Using Patch Management is confusing!

Products ITarian Patch Management
1

I know there is a guide about setting up patch management but I am a little confused. Why is there a patch agent msi installer and what do I put into the fields for the installation?

I just want to know how to get this going and automate processes with the custom scripts from scripts.comodo.com

Can anyone break it down in an easy to understand non-guide.pdf form

Capture.PNG

2

I noticed there is a Patch Management inside of ITSM and not the standalone one, what am I missing out on in the standalone version?

3

C1 is a platform…a very sophisticated one…
In this day and age, even a bloody TV remote is sophisticated and takes time to learn, never mind a huge infrastructure platform like C1.
We are cognizant of this fact, as a result have specialist Product Engineers at call to train everyone.
All you have to do is ask and they will gladly do it for free.

4

Ok so I am asking what is the advantage of using the standalone Patch Management vs. the ITSM one, also when applying the procedures (custom scripts) to client, please make this easier to understand, I am so lost even with a pdf guide

5

The reason why we have 2 different patch management is because we are migrating towards ITSM based patch management from the old one. Reason for that is scalability. If ITSM one does the job for you, then i would stick with that, as the functionality of the ITSM one will at some stage overtake the functionality of the old one.

6

Putting in my to sense, I have worked with other RMM some better than other, as an overall I like Comodo, but when it comes to Patch Management, I do find Comodo to be confusing. We should be able to deploy Patch management using the communication client.

Thanks

7

As Melih said, ITSM patch management is still in development, though I use it to manage a hundred endpoints’ patches and it works well for me. I had been using the standalone PM module that was based on (the open source vfense I think?) and it was a bit confusing to use, yes, but once you get on to it (group our devices into workstation and server, more aggressive patch management / reboot cycle for workstations than servers) it worked fine, it was just a pain to deploy the agent and track it all, and ITSM PM became good enough for regular use (it didn’t used to have third party patches).

Right now I just go and manually apply Patches in ITSM by going into Applications -> Patch Management, I select show 200 most recent patches, and then apply those to all. Then do the same with third party, about once/week. You can create a patching procedure and schedule it though if you want to automate this.

8

Respectfully i have to disagree, its a poor substitute for the old RMM. For For the last 4 months ive tried to deploy Windows patches using ITSM PM and it is continually offline. 3rd Party patching as a procedure just doesnt work, i have identical log data for successful and failed procedures there is no granular data for the execution of the patching so you dont know what apps have been updated and what havent.

At his very moment im trying to push the latest Windows updates and the PM is offline again. I’ve got tickets open but im just running around in circles with support at the moment. Ive spent nearly 5hrs on the phone with them pulling log data. So far nothing has been fixed. Ive also found that C1 doesn’t have an automated system for updating the list of available 3rd party patches, this was only identified when i had to tell them they were missing. ie Chrome 59 wasn’t recognized as being available a month after its release they had to manually add it in.

PM is the one piece of the C1 puzzle that is in very poor shape.

9

At least I am not the only one who feels it is confusing, perhaps comodo will take steps in dumbing down their patch management for people who don’t have time to study their software so extensively

10

It really just needs a better more logical layout with a better results/log page to say what has happened and why and also the ability to run a procedure the next time a system comes online.

Edit! - Oh i should note that im talking about the Enterprise patch management in the ITSM. The RMM patch management is confusing but contains far more data which is useful.

11

@jtlogic & @Joners
can you pls share with us a screenshot of the current UI and how you would like it to be modified pls?

12

@Joners ok…whatever you think needs changing, please tell us exactly how you want it changed. You have identified what should be changed, but haven’t identified what it should be changed to. Can you please also tell us that.
All we need for anyone to tell us: Here is a screenshot of how it is now, and here is a screenshot of how I want it be…that will be our marching orders…much appreciate the help and i am sure community will be grateful too.

13

Ill try and provide some feed back later on but im no UI designer, i can only tell you what works well and what doesnt and that comes from using the product and making things logical. If i get time ill try and knock up something.

thanks

14

This was my request list from a month ago with similar stuff.

So this is a rather large list, one or two more items than the 3 you asked for.

The list below and the majority of the functionality here can be had for free with 3rd party services/software, where I can ill note the free options that I know of.

