Setting Up Autotask Endpoint Management
Transcription
Setting Up Autotask Endpoint Management
Setting Up Autotask Endpoint Management Updated 9/10/2015 © 2015 Autotask Corporation Table of Contents Table of Contents Table of Contents 2 Introduction to Autotask Endpoint Management 4 Overview 5 AEM Web Portal and Agent 6 Infrastructure and Requirements 9 AEM Platforms 10 Whitelisting Requirements for IP Addresses and URLs 12 Supported Operating Systems and Requirements for the Agent Browser 21 Infrastructure and Security 23 Set Up Autotask Endpoint Management 31 Your User Account 33 Licensing and Billing 36 Branding 40 Roles 43 Users 48 Manage Passwords 53 Two-Factor Authentication 60 Account Settings 67 New Device Approval 77 Custom Fields 80 Connection Brokers 84 Node Scores 87 © 2015 Autotask Corporation l Page 2 of 197 Table of Contents Agent Updates 89 Configuring Third Party Integrations 91 Service Desk Integrations with Autotask Endpoint Management 93 Integrate with Autotask PSA 95 Autotask LiveLinks to AEM Devices 114 ConnectWise 118 Zendesk 127 Datto Backup Integration 133 Kaspersky Endpoint Security Integration 136 Splashtop Remote Screen Share Integration 189 Index 195 © 2015 Autotask Corporation l Page 3 of 197 Introduction to Autotask Endpoint Management In the Introduction chapter, we cover the following: l l l We give you a brief overview of Remote Monitoring and Management software, and introduce you to Autotask Endpoint Management. Refer to "Overview" on page 5. We introduce you to the two interface components of Autotask Endpoint Management. Refer to "AEM Web Portal and Agent" on page 6. Before you begin with the configuration of your Endpoint Management site, you should make sure that you are hosted on the right platform, whitelist a number of IP addresses and URLs, and learn about supported operating systems and requirements for the Agent browser. Refer to "Infrastructure and Requirements" on page 9. © 2015 Autotask Corporation l Page 4 of 197 Overview About Remote Monitoring and Management (RMM) Remote monitoring and management (RMM) software enables managed IT service providers (MSPs) to remotely and proactively monitor their customers' networks and computers. Data about the remote devices, also known as endpoints, is collected by a lightweight software program called Agent which then communicates this data to the Endpoint Management application. The service provider has access to this information via a Web Portal. With an RMM solution, you can collect information about the customers' network, hardware and software ("audit"), remotely support customers, proactively monitor every endpoint, deploy patches, create alerts and tickets when issues arise, schedule maintenance jobs, and more. You can stay ahead of issues and resolve them without going on-site, often before your customers are aware of a problem. Autotask Endpoint Management and Autotask PSA Autotask offers complete solutions for RMM (Autotask Endpoint Management) and IT Business Management (Autotask PSA). Our products can be used as an integrated solution, or as stand-alone products. We will continue to support partner solutions for both product lines. l l For an overview of the Autotask integration of PSA and AEM, refer to "Integrate with Autotask PSA" on page 95. For an overview of other RMM tools that integrated with Autotask PSA, refer to Partner Solutions. © 2015 Autotask Corporation l Page 5 of 197 AEM Web Portal and Agent The Autotask Endpoint Management (AEM) platform consists of two separate components: the Web Portal and the Agent. The Web Portal The Web Portal is a cloud-based browser application that lets you manage any number of devices ("endpoints") for multiple customers across multiple operating systems. On the Web Portal, you can: l Administer your site, including users, security levels, branding, profiles, groups and filters l Set up and manage the profiles and the devices that are associated with them l Configure the ready-made components (applications and utilities) you downloaded from the ComStore l Schedule jobs to be performed on selected devices, and much else... © 2015 Autotask Corporation l Page 6 of 197 The Agent The Agent is a lightweight software program that is installed on all managed devices that support agent installation. It also acts as a go-between for network devices that do not support Agent installation, but can be managed using SNMP. The Agent collects data on the devices, and communicates it to the Web Portal. It can also execute a variety of actions on the remote device, such as: l Audit the installed hardware and software l Proactively monitor the device l Deploy software, patches and updates l Enable the remote takeover of devices that have the Agent installed Most of these tasks are accomplished in the Agent browser, an application launched from the Agent icon in the system tray or from the Web Portal. It contains multiple tools to take control of a remote device. © 2015 Autotask Corporation l Page 7 of 197 In the Agent browser, you can: l Take a screen shot of the remote device or open a remote takeover tool like RDP, VNC or Splashtop l Open a Command Shell and add and edit registry items on the remote device l Control Windows Services on the remote device l Wake up, shut down or restart the remote device l Monitor resources such as CPU or memory in real time l Transfer files l View event logs It allows you to diagnose and fix many issues remotely, and often in the background, without the user being aware of it. © 2015 Autotask Corporation l Page 8 of 197 Infrastructure and Requirements