Release Candidate of Comodo ONE & ITarian Operation Platform for April(2019-04-13)

This document contains detailed notes about the April 2019 release, scheduled to go live Saturday 04/13/2019.

The release is expected to take 5 hours to deploy, during that time platform will be under maintenance mode. Post-deployment tests are expected to continue until 4pm EST during which you may observe minor glitches. If you observe any issues, please feel free to share with us below.
Important Notice! - The release for the new version of Comodo Client Security for Linux will be made later. The new date will be announced.

Endpoint Manager

Endpoint Manager Core

New Features

License Management for Advanced Endpoint Protection

You can now manage Advanced Endpoint Protection (AEP) licenses in the Endpoint Manager. Apart from general license management, you can also:

• Distribute seats from a single license to different customers, and assign seats from multiple licenses to the same customer.
• Create license usage reports to track the activities of a specific license.
• Get notifications when your licenses are about to expire.

Here is the wiki of this feature.

Maintenance Windows

You can now define maintenance windows in order to create a planned update calendar. With this feature, you can:

• Create maintenance windows for specific timeframes.
• Schedule procedures to a specific window.
• Randomize task running order to prevent performance issues.
• Stop monitors in the defined maintenance window time frame

This is the first phase of this feature. Future releases will see the ability to block specific tasks, pause maintenance windows on holidays and procedures to handle offline devices.

Here is the wiki of this feature.

Management of Communication and Security Client Versions

• You can now set a specific version of the communication and security clients as your default. The default version will be used for enrollment, bulk installation, client updates and dashboard sections. You can also specify which version of the client can be installed or updated by your staff. This helps admins to ensure that older versions of the clients are not introduced to the network, and that incompatible clients are not inadvertently installed.

Here is the wiki of this feature.

Improvements

Support for operating systems

• We continue to develop Endpoint Manager as the platform which lets you manage EVERY device on your network or your customer’s network. In addition to the existing list, you can now enroll devices which run the following operating systems:
  • Windows Server 2003 SP2
  • Windows Server 2008 SP2
  • Windows Server 2012

• Fixed the issue of uninstallation of softwares from global software inventory.
• Fixed the issue of event count alignment with portal dashboard and list in security sub systems.
• Fixed the issue with CCSM version in device list exported report.
• Fixed the issue of e-mail and help link shared in question mark at top right of the screen.
• Fixed the issue of addition of file group with sign “?”.
• Fixed the issue with warning while adding iOS application to iOS app store.
• Fixed the issue of high CPU usage for Android mobile device management clients

New Features

• Countdown timer for ‘Training Mode’ lets you specify that HIPS and Firewall only run in training mode for a specific period. Staying in training mode for extended periods can create an excessive amount of rules, resulting in performance issues on endpoints.

Here is the wiki of this feature.

• Added Valkyrie sections to MacOS and Linux profiles. Unknown executables detected on MacOS endpoints can now be uploaded to Valkyrie for testing. Once enabled, unknown files like dmg, Mach-o and .elf are automatically sent to Valkyrie to establish whether they are trusted or malicious.

Here is the wiki of this feature.

• Security Dashboards - Device View. The new view aggregates security events by device, letting you view the latest events on a particular device the related CCS component.

Here is the wiki of this feature.

• Restore suspicious autorun entries. You can now monitor the current status of suspicious Windows Services and scheduled tasks etc, and restore the item and any quarantined files affiliated with the entry.
• New management capabilities for the Virtual Desktop:
  • Password Protection. If enabled, users will need to enter a password in order to close the virtual desktop. This prevent guests or regular-users from closing the virtual desktop and potentially exposing the computer to danger.
  • Launch Virtual Desktop upon user login. Starts the virtual desktop automatically as soon as the endpoint is booted. Enable this setting in CCS at ‘Advanced Settings’ > ‘Containment’ > ‘Virtual Desktop’.
  • Automatically reset Virtual Desktop on session termination. Resetting the virtual desktop provides privacy and security by removing all user data and undoing all system changes.

• Added WerFault.exe, the Windows error reporting tool, to "Windows system applications" file group. It can now be easily excluded from security policies in CCS.

