Somehow the security client have been deleted from an endpoint but ITSM still shows it as all is good!
It’s a server device, so this is a BIG issue.
I have a many errors in the event viewer like this,
“DCOM got error “2” attempting to start the service cmdAgent with arguments “Inte tillgänglig” in order to run the server:
{FF101135-6584-46E7-8AA1-8FCD1FCA5042}”
“The COMODO Internet Security Helper Service service failed to start due to the following error:
The system cannot find the file specified.”
In the “Program Files” folder, there is a folder named “COMODO Internet Security - Old”,
C:\Program Files\COMODO\COMODO Internet Security - Old
So I think it’s and update that gone wrong? But I can’t figure out why ITSM showing all good, when CIS isn’t running.
The reason why you are getting the error is because the client security path was changed.
You might also noticed an error code 0x80070002 on your portal which also means the system cannot find the file specified.
The software is actually installed but you might need to remove the suffix “OLD” and restart the affected endpoint.
After the reboot of your endpoint, you will be able to update the client security from the portal to the latest version.
This behavior is a known issue and was fixed in the current version so we expect that you will not
get this kind of error message again.
Where exactly should I see this,
“You might also noticed an error code 0x80070002 on your portal which also means the system cannot find the file specified.”
Error code 0x80070002 means that ITSM agent detected that CCS is registered as installed security product (as shown in your screenshot)
but it didn’t find “cmdagent.exe” in C:\program Files\Comodo\Comodo Internet security\ folder
since the path was changed due to the suffix old. So after the next reboot ITSM showed 0x80070002 error.
The main thing is 0x80070002 means "CCS is installed but path to cmdagent.exe is not found.
Ok… But shouldn’t I get some kind of e-mail notification if such things happens? Or a notification in the C1 Portal. Can I somehow generate a report to see if more computers are affected by this?
I didn’t read what that warning triangle said… Because for the moment I have no other devices with that warning triangle. Can I then be sure that CCS is working and alive on the devices?
This behavior is a known issue from CCS 10.0.0.6281 and was fixed in the latest version 10.0.2.6397 so we expect that you will not
get this kind of error message again.
We advise to always check if you are on the latest version of the software.
Ok, thanks for the information. But how do I see on computers that CCS isn’t running? Is there some kind of script for this, so I can get an error message by mail or something?
Hi @Noiden
This can be checked in the associated profile of the endpoint if the CCS settings are disabled or not. Also, there’s the yellow triangle with the exclamation point in the Device List (in the ITSM portal). You can also set a Monitor in the associated profile to check if the CCS processes (cis.exe, cistray.exe) are running or not.
@Rick_C Ok, cool. Do you have a predefined script for this? Or should it monitor the “Comodo Internet Security Helper Service”? Because even if cis.exe is not running, is that Helper Service protecting? Or what does that do?
I added settings like this,
And yeah, default alert when any of this conditions are met.
Hi @Noiden
The conditions you’ve set up in that screenshot is good enough. It’s just a matter of testing them further if you want to refine the alerts to your preference.
No (premade) scripts are available but if you are looking to run (or set up) a specific task/report, just feel free to drop by the Automation Scripts Library sub-forum to request one.
Unfortunately, @Noiden the monitor you set up in one Profile can not be directly added (like copy+paste) to another Profile. You will only need to create them in another Profile if the target device is not associated with the existing Profile (with the monitor). A Profile, by the way, can be associated to a whole device group (company) or a select number of devices.
This kind of response from Comodo support is pretty unaccepatble. This was an issue in an upgrade they sent out, it renamed the Comodo Internet Security folder to Comodo Internet Security Folder - old, they DID create a script to correct this (I know because I had about 30 computers affected by this). Why are you providing different advice to different users. This is the rename folder script, you just need to set the variables: https://scripts.comodo.com/frontend/web/topic/rename-a-folder I’m totally unclear how Comodo can deploy an update that impacts large swaths of installed user base and be totally cavalier about making it our problem to correct.
The ITSM program is the management module of the Comodo fleet of apps, so to speak; it manages the installation of other modules, the remote control aspect (now that they’re rolled that into this program rather than a stand alone) and profile management (I assume there are XML files or the like that it downloads from the console with all of the settings you put in place on the console). It also allows you to execute procedures which gives you a huge amount of administrative power to do things on multiple endpoints at once, the procedures are what they use to kick off patch management (they didn’t write their own patch management they simply utilize the windows agents on each PC if I understand correctly). It’s a very good architectural design and frankly most A/V vendors do somethings similar (an update agent that’s separate from the end point protection), it’s just Comodo is a lot more towards the logical conclusion of a really smart design than most others.
I got a script from you to monitor if CCS is running… but when I try it it fails, I have e-mailed you the answer in the ticket e-mail, but can’t mail to you right now, because your e-mail server think’s I’m SPAM…
So I write the answer here,
Hmm… I get “Failed” on that script.
I don’t know what running state 000 means… but according to CCS/AEP it’s running fine.
