OK this might actually be a feature but the implementation in my eyes is slightly wrong.
I’ve been having an issue with installing a program so I go to One Client Security and try to disable the Firewall module temporarily on the local machine (it gives me the option of 15mins, 30mins etc by right clicking on the icon in the taskbar). But this function does not work for very long as every time Security checks back in with the Comodo server it resets itself to the Firewall being on (as I have indicated in the Profiles for the group).
In my opinion clients should be able to temporarily disable modules from their local computer to aid in diagnostic work. I would however take away the Permanently Disable option and maybe limit the Disable feature to 30 mins. This should give clients or techs enough time to solve the issue without having to go in and change the profile then re-enable the modules at a later time (or worse forget to re-enable it!).
This is by design, because it is not safe to give the ability to disable a security module. As a workaround you could stop CCC service (net stop COCCService) and disable the security module that you want. This way the module will get re-enabled in the specified amount of time and even if you forget to restart CCC service, the service will start again after the next reboot.
Hi @Nick many thanks. If this is a feature that is fine. It would be better if this disable option did not exist for clients as a menu option in order to avoid confusion.
In order to avoid the situation where a client bumps into this issue, the best solution would be to password protect the Profile. Once you do that (from the ITSM Dashboard), the client won’t even get to these options to disable modules. They will be asked for the unlock password which you’ve set in the Profile under Configuration Templates > Profiles > Client Access Control.
@John - Thanks. For anyone else wondering why they can’t see Client Access Control when they go into the Profile you need to add this section in manually - click on the Add Profile Section button as it isn’t on profiles by default.
I’d like to think that 99% of my clients would be sensible enough not to totally disable their antivirus and firewall completely - it is that 1% that you have to lock everything down for lol.
Just to let people know as well - the disable options don’t disappear by enabling this option - you just get a prompt to enter your password when you click on the disable button.
Even if you enter the password though the Module won’t be disabled anyway as it is set by your profile - which is the reason in my opinion this option should just not be there at all - it literally does nothing and by the sounds of it there is no way round it doing nothing as it is controlled by the profile settings. If it does nothing it’s taking up too much space …
The password protection added in “Client Access Control” does exactly that. It password protects the module and the agent from being uninstalled or modified from the device.
Yes, you are correct, enabling this security option will not affect the options displayed when right-clicking the CCS icon in the system tray but then again the setting was implemented for the previous reasons and not to hide the access to those options.
Hi,
sorry for my English,
I understand the discussion, but I’d like to give the possibility to Clients to disable for 15,30 … minutes the Antivirus and/or AutoContainment module for own reasons.
At the moment after some secs the modules goes active automatically.
How can I configure the DISABLE function as really functional?
Thanx
@Nick I don’t understand your point. On our environment the Endpoint settings can only be altered with Administrator privileges. So why should we disable a service by hand etc. to achieve a functionality that is implemented into the GUI?
Wouldn’t it make more sense to let the endpoint do what the local admin has clicked?
Based on my understanding on Nicks post, he advised the customer to turn off ITSM service to achieve the customers goal. Customer wants to temporarily disable some components (from AV`s GUI) which will not happen since the endpoint will always follow the command/settings set up from the cloud ( Endpoint Manager - profile ).
When we need to achieve this, we stop the ITSM service and then disable modules with Comodo Client Security on the local machine. After the work has been completed requiring AV to be disabled, start the ITSM service again and enable the modules.
Yes. As i wrote: I copied the default Profile and disabled the components in that new profile.
So what’s the point here?
You say that the more strict profile wins. The default profile is more strict. so to test or install I have to do:
remove default profile
copy that default profile and make the changes
assign new profile to that one device
what happens to all the other devices when I remove the default profile?
is this a language barrier problem here or do I have a logical issue or is it you? I really don’t know.
But to make it clear: having options in the GUI of the client to disable components, and then these changes TAKES NO EFFECT, is really bad behavior. And there is NO MESSAGE about this anywhere. Neither the User nor the Admin has any Idea why this doesn’t work.
To test an App or to check why an App doesn’t work, I have to mess around with the profiles, default profiles and whatever else, is also bad practice.
So please think about the workflow and maybe you’ll find these stumbling blocks in handling on your own.
p.s.: I don’t want to be offensive but try to give ideas for you making your great product even better.
Thanks for your feedback. We are already aware of the issue and is already fixed on our December release.
We`ll send you an email for any additional update.
Hi,
I tried the local password method on profile, but no results. In a few seconds the services goes ON automatically.
In one word the local user can’t stop the AV or containment services for delicate operations.
Correct?
Thank you
Even if you try and disable the services like AV, containment etc the ITSMService will re-apply the policy ASAP which turns it back on.
Only way to really temp disable the product is stop the ITSMService first, but be warned this will stop the remote connection software from Itarian as well.
As per checking the thread, the issue has been fixed last December 2018 and no other customer reported the same issue.
Can we know what issue you are encountering? can you give us more information please?