• Fixed the issue of not reporting some contained files
• Fixed the loading issues with “Something went wrong” message in Application Control.
• Fixed the issue of time inconsistency of Containment events in Security Dashboards

File Explorer - Folder Support

• The remote tools feature lets you browse managed devices, perform folder operations, and now you can transfer folders to/from devices through Upload and Download functionalities right from Endpoint Manager in addition to file transfer operations.

You can find the related wiki here

Remote Control

New Features

File Transfer via Remote Control Application

• Use the Remote Control application to transfer files to and from managed devices. Go to the device list to initiate your session.
• Initiate File Transfer sessions through Endpoint Manager
• Use the queue panel to queue file transfers and start/stop transfers
• Create, rename, delete files/folders on the remote device
• Run File Transfer simultaneously when you are in a Remote Control session.

You can find the related wiki here

Next for File Transfer:

• Role based access control, device profile settings, and audit logs.
• Additional ways to start and manage file transfers.

• Wrong device status on Endpoint Manager portal and/or Remote Control application, misleading users to initiate a remote connection.
• Remote Control application returned error while connecting due to an underscore on the customer name which was not supported by the framework standards. The issue is fixed by extending these cases to cover as well.

New Features

‘Create Discovery’ tile – New shortcut lets you create discoveries faster than ever.

You can find the related wiki here

Scheduled Discoveries

• Schedule daily, weekly or monthly discovery operations. Choose the time of day that the operation runs.

You can find the related wiki here

Device Type

• You can now assign labels to your managed devices so you can easily identify their type at a glance. Each device has a different icon and you can easily change a device’s type when required.

Available Device Types:

• Router
• Printer
• UPS
• Switch
• Load Balancer
• Firewall
• Workstation
• Server
• Mobile
• Other
• Unknown

You can find the related wiki here

Improvements

• Procedure log statuses are now colored for better traceability.

• Fixed the issue of RMM agent not monitoring events from "Microsoft-Windows-Windows Defender/Operational" channel.
• Security Client Events monitoring is started with delay when endpoint is restarted, in order to prevent CCS communication error.
• Fixed the issue of online/offline monitoring error.
• Fixed the issue of RMM Service consuming HDD with too much active time.
• Fixed the issue of RMM Service high disk usage on normal hard drives.
• Typo correction (“Her names”) in Discover Now widget.
• Fixed the issue of unknown application running inside container monitoring event triggering even if the containment events are ignored.
• Fixed the issue of alert emails not being sent consistently.

Bug Fixes

• Fixed the issue of Device Management view Patch Status columns shows incorrect number of missing patches.
• Fixed the issue of 'Uninstall application' for selected companies deletes applications from all devices for all companies
• Fixed the issue of PM agent not detecting Windows Update KB4462933 as available update

Release Notes April 2019.pdf (162 KB)

All is looking good team, but I do have a worry about the following

Firewall for Windows servers. The firewall component of Comodo Client Security is now available for installation. This additional layer of security lets admins control the traffic which flows in and out of an endpoint.

as firewall on servers has never need a great feature from any AV company.
How do we make sure the upgrade does not install this to our servers?

The installation process of CCS on endpoints with Windows ‘Server’ editions will still be the same @StrobeTech wherein the firewall is not included. You have to manually (consciously) add the ‘Firewall’ if you deem it important to the server’s overall security.

@BegumB All sounds great.

Looking good Team! I am excited about the continuous feature updates.

• File Transfer via Remote Control Application: Yes, yes, yes!!! I’ve been waiting for this!

And look forward to more features with RC like:
• Access to my machines from mobile app
• Automatic Reconnect after reboot!
• Lock on Disconnect
• Blank screen mode
• Thumbnail view of current remote machine’s desktop to see status
• Remote console: run small commandlines agains endpoint (reset local account passwords, ipconfig, etc.)
• Chat
• Ability to Store Credentials for the remote machine.
• Ability to Record remote sessions
• Remote console: run small commandlines agains endpoint (reset local account passwords, ipconfig, etc.)

• The Maintenance Windows is something I was looking for and can’t wait to try it out next month.
• I am glad you see the importance for Supporting All Operating systems (every device). Supporting older OS’s is still a need whether MS agrees or not.
• Excited to see the new features for License Management for Advanced Endpoint Protection.