If you are responsible for rolling out Autotask Endpoint Management (AEM) in your company, we recommend that you familiarize yourself with the following technical topics: l l l l The AEM cloud application is located on a number of platforms around the globe. Customers are assigned to the platform that provides the fastest connection, based on their location. Refer to "AEM Platforms" on page 10. To allow seamless connectivity to the AEM Web Portal (formerly CSM) and between AEM Agents (formerly CAGs), you must open TCP PORT 443 Outbound through your firewall. The IP addresses you must whitelist are specific to your platform. Refer to "Whitelisting Requirements for IP Addresses and URLs" on page 12. The AEM Agent can be installed on a wide range of operating systems. Refer to "Supported Operating Systems and Requirements for the Agent Browser" on page 21. For a detailed review of the AEM infrastructure and security, refer to "Infrastructure and Security" on page 23. © 2015 Autotask Corporation l Page 9 of 197 AEM Platforms The Autotask Endpoint Management cloud application (AEM) is located on a number of platforms around the globe. Each platform consists of a number of individual server instances that control different areas of the product (Agent connectivity, Web Portal etc.). To achieve the fastest connection, your account will reside on the platform that is geographically nearest to you, based on the location you specified when you signed up. If you have accidentally selected a wrong location, contact your Account Manager for assistance to have your account migrated to the correct platform. Unified Login Server (ULS) The AEM Unified Login Server (ULS) is a single sign-on server managing all AEM customers’ credentials, allowing them to log in at one location and be directed to their specific platform. The login page address of the AEM ULS is https://centrastage.net. Current regions and platforms When logging in through the single sign-on server, you will be directed to the platform where your account is hosted. The name of the platform will be displayed in the first part of the URL once you have logged in. For example, if your account is hosted on the Merlot (EMEA West 2) platform, the following URL will be displayed once you have logged in through the single sign-on server: https://merlot.centrastage.net/csm/. In addition to the ULS, all five platforms host their own login page. You can log in to your account using the correct direct login URL. Region Platform Name Direct Platform Address Direct Login Page Europe (Dublin) Pinotage (EMEA West 1) Merlot (EMEA West 2) https://pinotage.centrastage.net https://merlot.centrastage.net https://pinotage.centrastage.net/csm/login https://merlot.centrastage.net/csm/login US (Virginia, Oregon) Concord (US East) Zinfandel (US West) https://concord.centrastage.net https://zinfandel.centrastage.net https://concord.centrastage.net/csm/login https://zinfandel.centrastage.net/csm/login Asia-Pacific (Sydney) Syrah (APAC) https://syrah.centrastage.net https://syrah.centrastage.net/csm/login © 2015 Autotask Corporation l Page 10 of 197 To connect to your platform, you must open your firewall for platform-specific IP Addresses. Some firewalls, proxies or security appliances may require access to the URL of the service as well as the IP address. For further information, refer to "Whitelisting Requirements for IP Addresses and URLs" on page 12. © 2015 Autotask Corporation l Page 11 of 197 Whitelisting Requirements for IP Addresses and URLs Administrator To allow seamless connectivity to the Autotask Endpoint Management (AEM) Web Portal, the ComStore, and between Agents, you must open TCP PORT 443 Outbound through your firewall. If your company has a more aggressive security posture and port 443 is not open, you must whitelist a number if IP addresses to allow AEM to make the required connections. The IP addresses you must whitelist are specific to your platform, and you only need to whitelist the ones associated with your platform. For information about the platform your site is hosted on, refer to "AEM Platforms" on page 10. Connecting to the AEM Web Portal To ensure full connectivity to AEM, you will need to open TCP PORT 443 Outbound through your firewall to the IP addresses and URLs associated with your platform. IP addresses for each platform © 2015 Autotask Corporation l Page 12 of 197 EMEA West 1 (Pinotage) EMEA West 2 (Merlot) US East (Concord) US West (Zinfandel) APAC (Syrah) 54.77.247.84 54.194.25.164 52.5.251.79 54.201.211.18 54.79.25.73 54.77.108.71 54.194.54.213 52.6.151.191 54.213.57.149 54.79.44.13 54.77.69.163 54.194.245.26 52.7.200.96 54.201.174.248 54.206.73.160 54.154.123.55 54.194.70.100 52.4.97.130 54.201.158.254 54.206.60.138 54.154.110.191 54.194.17.228 54.88.94.23 54.201.148.211 54.79.20.109 54.154.110.190 54.194.42.15 54.172.198.183 54.200.154.205 54.252.198.125 54.154.16.237 54.194.217.74 54.88.212.141 54.213.162.73 54.206.10.157 54.154.76.59 54.194.87.166 54.164.96.143 54.201.132.105 54.206.12.124 54.171.166.217 54.194.59.222 54.165.85.82 54.201.16.209 54.206.20.221 54.77.122.85 54.194.73.199 54.165.240.214 54.191.61.99 54.206.24.91 54.194.81.165 54.173.70.131 54.191.117.5 54.79.4.211 54.194.153.16 54.186.19.220 54.194.242.0 54.186.13.123 54.194.218.239 54.194.100.128 54.194.50.12 URLs In addition to IP addresses, some firewalls, proxies or security appliances may require access to the URL of the service as well as the IP address. If you are using a proxy or security appliance, ensure that the relevant URLs to your platform are whitelisted. © 2015 Autotask