The biggest and most important thing that you can do to sell this to the enterprise space is stability. As some background I’ve been using this product for around 6-8months now and the system reliability is poor, its essentially a very early beta release. I understand that you need to build features in but you already have plenty of value in older products. Why not release and hold on to the old RMM module until ITSM is up to speed with patch management. Buggy software is causing myself, and other MSP’s wasted time in trying to fix issues that they shouldn’t have to. I’ve additional comments below hoping to help address some of these issues.

I do appreciate the support and there is plenty of communication on the forums but as it stands I couldn’t recommend this product to anyone.

ITSM

Misc.

  • 2FA across the board, not just on the C1 login panel.
  • 2FA to include SMS support
  • Logging all actions. Management view to show which tech performed what actions against a specific machine.
  • White / Black List. Only allow login to C1 consoles from certain IP ranges or hostnames.
  • Online Storage to push MSI's, perhaps link to Comodo Cloud Storage?
    • We would only need a small amount of storage, perhaps 10Gb per business?
    • From the MSP perspective you could sandbox storage and have shared storage. Ie Business 1 can access Store 1, Business 2 can only access Store 2. Both businesses can access Shared Store 1.
    • All the Cloud Storage to have a client for Admins to upload files directly to the Shared Folders.
    • Automatic link expiry.
  • After an update have a what's new splash page as you login, rather than just pointing you to a link on the forums.
  • Customisation, brand everything. Reports, login pages the works.
  • Auto Removal - Remove machine if not connected in XX days, allow the user to customize this.
  • Search, when you got the Device List, there is a "Search By Group" function, this should search all devices not just groups.
  • Compliance templates, ie PCI-DSS
  • In the device list show the current internal/external IP and site info.
  • Support for OSX 10.10+
  • Monitor other AV or the MS Security Centre
  • Dome proxy agent deployed as an option from ITSM with the bulk deployment option.

Hardware asset manager: (Free Alternative, Spiceworks, LANSweeper, and PDQ Inventory)

  • View all hardware assets and generate reports.
  • Add assets which aren't included in the ITSM, ie Scanners/Printers, ESXi Servers, networking equipment.
  • Ability to save Purchase Order / Asset information against the hardware.
  • Allow Finance delegated 'view only' access to hardware inventory for financial purposes. Current roles only appear to be along the lines of hide or allow management.
  • Warranty Scanning, alerts for warranties which are expiring.

Software inventory: (Free Alternatives, LANSweeper, Spiceworks, and PDQ Inventory)

  • Automatically scan for software and its licenses are saved in a report so that they can all be viewed at once, include filtering to just show XXXX applications or XXXX application on XXXX site /server etc.
  • The ability to mark a license as verified, ie it has been double checked against a known physical license key.
  • Automated reports to show current license count. Include this with widgets for compliance.

Sites:

  • Users and equipment allocated to specific sites. Ie XXXX machine is registered to XXXX site.
  • Roles assigned to sites, ie helpdesk tech can only pickup tickets and manage machines/devices located in XXXX site.

Dynamic Groups based off site/user/machine types.

  • Ie All equipment in Site XXXX
  • Ie All users in Site XXXX
  • Ie All Servers
  • Ie All Clients running OSX 10.10.x

Reports:

  • Automated email reports, with customisable output, PDF/Excel/CSV
  • Custom reports, ie, I want to see all machines which haven't connected in 30+ days which were running Windows 7, attached to Site X.
  • Online interactive report viewer, save having to download and filter stuff in excel.
  • Email report showing the scheduled procedures that have been run, the success/fails. Any fails include a detailed report and the machine is highlighted in the C1 dashboard/ITSM dashboard as having issues. Ticket created.
  • Ideally this single reports pane should be outside of ITSM and should run across ALL of the C1 services, ie I want to show a report for X machine, I want to see what software it has installed, if it has been backed up using Acronis properly, does it have malware which has been blocked using DOME.

3rd Party Integrations

  • Azure AD SSO, better support for Office 365 and email, IMAP etc.
  • Hip Chat
  • Slack
  • Teams

Alerts / Notifications

  • More advance notice of upgrades with what is going to be included.
  • Portal showing outages, advance notice of maintenance.
  • Push Notifications with support for 3rd party services, hipchat, slack, MS Teams.
  • SMS notification for tier outages.