• PLEASE continue RMM development for Mac OS with better, more enhanced features for Device Management, Device Monitoring (alerts), Script Deployments, etc.

• PLEASE continue to beef up Reporting features. I would like customers to see what is going on Weekly, Monthly, Quarterly, & Annually in a clear and professional looking format. For example, with reports I would like to have automatic reports that show: Endpoint basic info (OS, Device Details, Name, etc.), patches recently installed, Windows Updates recently installed, Applications uninstalled & installed, Service Tickets closed. This would greatly provide a brief window to customers of what they’re trusting us ITarians and hopefully prove our worthfulness.

Again, great job team and I look forward for future developments.

With the statement of “Fixed Service Desk Latency Issues”, are you saying that you also corrected the stability of the platform to keep it from crashing so much? That would include the almost 5 hour outage just today on SD for the USA servers. There was about a 1 hour outage yesterday, and the same every Monday about 8am PDT for the last 5 weeks or so.
Speed is great and all, but if it doesn’t work or you can’t get to it, what does speed matter?

Two comments:

1- Language feature, isn’t it better to have the language translation part to everything that goes to End User like emails and CCS and many other tools instead of just translating the “Portal”?..I think all of us being in this forum can read (or at least can understand) English, so no need to translate portal but Customer Side.

2- What about the old tools from Desktop RRM?. Tools like remote command shell and tools that allow fixing issues fastest that writting a script.

You guys a doing a great job, keep it up!

…Release notes continued…

Comodo Client Security

Windows

New Features

• Virtual Desktop improvements.
  • PIN protection for paused sessions. When enabled, a password is generated when a user pauses a virtual desktop session.
  • Manage which programs are shown on the Virtual Desktop and its start menu. This lets admins better control the applications available to their users.
  • Limit paused session for auto termination. This lets admins to set a time duration for a paused session to be terminated automatically once the paused session duration exceeds the defined interval

You can find the related wiki here

• Advanced firewall rules. Granular application control rules let you control exactly how applications connect to the internet and other networks. You can also create rules which run on files with a specific trust rating, age or containment status.
• Ipv6 address ranges can now be specified in firewall rules.

• ‘At Risk' status on Windows Servers. The endpoint will change to “At Risk” when containment is disabled. This status is clearly shown in the device’s icon in the device list.
• Rating Source and File Hash columns in File List Changes Logs. In detailed CCS Logs section, you can see the source of the provided file rating and the file hash of that file in newly added two columns

• Fixed the absence issue of Containment logs which are related to containing non-executable files
• Fixed the issue of high memory usage on Windows Server 2016
• Fixed the incompatibility issue between External Device Control and auto-scanning of plugged-in devices
• Fixed the issue of displaying the scan result windows for portal-initiated scans
• Fixed the containment issues that blocks launch of unknown files located at CD/DVD drives.

New Features

• Valkyrie Integration. As mentioned earlier in the document, we added Valkyrie to CSS for MAC. When CCS detects an executable with an unknown trust rating, it will upload the file to Valkyrie for behavior testing. The test results will tell CCS whether the file is trustworthy or malicious. CCS with either allow or block the file based on the result.
• TLS 1.2 Upgrade. To comply with the best industry security practices, we are upgrading the protocol used in our security client to Transport Layer Security (TLS) 1.2.

New Features

• Multi-language support in ITarian. Phase one sees us introduce support for two additional languges - Russian and Spanish with UI translations only (metadata updates such as in table values will be coming in next sprints). You'll see the support for Portal, Service Desk and Endpoint Manager in this release. In addition, more languages will be added soon.

Bug Fixes

• Scheduled report was not working.It has been resolved.
• 2FA verification code couldnt be entered in Safari Browser on MACos.It has been fixed.
• Missing Dome Shield Module has been added to the portal
• Customer was unable to open EM and Dome Shield from C1.It has been fixed.

New Features

• From now on you can be able to delete all the selected tickets for the related lists

You can find the related wiki here.

• With April release you will be able to add new fields more than 5 to the Custom forms.

• Fixed Service Desk latency issues.
• Fixed issue where exporting a PDF with a large number of records led to a ‘500’ error.

Bug Fixes

• Login issue of CAM accounts are fixed for Comodo ONE and ITarian applications on both platform (iOS and Android applications).

