[April] What's New on Endpoint Manager?

Hello everyone,

This document contains detailed notes about Endpoint Manager release, scheduled to go live Saturday 04/13/2019.

The release is expected to take 3 hours to deploy, during that time platform will be under maintenance mode. Post-deployment tests are expected to continue until 4pm EST during which you may observe minor glitches. If you observe any issues, please feel free to share with us below.

Endpoint Manager

Endpoint Manager - Core

New Features

  • License Management for Advanced Endpoint Protection
    You can now manage Advanced Endpoint Protection (AEP) licenses in the Endpoint Manager. Apart from general license management, you can also:
    • Distribute seats from a single license to different customers, and assign seats from multiple licenses to the same customer.
    • Create license usage reports to track the activities of a specific license.
    • Get notifications when your licenses are about to expire. Here is the wiki of this feature.
  • Maintenance Windows
    You can now define maintenance windows in order to create a planned update calendar. With this feature, you can:
    • Create maintenance windows for specific time frames.
    • Schedule procedures to a specific window.
    • Randomize task running order to prevent performance issues.
    • Stop monitors in the defined maintenance window time frame
      	This is the first phase of this feature. Future releases will see the ability to block specific tasks, pause maintenance windows on holidays and procedures to handle offline devices. <a href="https://wiki.itarian.com/frontend/web/topic/how-to-create-maintenance-windows">Here </a>is the wiki of this feature.
  • Management of Communication and Security Client Versions
    You can now set a specific version of the communication and security clients as your default. The default version will be used for enrollment, bulk installation, client updates and dashboard sections. You can also specify which version of the client can be installed or updated by your staff. This helps admins to ensure that older versions of the clients are not introduced to the network, and that incompatible clients are not inadvertently installed.

    Here is the wiki of this feature.

  • Support for operating systems
    We continue to develop Endpoint Manager as the platform which lets you manage EVERY device on your network or your customer’s network. In addition to the existing list, you can now enroll devices which run the following operating systems:
    • Windows Server 2003 SP2
    • Windows Server 2008 SP2
    • Windows Server 2012
Bug Fixes
  • Fixed the issue of uninstallation of softwares from global software inventory.
  • Fixed the issue of event count alignment with portal dashboard and list in security sub systems.
  • Fixed the issue with CCSM version in device list exported report.
  • Fixed the issue of e-mail and help link shared in question mark at top right of the screen.
  • Fixed the issue of addition of file group with sign “?”.
  • Fixed the issue with warning while adding iOS application to iOS app store.
  • Fixed the issue of high CPU usage for Android mobile device management clients.
Endpoint Manager - Security

New Features

  • Countdown timer for ‘Training Mode’ lets you specify that HIPS and Firewall only run in training mode for a specific period. Staying in training mode for extended periods can create an excessive amount of rules, resulting in performance issues on endpoints. Here is the wiki of this feature.
  • Added Valkyrie sections to MacOS and Linux profiles. Unknown executables detected on MacOS endpoints can now be uploaded to Valkyrie for testing. Once enabled, unknown files like dmg, Mach-o and .elf are automatically sent to Valkyrie to establish whether they are trusted or malicious. Here is the wiki of this feature.
  • Security Dashboards - Device View. The new view aggregates security events by device, letting you view the latest events on a particular device the related CCS component. Here is the wiki of this feature.
  • Restore suspicious autorun entries. You can now monitor the current status of suspicious Windows Services and scheduled tasks etc, and restore the item and any quarantined files affiliated with the entry.
  • New management capabilities for the Virtual Desktop:
    • Password Protection. If enabled, users will need to enter a password in order to close the virtual desktop. This prevent guests or regular-users from closing the virtual desktop and potentially exposing the computer to danger.
    • Launch Virtual Desktop upon user login. Starts the virtual desktop automatically as soon as the endpoint is booted. Enable this setting in CCS at ‘Advanced Settings’ > ‘Containment’ > ‘Virtual Desktop’.
    • Automatically reset Virtual Desktop on session termination. Resetting the virtual desktop provides privacy and security by removing all user data and undoing all system changes.
  • Added WerFault.exe, the Windows error reporting tool, to "Windows system applications" file group. It can now be easily excluded from security policies in CCS.

Ayhan Epik,
Product Manager, Endpoint Manager

Just to clarify, On Saturday, after your platform update and before CCS updates on endpoints, if we change the default version from the new release to the current [], endpoints will not update? Also, is there any way yet through the platform, to roll back to an earlier version of CCS on an endpoint?

Hello @nct ,

Let me explain this feature a bit more.

For your first question, right now, with this feature, you will be able to set up default version from Settings -> Portal Setup. This means that every on demand action for updating and installing mechanism will be available to use in the portal like enrolling devices, creating bulk installation packages, using “Install or Update Packages” section.
If you are talking about auto update mechanism in Windows Profiles -> Updates section, then, this will only be available if your “Communication Client” are up to date with released version. Otherwise it is not possible to use auto update in profile for both communication and security clients.

For the second question, you will be able to take this action right now by deleting CCS and installing older version using this new feature. We are also working on removal tool for CCS. Thus, it will serve you for these cases, too.

Thanks for your valuable interest and feedback! Let me know if you need anything!

Product Manager, Endpoint Manager