Upgrades:

  • Groups to assign devices to.
    • Fast Ring - Beta for IT staff, testers.
    • Standard Updates - Standard, normal users
    • Slow Ring - Feature Freeze, servers and critical systems.

Remote Control: (Free Alternative VNC)

  • Work in Safe Mode
  • File Transfer, happen in the background. Allow procedures to be created to do this across groups. Ie I want to push an MSI to a machine on day one, once all of those machines have the MSI locally then ill login and do X or run X procedure.
  • 2FA
  • Logging
  • Procedures, drop down to apply whilst connected.
  • Ability to turn off remote control for single machines without the need to create a new policy (see tags below for an example).
  • White / Black list of users / IP Ranges which can initiate remote control.
  • Search by username
  • Search by site
  • OSX / Nix support (both client and remote control).
  • Remote Terminal / Command Line
  • Quick Support Option, send a link which allows remote control. Ensure that the link expires after X amount of time.
  • From Quick Support ability to push the agent install, this should be silent and take options from the Remote Control app, ie I want to enroll this device to X group @ X site and assigned to user X.
  • Branding again, for the quick support download page and for the remote client.
  • Remote screen shot
  • Remote inventory report, show the IP address and all system info on a quick access screen.

Tray Client:

  • Choose what options are available. Ie I don’t want users to be able to submit a ticket this way. Or have it launch the default browser with the online ticket submission page.

Configuration Templates:

  • Tags. Apply policy based on criteria, not only group but apply tags as well. Ie No Remote Access Tag is set against a single machine, this means that it can inherit the same global policy but has a deny on remote access.
  • Highlight new features when you clone a new template.

Support: (Free Alternative Spiceworks)

  • Basic email support in the free tier. Companies like Spiceworks currently do this and is one of the reasons why SMB's use their product over other packages. One of the first things that Enterprises/SMB's look at is if there is support. Good place for an upsell once people get hooked in.

Network Monitoring: (Free Alternative Nagios, Zabbix, Cacti, Spiceworks)

  • A local SNMP collector for devices which cannot have an agent installed. Switches, printers etc. Templates for ESXi / AD and other MS servers. Nice dashboard to show service status.
  • Service monitoring
  • Website Monitoring, both internal and external websites.
  • Site Monitoring - SNMP collector to remote site routers. Ie monitor remote connection to Site 1, Site 2, Site 3. Bandwidth stats etc alerts for offline.
  • Inventory of local devices with alerts.
  • Schedule scans and then upload all data to C1, have a view for local equipment and remove.
  • This section is huge! Sorry.

Patch Management (Free Alternative, PDQ Inventory, PDQ Deploy)

  • Patch by classification You are already classifying products in categories, allowing procedures to patch device (groups). Ie Group A update all Web Browsers
  • Allow exclusions by tags, ie update all application except (Tag for Teamviewer).
  • Logging. I still cannot get my head around how poor the logs are for procedures, you have to dig through all sorts to find it a machine has been patched. It should be clear to understand. You click on the patch logs on the machine it should be included here. A list of what was updated and when. Errors are shown on the dashboards
  • With the software inventory show how many installs there are, and how many updates are required.
  • High light when new 3rd party applications are available for patching and ask if they should be included. Changes should require a review -> apply task.
  • Patching OSX/MacOS, this is a big one for us.
  • Patch Unix Systems, ala Ubuntu Landscape or Spacewalk.
  • WOL, This should work for other bits as well (see network monitoring)

Service Desk (Free Alternative, Spiceworks (local and cloud), Service Desk Plus (local))

Website

  • Further customisation, allow the use of templates for branding.

Email

  • Better integration with Office 365

Technician Side

  • Run Procedures from the ticket
  • Start remote support from ticket

Major New Functions

  • Wiki for IT, internal KB outside of the helpdesk for stored documentation. Written as a procedure.
  • Password Manager - Shared for Admins, ala lastpass/keepass
15

Hello,

Good day. This is about the “Feature Request: Software inventory”. Our Development team had informed us that the “Global Software Inventory” screen is available under “Applications” section. Administrators can now easily track all software and applications installed on any device. Applications can be filtered by vendor, software title and software category. You can find the inventory by clicking ‘Applications’ > ‘Global Software Inventory.

Thank you