Corporation l Page 13 of 197 TCP Port Platform URLs Direction EMEA West 1 (Pinotage) Web Service: https://01ws.centrastage.net Agent Updates: https://update.centrastage.net Web Portal: https://pinotage.centrastage.net Control Channel: 01cc.centrastage.net:443 Tunnel Server: ts.centrastage.net:443 Component Library: https://cpt.centrastage.net, https://cpt.centrastage.net.s3.amazonaws.com HTTPS / 443 Outbound EMEA West 2 (Merlot) Web Service: https://02ws.centrastage.net Agent Updates: https://update-merlot.centrastage.net Web Portal: https://merlot.centrastage.net Control Channel: 02cc.centrastage.net:443 Tunnel Server: ts.centrastage.net:443 Component Library: https://cpt-merlot.centrastage.net, https://cpt-merlot.centrastage.net.s3.amazonaws.com HTTPS / 443 Outbound US East (Concord) Web Service: https://01concordws.centrastage.net Agent Updates: https://update-concord.centrastage.net Web Portal: https://concord.centrastage.net Control Channel: concordcc.centrastage.net:443 Tunnel Server: ts.centrastage.net:443 Component Library: https://cpt-concord.centrastage.net, https://cpt-concord.centrastage.net.s3.amazonaws.com HTTPS / 443 Outbound US West (Zinfandel) Web Service: https://03ws.centrastage.net Agent Updates: https://update-zinfandel.centrastage.net Web Portal: https://zinfandel.centrastage.net Control Channel: 03cc.centrastage.net:443 Tunnel Server: ts.centrastage.net:443 Component Library: https://cpt-zinfandel.centrastage.net, https://cpt-zinfandel.centrastage.net.s3.amazonaws.com HTTPS / 443 Outbound APAC (Syrah) Web Service: https://syrahws.centrastage.net Agent Updates: https://update-syrah.centrastage.net Web Portal: https://syrah.centrastage.net Control Channel: syrahcc.centrastage.net:443 Tunnel Server: ts.centrastage.net:443 Component Library: https://cpt-syrah.centrastage.net, https://cpt-syrah.centrastage.net.s3.amazonaws.com HTTPS / 443 Outbound Connecting Agents through the Tunnel Server Grid Unless a peer-to-peer connection can be established between devices, Agent to Agent connectivity and remote takeover are managed by a tunnel server over an encrypted connection. Tunnel servers are connection relays located around the globe to provide maximum coverage and the best performance depending on your location. They are automatically available to all users. © 2015 Autotask Corporation l Page 14 of 197 l When a remote takeover session is initiated, the admin device queries DNS to find the nearest tunnel server. The tunnel server is picked based on the proximity to the admin device. l Then a connection is made to a load-balanced tunnel server cluster. l Finally, a connection is established to the remote device. To make the most of the tunnel server grid, please ensure that the IP addresses relevant to your geographic location are open on your own and your endpoint's firewalls. IP Addresses for the Tunnel Server Grid © 2015 Autotask Corporation l Page 15 of 197 EMEA APAC (Sidney) APAC (Singapore) 54.72.228.106 54.79.75.129 54.169.119.179 54.207.102.187 54.191.106.204 54.172.163.43 54.77.25.238 54.79.97.42 54.187.170.202 54.173.173.38 54.169.73.64 South America (Sao Paulo) 54.207.105.254 US WEST (Oregon) US EAST (Virginia) 54.76.210.230 54.77.1.79 54.77.29.239 54.93.70.139 NEW 54.93.63.109 NEW This list will be updated as we add more tunnel servers to the grid. Connecting to the Component Library (ComStore) The component library is hosted on Amazon servers. EC2 stands for Elastic Computing Cloud. The IP addresses are assigned when the Amazon EC2 instance is launched. To ensure a successful connection, you must whitelist all IP address ranges that host components for your region. Amazon AWS EC2 IP Address Ranges © 2015 Autotask Corporation l Page 16 of 197 EU (Ireland) US East (Virginia) Asia Pacific (Sydney) 79.125.0.0/17 (79.125.0.0 79.125.127.255) 72.44.32.0/19 (72.44.32.0 72.44.63.255) 54.252.0.0/16 (54.252.0.0 54.252.255.255) 46.51.128.0/18 (46.51.128.0 46.51.191.255) 67.202.0.0/18 (67.202.0.0 67.202.63.255) 54.253.0.0/16 (54.253.0.0 54.253.255.255) 46.51.192.0/20 (46.51.192.0 46.51.207.255) 75.101.128.0/17 (75.101.128.0 75.101.255.255) 54.206.0.0/16 (54.206.0.0 54.206.255.255) 46.137.0.0/17 (46.137.0.0 46.137.127.255) 174.129.0.0/16 (174.129.0.0 174.129.255.255) 54.79.0.0/16 (54.79.0.0 54.79.255.255) 46.137.128.0/18 (46.137.128.0 46.137.191.255) 204.236.192.0/18 (204.236.192.0 204.236.255.255) 54.66.0.0/16 (54.66.0.0 54.66.255.255) NEW 176.34.128.0/17 (176.34.128.0 176.34.255.255) 184.73.0.0/16 (184.73.0.0 184.73.255.255) 176.34.64.0/18 (176.34.64.0 176.34.127.255) 184.72.128.0/17 (184.72.128.0 184.72.255.255) 54.247.0.0/16 (54.247.0.0 54.247.255.255) 184.72.64.0/18 (184.72.64.0 184.72.127.255) 54.246.0.0/16 (54.246.0.0 54.246.255.255) 50.16.0.0/15 (50.16.0.0 50.17.255.255) 54.228.0.0/16 (54.228.0.0 54.228.255.255) 50.19.0.0/16 (50.19.0.0 50.19.255.255) 54.216.0.0/15 (54.216.0.0 54.217.255.255) 107.20.0.0/14 (107.20.0.0 107.23.255.255) 54.229.0.0/16 (54.229.0.0 54.229.255.255) 23.20.0.0/14 (23.20.0.0 23.23.255.255) 54.220.0.0/16 (54.220.0.0 54.220.255.255) 54.242.0.0/15 (54.242.0.0 54.243.255.255) 54.194.0.0/15 (54.194.0.0 54.195.255.255) 54.234.0.0/15 (54.234.0.0 54.235.255.255) 54.72.0.0/14 (54.72.0.0 54.75.255.255) 54.236.0.0/15 (54.236.0.0 54.237.255.255) 54.76.0.0/15 (54.76.0.0 54.77.255.255) 54.224.0.0/15 (54.224.0.0 54.225.255.255) © 2015 Autotask Corporation l Page 17 of 197 EU (Ireland) US East (Virginia) 54.78.0.0/16 (54.78.0.0 54.78.255.255) 54.226.0.0/15 (54.226.0.0 54.227.255.255) 54.74.0.0/15 (54.74.0.0 54.75.255.255) NEW 54.208.0.0/15 (54.208.0.0 54.209.255.255) 185.48.120.0/22 (185.48.120.0 185.48.123.255) NEW 54.210.0.0/15 (54.210.0.0 54.211.255.255) 54.170.0.0/15 (54.170.0.0 54.171.255.255) NEW 54.221.0.0/16 (54.221.0.0 54.221.255.255) 87.238.80.0/21 NEW 54.204.0.0/15 (54.204.0.0 54.205.255.255) Asia Pacific (Sydney) 79.125.0.0/17 NEW 79.125.0.0/17 NEW 54.78.0.0/16 NEW 54.78.0.0/16 NEW 54.76.0.0/15 NEW 54.76.0.0/15 NEW 54.74.0.0/15 NEW 54.74.0.0/15 NEW 54.72.0.0/15 NEW 54.72.0.0/15 NEW 54.247.0.0/16 NEW 54.196.0.0/15 (54.196.0.0 54.197.255.255) 54.198.0.0/16 (54.198.0.0 54.198.255.255) 54.80.0.0/13 (54.80.0.0 54.87.255.255) 54.88.0.0/14 (54.88.0.0 54.91.255.255) NEW 54.92.0.0/16 (54.92.0.0 54.92.255.255) NEW 54.92.128.0/17 (54.92.128.0 54.92.255.255) NEW 54.160.0.0/13 (54.160.0.0 54.167.255.255) NEW 54.247.0.0/16 NEW 54.246.0.0/16 NEW 54.172.0.0/15 (54.172.0.0 54.173.255.255) NEW 54.246.0.0/16 NEW 54.240.220.0/22 NEW 54.240.197.0/24 NEW 54.239.99.0/24 NEW 54.239.32.0/21 NEW © 2015 Autotask Corporation l Page 18 of 197 EU (Ireland) US East (Virginia) Asia Pacific (Sydney) 54.231.128.0/19 NEW 54.229.0.0/16 NEW 54.229.0.0/16 NEW 54.228.16.0/26 NEW 54.228.0.0/16 NEW 54.228.0.0/16 NEW 54.220.0.0/16 NEW 54.220.0.0/16 NEW 54.216.0.0/15 NEW 54.216.0.0/15 NEW 54.194.0.0/15 NEW 54.194.0.0/15 NEW 54.170.0.0/15 NEW 54.170.0.0/15 NEW 54.155.0.0/16 NEW 54.155.0.0/16 NEW 54.154.0.0/16 NEW 54.154.0.0/16 NEW 46.51.192.0/20 NEW 46.51.192.0/20 NEW 46.51.128.0/18 NEW 46.51.128.0/18 NEW 46.137.128.0/18 NEW 46.137.128.0/18 NEW 46.137.0.0/17 NEW 46.137.0.0/17 NEW © 2015 Autotask Corporation l Page 19 of 197 EU (Ireland) US East (Virginia) Asia Pacific (Sydney) 185.48.120.0/22 NEW 185.48.120.0/22 NEW 178.236.0.0/20 NEW 176.34.64.0/18 NEW 176.34.64.0/18 NEW 176.34.159.192/26 NEW 176.34.128.0/17 NEW 176.34.128.0/17 NEW 176.32.104.0/21 NEW © 2015 Autotask Corporation l Page 20 of 197 Supported Operating Systems and Requirements for the Agent Browser Operating Systems The Autotask Endpoint Management (AEM) Agent can be installed on a wide range of operating systems that are outlined below. Operating System / Device Version Windows • Windows XP SP2 (Home, Professional, Professional x64, Tablet PC, Media Center, Starter editions) • Windows Vista 32/64-bit (Starter, Home Basic & Premium, Business, Enterprise, Ultimate editions) • Windows Server 2003 & R2 32/64-bit (Web, Standard, Enterprise, Datacenter, Small Business, Home Server editions) • Windows 7 (32/64-bit) • Windows 8/8.1 (32/64-bit) • Windows 2008 & R2 32/64-bit (Standard, Enterprise, Datacenter, Web, Small Business) • Windows Server 2012 (64-bit) & Windows Server 2012 R2 Apple Macintosh • Intel based Mac OS X 10.6.x and later Linux* • Fedora 19, 20, 21 • Debian 7, 8 • CentOS 6, 7 • Ubuntu 12, 13, 14, 15 Smartphones and Tablets • iOS 7 and later • Android 2.3.3 and later *The Agent may work with any Debian-based distribution but support is only provided for the ones listed. Detailed Windows requirements AEM runs as a .Net service and needs Windows Installer 3.1 and .Net Framework 2.0 to install and run. Windows Installer 3.1 is part of the standard MS Windows Update and should be present on all devices. If it is not, it can be downloaded from Microsoft. If Microsoft .Net 2.0 is not installed on the device, the Agent installer will automatically download and install it. It can also be downloaded manually from Microsoft. For further information on .Net Framework versions, refer to .NET Framework Versions and Dependencies. © 2015 Autotask Corporation l Page 21 of 197 .NET Framework on Windows 8 or Windows Server 2012 In order to install AEM, you'll need to enable .NET Framework 3.5.1 (it includes .NET 2.0 and 3.0). You can enable it by following the paths below. l Windows 8 Go to Control Panel > Programs & Features > Turn Windows features on or off. This can also be enabled via the following command line: dism.exe /online /enable-feature /featurename:NetFX3 l Windows Server 2012 Go to Server Manager > Roles and Features > Add Roles > Features. This can also be enabled via the following command lines: dism.exe /online /enable-feature /featurename:NetFX3ServerFeatures dism.exe /online /enable-feature /featurename:NetFX3 © 2015 Autotask Corporation l Page 22 of 197 Infrastructure and Security Autotask Endpoint Management (AEM) enables IT support organizations to monitor and manage multiple remote computers over any network, bringing visibility and control to the service provider. The solution has been built for organizations supporting IT over public networks, so careful consideration has been given to the infrastructure and security of the product. Platform Infrastructure AEM operates on multiple resilient, high-availability, scaling platforms hosted within Amazon Web Services (AWS). These Platforms exist and span a number of different AWS Regions to provide increased performance for customers around the globe. At present the core platforms are hosted in the EU-WEST-1 (Ireland), US-WEST-2 (Oregon), US-EAST-1 (Virginia) and AP-SOUTHEAST-2 (Sydney) regions, with additional servers in AP-SOUTHEAST-1. All communication that needs to travel between AWS Regions is performed via secure SSH Tunnels or HTTPS connections. To help to achieve the required levels of resilience and scalability, AEM servers are separated into three customer facing services. The services are separated as follows: l l l AEM Server Manager (CSM) - The web management portal Control Channel (CC) – A permanent connection established with all connected devices to facilitate low latency event and command communication Web Service (WS) – A stateless Web Service for Agent to Platform communication