This improves UI consistency by grouping these two items with related features and settings.
TLS 1.2 Upgrade
To comply with the best industry security practices, we are upgrading the protocol used in our security client to Transport Layer Security (TLS) 1.2.
New enrollment options for macOS Devices
You can now enroll macOS devices to Endpoint Manager without needing to first install a device profile. This also applies to bulk enrollments.
This lets customers use Endpoint Manager to manage security on Mac devices while continuing to use their preferred platform for general Mac management.
Apple only allow one portal to use the protocol which manages devices. This caused problems with customers who wanted to use Endpoint Manager in conjunction with another MDM platform. The new enrollment method solves this issue and lets Endpoint Manager co-exist with solutions from other vendors.
Note. If you use this type of enrollment you will not be able to manage the following sections in an Endpoint Manager profile:
Export functionality for Audit logs
We added exporting mechanism to Audit Logs section.
ITarian branded Android and iOS mobile agents
The iOS and Android agents will be renamed as ‘Mobile Device Management Client’, published by ITarian. The following branding changes will apply to iOS and Android agents:
Support for the latest operating systems
We continue to develop Endpoint Manager as the platform which lets you manage EVERY device on your network or your customer’s network. In addition to the existing list, you can now enroll devices which run the following operating systems:
Audit Logs
Improved log interface. Both old and new values are now shown in logs which record changes to UI Settings.
Export functionality added to the ‘Security Dashboards’ section
You can now export security component logs from the ‘File View’ and ‘Event View’ tabs.
Click ‘Security Sub-Systems’ > ‘Security Dashboards’ to open the security dashboard.
File Rating Columns added to security dashboards
Added ‘Admin’ and ‘Comodo’ rating columns to the ‘File View’ and ‘Event View’ tabs. Both new columns show old and current values.
The ‘Old’ rating is the file rating before the event occurred. ‘Current’ rating is the most recent verdict since the event.
File Details in Security Dashboards
You can now view more granular details about files caught by Endpoint Manager security components. Security components include the antivirus scanner and file-rating scans.
From January, you can select a file then click the ‘File Details’ button to view:
File Details
File History
A detailed breakdown of a file’s activity on your endpoints. You can see all endpoints on which the file was found, the security component that detected it, and the action that was taken against the file.
You can take the following actions from this page:
Admins can now set remote tool options in profiles.
You can now configure access for different Remote Tools - File Explorer and Process Explorer. The following options are available:
Silent control
Take control without notifying the end-user
Ask then allow (waiting time is configurable in seconds)
Ask end-user permission but take control anyway if they don't respond within a set time
Ask then deny access (waiting time is configurable in seconds)
Ask end-user permission but close the connection if they don't respond within a set time
Do not allow
Prohibit remote take-over of target devices associated with this profile.
Show notification
Display a message on the target device which states that a remote session is active and the name of the admin who is connected. If enabled, you can also set the following:
Support for the latest operating systems.
We continue to develop the platform which lets you manage EVERY device on your network or your customer’s network. In addition to the existing list, you can now remote control to your managed endpoints which are running on macOS 10.14.
Support for the latest operating systems.
We continue to develop the tools which lets you manage EVERY device on your network or your customer’s network. In addition to the existing list, you can now remote access to your unmanaged endpoints which are running on macOS 10.14 through our standalone application.
You can now monitor operating system patch events.
Operating system patches can be monitored by patch classification, severity level and other conditions. OS patch event logs are available in ‘Device list’ > device > ‘Logs’ > ‘Monitoring Logs’. Here is the wiki of this feature.
Admin rating lookups from Local Verdict Server are handled in the background when a file is executed.
File rating flow is enhanced with a refactoring of Local Verdict Lookups. Now, file launches are not be affected by rating checks, which improves the performance of endpoint.
Parent process tree in Containment Logs.
Now, starting from the first initiator of a contained application, all process tree is available in Containment Logs in CCS. You can display the very first application of a contained process and detect which application is the first one contained.
Restore disabled and quarantined Autoruns items.
As the extension of Windows Boot Area Scan and Monitoring features, now you can manage the items which are blocked and quarantined by these abilities. Following actions are available in CCS General Tasks>Unblock Autoruns section:
Unblock: Enable selected scheduled task/Windows Service/Autostart entry which was disabled previously.
When you unblock an item, related executable file will be restored from quarantine. Unless an exclusion rule is created for that file or its rating is changed to Trusted, it will be quarantined while the same autoruns item is disabled.
Delete: You can delete an autoruns item from its original location.
If you delete a scheduled task item from this list, it will be removed from Windows Scheduled Tasks as well.
Blocking specific external device.
Now, it is possible to block only specific external devices. By selecting a currently plugged-in device or entering a device ID, you can create rule to block it in Device Control section. By doing so, you have the option to allow a whole device class with some exceptions.
Detection of firewall driver status in Windows network adapter settings.
From now on, status of Comodo Firewall adapter, which is installed to Windows Network & Internet settings, is monitored. When it is disabled by any reason, it will be detected and logged by CCS automatically. When such event occurs, Security Status Information section is switched to “At Risk” status by stating “Firewall driver is disabled in network adapter settings” message. In addition, you can set CCS to re-enable it from Firewall Settings section. By default, the functionality is enabled in “Log Only” mode.
Defining size limits for archive files scanned by Real-time AV.
With this functionality, you can manage file size limits for archive file types to be decompressed and scanned during real-time AV scan. By configuring limits for specific files extensions, you can optimize your endpoint performance.
Program Updates options removed from CCS Updates Settings
Program updates options removed in Updates tab in order to solve management and security issues.
Automatically Download Program updates and Automatically Install Program Updates in Critical Situations options are removed from endpoint UI.
Hiding Website filtering section in CCS UI
CCS UI upgraded to solve management and authorization issues by hiding Website Filtering section. Also we provide more clear view and a better user experience by hiding Website Database Update Filtering by default.
Periodic updates of Local Verdict Server is refactored in order to be handled at a separate schedule.
Now, Antivirus Database updates and Local Verdict Server updates will be performed as different tasks in different schedules. By default, LVS updates is checked at every 1 hour.
Skipping online resource look-ups in case of no internet connection.
In order to improve performance of the endpoints, CCS checks the status of Internet connection before performing online look-ups such as Antivirus DB updates, file submission to Valkyrie. In case of no available internet connection, these lookups will be skipped to prevent resource consumption. This setting is disabled by default.
Updated CCS installation package according to Microsoft requirements.
CCS Installation package is refactored so that registration of our product to Windows Security Center could be completed smoothly. Thus, CCS installation routine is compatible with latest requirements of Microsoft.
Support for the latest operating systems
We continue to develop Endpoint Manager
as the platform which lets you manage EVERY device on your
network or your customer’s network. In addition to the existing list, you can now enroll
devices which run the following operating systems:
Audit Logs
Export scope
Enrollment Instructions
Support for the latest operating systems
We continue to develop Comodo Client Security for Linux to let you manage and
secure every possible device on your or your customer’s network.
In addition to the existing list, you can now enroll devices
which run on Ubuntu 18.04