• Windows Communication Client - 6.27.25138.19040
• Windows Client - Security - 11.2.0.7313
• Windows Remote Control - 6.27.25030.19040
• macOS Communication Client - 6.27.24066.19040
• macOS Client - Security - 2.4.3.826
• macOS Remote Control - 6.27.25029.19040
• Linux Communication Client - 6.27.24888.19040
• Android - Comodo ONE Mobile - 1.19.4
• Android - ITarian Mobile - 1.19.4
• iOS - Comodo ONE Mobile - 1.3.5
• iOS - ITarian Mobile - 1.3.5
• Android - Endpoint Manager - MDM Client (Comodo)- 6.13.6.9
• Android - Endpoint Manager MDM Client (ITarian) - 6.13.6.9

Hello everyone!

We are happy to announce that post-deployment tests are completed. You can safely enjoy the new features coming with the April release.

Looking forward to your feedbacks!

On behalf of the Product Management Team
-Begüm

After the deployment, I’m a bit confused regarding the license management in the ITSM portal.

I have a single license showing an expire date in 29 days. What will happen after 29 days?
Since C1 is free, I’m not sure I understand how the licenses work?
Also, want to confirm that my few endpoints with security (AV, Firewall, Containment, etc) will still work in 29 days?

Thanks for a great update!

RMM, is free, if you have deployed the AV then you need to buy the licences @StrobeTech can help here.

Thanks James

Hi @RoninMedia

This topic of applications and licenses is a difficult one to understand due to many changes and transitions that have happened over the years. But choosing and getting help from an “Enhanced MSP” like us (“Enhanced MSP” being that we are an MSP using ITarian as well as a Distributor of Comodo & ITarian), we can help you understand and get your business working well.

To start with, “C1” or “Comodo one MSP” is the old and slowing being removed branding.
The reason for this is that “C1” has been taken over by the company “ITarian”; and the main application is self named. [Ignore the fact there is a relationship between ITarian & Comodo and the other company’s in the back end]

Now we know we have two different companies being “Comodo” & “ITarian”, lets look at what they do.
ITARIAN
ITarian MSP [Dashboard and type of PSA system bringing information together] = £FREE
Endpoint Manager [RMM functions and more] = £FREE
Service Desk [Helpdesk system] = £FREE
and many more applications (All currently published applications are £FREE and this is not changing. Maybe there might be add-ons and apps later you pay for; but what is present is £FREE)

COMODO
Comodo Client Security [Computer and Server antivirus] = £COSTS (Due to licensing currently being done via trust and people not reading the long EULA this is missed. You do how ever have a 30 day trial per customer giving you a way of introducing the product and selling it.)
Comodo Dome Shield [DNS Protection and filtering] = £COSTS (Their is a lower usage free tier)
And many more security based products but they are £COST

Hopefully you can now see that ITarian is computer device management and servicing; where Comodo is security.
The new license module released this month which has been in the works for a while now is the first step in to trying to make this easier for the MSP to know what is going on with their licensing and why. Over time this will expand into client reports and much more; so watch this space!

Now, back to the actual questions…

This depends on what the license is.
There are if my notes are correct two types of licenses you will see, “Endpoint Manager” and “EM + Valkyrie”.

Endpoint Manager should be your RMM license which is valid for about 3 years, and then ITarian will renew this automatically enabling you to continue with no problems.

EM + Valkyrie is a combo license of Endpoint Manager with antivirus subscriptions. This is a paid product as it is a Comodo solution.
This lasts as long as you paid for, so if you purchased 1 year it will expire in 1 year and so on. These licenses can be used in two ways, either 1 license key (Customer) per customer or 1 license key (Global) which has it’s device count allocated across multiple clients.

I’ll send you a PM with costs shortly.

Please see the long boring description above

Currently the license manager is not linked into the antivirus product to disable it or stop it as of yet; so currently it will do nothing other than alert and bug you to death.
But as you can imagine, this is coming!!

Hopefully all this as helped, and if you have any questions please let us know.

Since the update, the price of the Antivirus went from $2.80 to $4.00/user/month. Is this a mistake?

That price is more than likely correct when buying direct from Comodo via the portal.
If you use a distributor like us there is a different pricing system.

If you are interested PM me with what you need and the country you are located in.