Availability Zones Within each AWS Region there exist two or more Availability Zones. These zones are distinct locations within a region that are engineered to be isolated from failures in each other, while still providing high performance, low latency inter-AZ connectivity. By hosting across multiple Availability Zones, AEM is able to ensure that a failure in a single Data Center does not affect the availability of a platform. Load Balancing All of the core platform services (CSM, CC, WS) exist as multiple servers within AWS and are themselves only accessible through dedicated Load Balancers. For the CSM, this load balancing is provided via the use of the Amazon Elastic Load Balancer service, whilst the CC and WS servers use dedicated Load Balancing instances. By spreading these load balancers across multiple availability zones and using DNS Round-Robin, we are able to ensure high availability, scalability and performance of the platform. Servers can be commissioned and decommissioned as required with no impact to the service itself. © 2015 Autotask Corporation l Page 23 of 197 Server Instances AEM uses Ubuntu for the base operating system of the server instances, hosted within AWS Elastic Compute Cloud (EC2). The version used has been specifically prepared and hardened for use in AWS by Canonical Ltd, the provider of the Ubuntu platform. Server instances are launched from prebuilt and tested machine images to ensure 100% consistency. These machine images are backed up to the AWS Simple Storage Service (S3) which has 99.999999999% (11 9’s) durability. Servers are stateless in that they do not store any persistent data allowing them to be replaced on demand, negating the need for individual server backups, and ensuring that the failure of a server does not result in a loss of customer data. File Storage All components uploaded to the AEM platform are uploaded to buckets within S3. This ensures durability of data, and also provides a highly available mechanism to securely serve these files back to devices across the globe as required. By using S3 we ensure that components can be instantly provisioned to any number of devices over a high bandwidth connection, not tied to a static number of background instances. Firewalls AWS EC2 instances are, by default, closed for ingress via the use of configurable security groups. By default, AEM core servers are only accessible via dedicated Load Balancer or SSH Tunnel instances, which exist in separate security groups. This means that access to these instances is either via 443 for HTTPS or secure TCP traffic from Load Balancers, or via SSH Tunnel on port 22 through a dedicated SSH Instance. Any servers which do not require external connections are therefore locked down and accessible only on port 22 via first connecting to a controlled SSH Instance. This “Security Group” concept extends to Amazon's Relational Database Service (RDS), and means that the Databases that back the platforms are not externally accessible, and instead only open to connections from specific Security Groups. Auto Scaling In times of high load, AEM servers can auto scale, adding additional server resource automatically to areas of the system that are most heavily utilized. Additional servers can be automatically brought online and added to the load balancer as required. Conversely, auto scaling can remove excess processing in times of minimal load. Additional server instances are can be provisioned in under 60 seconds, and ensure a consistent level of service for users despite platform load. Database AEM is underpinned by a high availability, relational database service (RDS) for MySQL, which is distributed across two availability zones in a Master-Slave arrangement. In the unlikely event of a database failure, AEM will automatically fail over to the slaved database in the other availability zone within a matter of minutes. RDS automatically patches the database software and backs up the database, storing the backups for a userdefined retention period and enabling point-in-time recovery. © 2015 Autotask Corporation l Page 24 of 197 Data Protection We work hard to ensure the security and protection of any data stored on the AEM platform. For sensitive information, in addition to access controls and platform penetration testing, this also includes encryption using the AES/CBC/PKCS5Padding Cipher before it is transferred to the AEM Database. Customers should also be aware that data is never stored outside of the platform region that they select when signing up for the service. For customers on our EU platforms this means all data is stored in Ireland, for customers on US Platforms this currently means all data is stored in Virginia or Oregon, and for customers in APAC this means all data is stored in Sydney. Where new platforms are added in the future, the location of the corresponding data center will be announced to allow customers to make appropriate decisions when reviewing concerns such as the Data Protection Directive. Platform Monitoring AEM uses a number of services in order to provide effective monitoring of platform health and metrics. In addition to the instance monitoring services provided by AWS CloudWatch, core platform services are monitored for health and throughput via both custom metrics pushed to CloudWatch, the NewRelic Application and Server Monitoring Service, and Graphite in combination with custom metric gathering code deployed to each server. NewRelic and our own custom metrics provide us with near real time feedback on platform load, allowing the system to scale on demand when required and alerting us to potential problems or service outages. 