Want to disable the automatic update for ITSM

Hi, my client has about 3000 machines with Comodo ITSM, and when they are in to the update prosses make the network absolutely slow at the point that nobody can use it. I mean (networking at all, collapses).

So, that is my priority, now here becomes my question; how to disable the auto-update. I´d prefer do it by groups if it is possible to do.

I appreciate your time, and looking forward to hear a solution to this situation.




At the current time this feature is not available but we have forwarded it to the R&D team for analysis. We will send you an e-mail in order to keep you updated on the progress made.

Maybe should make some proxy-util? Or grant updates at non-work hours. (Addressing to Comodo team)

Hello @velazquez ,

We currently provide a program that can be used as a update. You can install this program, ESM Update Mirror, on an endpoint that is up 24/7, like a server and this program will connect to our servers to check and download updates and you can set the endpoints to update themselves from this server, reducing this way the overall traffic. To configure the program:

  • Install ESMUM on a server (e.g. server01)
  • In the profile that is applied to the machines, go to Updates section > Servers and add the machine's name with http:// in front of it (e.g. http://server01 or the public FQDN of this machine). Do not remove the existing entry, http://download.comodo.com/, but make sure that it is placed on the last position.
  • You can install ESMUM on more than one machine and add them the entries in Server list.
  • By default, ESMUM is using the port 80, but you can use a different port. For this you will have to edit the value 'Listen' in the config file C:\COMODO\ESM Update Mirror\Apache2.2\conf\httpd.conf from 80 to a different value (e.g. 7777), and add the value http://server01:7777 in Server list.
Please let us know if this helps.

Hi @velazquez

You may have already seen the options, but one way to distribute the load a bit is to separate out the security agent into separate groups.

  1. Remove the agent update section out of the profile you’re using
  2. Create new profiles that only have the update profile and schedule the updates for different days/times (Monday, Tuesday, Wednesday, etc.)

Here you can either associate devices with that new profile, or:
3. Create/set up device groups (could be by function: sales, engeering, admin, etc. or by update day like the profile you created)
4. Add profile you created to applicable group
5. Add devices to the applicable group

Preferably, you’d also have a group that controls the first policy you removed the update group from. So you end up with each device in 2 groups: A default group with the default profile, and a group that governs the update time. You can extend this concept out to other settings as well.

This would then allow you to have clients update one group at a time and spread it out over the days/times you’d like.



Thanks for sharing the file.

One question, is this software able to setup a password in order to access to the http:// portal?. You can provide a software stack, like an agent to be used as an Offline updater from a central point, ex. a local server on the custumer side…