Key Concepts
Mobile Device - For the purposes of this guide, a mobile device is any Android or iOS smart phone or tablet that is allowed to connect to the enterprise network. Endpoint Manager allows network administrators to remotely configure device access rights, security settings, general preferences and to monitor and manage the device. Mobile devices may be employee or company owned.
User - An employee or guest of the enterprise whose device(s) are managed by the EM console. Users must be created before their devices can be added. Users can be added manually or by importing user groups from an AD server.
Device Group - An admin-defined grouping of Android, iOS, Linux, MAC or Windows devices. Configuration profiles applied to a device group will be deployed to all devices in the group.
Quarantine – Malware
found on managed networks can either be deleted or isolated in a
secure environment known as 'quarantine'. Files moved to quarantine
are encrypted so they cannot be executed. Admins can review
quarantined items and delete or release the files. Quarantined files
can also be added to the local whitelist and submitted to Comodo as a
potential false-positive.
Configuration Profile - A configuration profile is a collection of settings applied to managed devices which determines their network access rights, overall security policy, antivirus scan schedule, and other preferences. Profiles are operating system specific and can be applied to individual devices, device groups, users or user groups. Endpoint Manager ships with a 'default' profile for each supported operating system (iOS, Android, MAC, Linux and Windows). The default profile is automatically applied to a user/device if no custom profile exists.
Comodo Client Security - Comodo Client Security (CCS) is the remotely managed endpoint security software installed on managed Windows devices. It offers complete protection against internal and external threats by combining a powerful antivirus, an enterprise class packet filtering firewall, an advanced host intrusion prevention system (HIPS) and Containment feature that runs unknown and unrecognized applications in an isolated environment at the endpoints. Each component of CCS can be configured to offer desired security level by applying configuration profiles.
- CCS can be white-labelled with your own company branding and UI texts. You can customize the company name, company logo, product logo and more.
Default Profile - Default profiles are immediately applied to a device when it is first enrolled into Endpoint Manager. Default profiles are split into four types - iOS default profiles, Mac OS default profiles, Android default profiles and Windows default profiles. Multiple default profiles can be created and applied to a device or group of devices.
Communication Client (a.k.a EM Agent) - The communication client (CC) is an agent which needs to be installed on all devices so they can be managed by Endpoint Manager. The client is responsible for receiving and executing tasks. Tasks include implementing configuration profiles, fetching device details, running antivirus scans, adding or removing apps and wiping the device.
- CC can be white-labeled with your own company branding and UI texts. You can customize the company name, company logo, product logo and more. You can also specify your support email, support website and support email in the CC 'About' dialog.
Notifications - Notifications are generated if a threat is found on a device, or if an app is installed or removed. You can choose to send notifications to admins only, to a mailing list, or to specific users. Threat notifications are also shown in the Endpoint Manager dashboard.
Patch Management - The patch management module lets you monitor and install updates for Windows and 3rdparty software on Windows devices.
Valkyrie - Valkyrie is a cloud-based file verdict service that tests unknown files with a range of static and behavioral checks in order to identify those that are malicious. CCS on managed Windows computers can automatically submit unknown files to Valkyrie for analysis. The results of these tests produce a trust verdict on the file which can be viewed from the EM interface.
Data Loss Prevention - A DLP discovery scan locates files containing sensitive information on managed Windows devices. For example, the scans find credit card numbers, social security numbers, bank account numbers, etc. You can then take actions to secure that data where required.
Active Directory - Endpoint Manager allows administrators to add multiple Lightweight Directory Access Protocol (LDAP) accounts for the purpose of importing user groups and users.