24/7 response is ensured through the use of PagerDuty and a robust and well practiced escalation procedure within AEM. By monitoring the platforms in this fashion, and coupled with the log aggregation services currently being deployed across the estate, AEM is moving towards being able identify, pinpoint and resolve potential customer issues before they become apparent to the end user, with both predefined intelligence and exception based alerting. Platform Status Current platform status, health and issues are pro-actively reported to end users via a comprehensive Status Page at http://www.autotaskstatus.net/. Not only does this give users a way of being alerted to potential platform issues and notification of upcoming planned maintenance, but it also provides a complete history of issues that have affected the platform, giving new and existing customers insights into platform stability and response times. Platform Stability AEM performs regular stability testing on the platform, using automated tools to terminate core servers and ensure the platform is able to both continue functioning, and gracefully recover the affected services without the need for manual intervention. © 2015 Autotask Corporation l Page 25 of 197 Through this kind of testing we can ensure that not only has the platform itself been effectively engineered to ensure resilience and high availability, but that in the event of an unexpected issue, all the core staff within AEM are able to execute a well-practiced response. Global Relay Servers Despite platforms themselves being located in specific regions, all inter-Agent connectivity takes advantage of a network of Tunnel Servers, with the Agents intelligently selecting their closest and healthiest server through which to establish a connection. Customers who do not wish to utilize this network can select a specific server to use, with IP Addresses of those, and the other endpoints. For further information, refer to "Whitelisting Requirements for IP Addresses and URLs" on page 12. AEM AWS Architecture Figure - AEM Platform Infrastructure – This is a high level diagram and may not represent the full set of services and servers. Product Security © 2015 Autotask Corporation l Page 26 of 197 AEM Server Manager Security Encryption AES-256, 256 Bit keys. The connection supports TLS 1.0/1.1/1.2 Passwords Strong passwords required – Min 8 characters. Password Expiry Optional password expiration every 30/60/90 days. Authentication RADIUS server integration can be enabled together with single sign on and one time passwords, or SecurID tokens. Accounting Session activity logged to system level log files and audit trail database. Two-Factor Authentication When logging into the AEM Server Manager Website, customers can choose to enable a Two-Factor Authentication mechanism based around the use of Time-Based One-Time Passwords (TOTP - http://tools.ietf.org/html/rfc6238). This allows any user with a smartphone the ability to use that device as a second step in the authentication process, requiring them to provide a Username, Password, and token generated on their phone to log into the website. By enabling TOTP across all users in their account, customers can ensure that a compromised password doesn’t lead to a third party being able to access the CSM. AEM Agent Security Encryption (Agent to server) TLS 1.0 Encryption (Agent to Connection Broker) 3DES in CBC mode. Protocol HTTPS / TCP 443 Stateful Packet Inspection It is strongly recommended that any Stateful Packet Inspection be turned off for access to any centrastage.net address, and that all attempts possible are made to guarantee that TCP connections to the cc.centrastage.net addresses are not terminated in cases of inactivity (These connections may be inactive for up to 180 seconds at a time if no client activity is detected). Platform Infrastructure Security AEM runs on a hardened Ubuntu Linux platform, with all instances launched from a patched and maintained © 2015 Autotask Corporation l Page 27 of 197 Elastic Block Storage (EBS) image, based on an original provided by Canonical Ltd. All instances exist for a maximum of one release cycle before being terminated and replaced by a newly instantiated server. This ensures consistency across all servers in the AEM platform, and provides a base level of Security without the need to worry about missing critical patches or configuration for each server. AWS Console Access Each AEM Platform is hosted within a separate AWS Account, with no shared access. Administration of the services provided by AWS (EC2, RDS, S3, etc.) is performed through the use of both the AWS Console and the AWS API Services for programmatic access. Only essential staff within AEM has access to these services, with access configured on a per platform basis through the use of AWS Identity and Access Management. All logins to the console are required to have a secure password of at least 12 characters and high complexity in addition to the use of TOTPs. Programmatic access to the AWS API is controlled through Secure Keys and Secrets issued via the IAM interface. Each user, and by extension each Secure Access Key, has their rights and permissions tailored to their role or intended usage. This ensures that should a single access key be compromised, its access is restricted to specific areas of functionality, it cannot be used to “mint” more access keys, and it can be easily revoked and replaced. Instance Access There exists a single instance within the Pinotage platform which is externally accessible over a port other than 443. This instance is the SSH Instance, and can be accessed via a secure SSH connection on port 22, authenticated only through the use of one of a small number of Private Keys. This ensures that access to the platforms can be tightly controlled and logged. Access to further AWS Instances is then available through this dedicated SSH instance, via the use of additional Private Keys. Since the database is not externally accessible, it too must be accessed through this dedicated SSH instance, via the use of a secure SSH Tunnel. Penetration Testing The AEM platform undergoes periodic Penetration Testing via external approved companies. In addition to this, the platform is also regularly tested for vulnerabilities via the use of automated tools such as Tenable Nessus. Not only is the platform itself probed for vulnerabilities, but the Web Interface and Web Services are regularly tested. This testing focuses on ensuring that not only are accounts secure from unauthorized access, but that the Web Interface is hardened against XSS or CSRF attacks, username enumeration, file upload vulnerabilities, and more. © 2015 Autotask Corporation l Page 28 of 197 Instance Monitoring Where previously all instances were periodically logging to S3, with the SSH Instance logs regularly reviewed, AEM is now moving to a centralized log aggregation system called Loggly. This system ensures that all system and application logs can be monitored and reviewed in real time, providing instant alerting of issues or unauthorized access attempts to a system. This centralization not only provides increased security, but also visibility of potential application issues before they become a problem. ISO27001/ISO9001 As a result of the above processes, and a commitment to best practice moving forwards, AEM has been awarded ISO27001 accreditation for Information Security and ISO9001 accreditation for Quality Management. This provides an assurance that we follow a structured process of continuous, customer focused, improvement when addressing issues with and improving processes and systems. Hosting Security A brief outline of AWS Security and Compliance information is provided below but for a full overview please visit https://aws.amazon.com/security/. Physical Security AWS data centers are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff. Our hosting center only provides data center access and information to employees and contractors who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of the hosting center. All physical access to data centers by employees is logged and audited routinely. Control Environment Our hosting center manages a comprehensive control environment that includes the necessary policies, processes and control activities for the delivery of each of the AEM service offerings. The collective control environment encompasses the people, processes, and technology necessary to maintain an environment that supports the effectiveness of specific controls and the control frameworks for which the hosting center is certified and/or compliant. Our hosting service is compliant with various certifications and third-party attestations. These include: © 2015 Autotask Corporation l Page 29 of 197 l l l l SAS70 Type II. This report includes detailed controls the hosting service operates along with an independent auditor opinion about the effective operation of those controls. PCI DSS Level 1. The hosting service has been independently validated to comply with the PCI Data Security Standard as a shared host service provider. ISO 27001. The hosting service has achieved ISO 27001 certification of the Information Security Management System (ISMS) covering infrastructure, data centers, and services. FISMA. The hosting service enables government agency customers to achieve and sustain compliance with the Federal Information Security Management Act (FISMA). The hosting service has been awarded an approval to operate at the FISMA-Low level. It has also completed the control implementation and successfully passed the independent security testing and evaluation required to operate at the FISMA-Moderate level. Environmental Safeguards The hosted data centers are state of the art, utilizing innovative architectural and engineering approaches. Fire Detection and Suppression Automatic fire detection and suppression equipment has been installed to reduce risk. The fire detection system utilizes smoke detection sensors in all data center environments, mechanical and electrical infrastructure spaces, chiller rooms and generator equipment rooms. These areas are protected by either wet-pipe, doubleinterlocked pre-action, or gaseous sprinkler systems. Power The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centers use generators to provide back-up power for the entire facility. Climate and Temperature Climate control is required to maintain a constant operating temperature for servers and other hardware, which prevents overheating and reduces the possibility of service outages. Data centers are conditioned to maintain atmospheric conditions at optimal levels. Personnel and systems monitor and control temperature and humidity at appropriate levels. © 2015 Autotask Corporation l Page 30 of 197 Set Up Autotask Endpoint Management Administrator In this section, we document the steps that you should complete before you add any data (profiles and devices) to your AEM account. Step 1 - Review the AEM Infrastructure and Requirements Before you begin with the configuration of your Endpoint Management site, you should make sure that you are hosted on the right platform, whitelist a number of IP addresses and URLs, and learn about supported operating systems and requirements for the Agent browser. Refer to "Infrastructure and Requirements" on page 9. Step 2 - Your User Account Security is important, especially if you are the person who created your company's AEM account. We recommend that you review your own user account before you permit others to access AEM. Refer to "Your User Account" on page 33. Step 3 - Licensing and Billing Billing is based on the number of Agents you have licensed. The next step should be to review "Licensing and Billing" on page 36. Step 4 - Branding Optionally, you can add your own logo to your Web Portal, and change the default colors to your company colors. To learn more about this, refer to "Branding" on page 40. Step 5 - Roles By default, the Account Admin role is assigned to the user who registers the AEM account and it is the only role available to assign to new users until other roles are created. Most likely, not everybody in your company should have full access to everything in AEM. In this step, you will configure additional roles to assign to users. Refer to "Roles" on page 43. Step 6 - Users Now you are ready to create user accounts for other people in your organization. Refer to "Users" on page 48. Step 7 - Account Settings You have a lot of control about the global settings for your site. At a minimum, you need to review the Account > Settings page to see what is possible. Refer to "Account Settings" on page 67. © 2015 Autotask Corporation l Page 31 of 197 Step 8 - Configure Integrations If you are also a customer of Autotask PSA and would like to integrate it with AEM, you must configure the integration. Refer to this topic to learn the required steps in both PSA and AEM: "Integrate with Autotask PSA" on page 95. To learn about other integrations, refer to "Configuring Third Party Integrations" on page 91. © 2015 Autotask Corporation l Page 32 of 197 Your User Account All users with permission to navigate to Account > Details Account > Details Users with permission to access the Account > Details tab can view, or view and manage their own user account. These permissions are determined by roles. Refer to "Roles" on page 43. How to... Edit your user details If your role permissions include the ability to manage your user account, you can change the values in the following fields: Name Description Account/Company This is the name of your organization as set up when you registered. Note that anyone with permission to manage Account > Details will be able to edit this name. Username The string you use to log into AEM. Once created, it cannot be edited. First name, Last name Your first and last name. Emails Your email address. Billing Email The email address of the user to whom you want us to send your invoices. VAT Number Enter the VAT Number or Tax ID of your company here. Address Line 1 / Address Line 2 Enter your street address. City/Town Enter the name of the city or town. County/State Enter a county or state. Postal Code Enter your zip code or postal code. Country Enter the official name of your country. Telephone Enter your phone number, including your extension, if applicable. Time Zone Select the correct time zone for your location. Times and dates will be recorded and displayed using this time zone. The time zone selected will determine when scheduled jobs and patch management policies will run. © 2015 Autotask Corporation l Page 33 of 197 Enable or disable two-factor authentication Two-factor Authentication (2FA) can be required at the system level, or enabled by an individual user for themselves. If 2FA is required, all users will be forced to enable 2FA for their respective logins. The process is the same either way. Refer to "Two-Factor Authentication" on page 60. Change your password If you have Manage permissions, you can proactively change your password on the Account > Details tab. Refer to "Change your own password" on page 57. Change the language of the AEM interface You can change the display language of Autotask Endpoint Management to one of the following languages: l German l Spanish l Hungarian l French l Italian l Portuguese l Swedish When you select the desired language from the Language drop-down, the screen will be refreshed and displayed in the selected language. Change your default role AEM users can be associated with more than one role, but when you log in, your default role will be used. © 2015 Autotask Corporation l Page 34 of 197 To change your default role, click the Default role drop-down and select a different role. © 2015 Autotask Corporation l Page 35 of 197 Licensing and Billing Role that includes access to Account > Packages Account > Packages On the Account > Packages page, you can review the details of your Autotask Endpoint Management (AEM) account and access the Billing Portal to pay your invoices. You will see the following information: Field Description Package Details Account Name This is the name of the company Autotask is billing for Endpoint Management. Account UID The unique ID of your Endpoint Management site. Package Indicates whether you are billed annually or monthly. Managed Devices (Request Subscription Increase) The number of managed devices used of your device limit. For more information, see "Increase your device limit" on page 39. Click the Request Subscription Increase link to increase the number of devices. A member of our Sales team will contact you shortly. OnDemand Devices The number of OnDemand devices used. For more information, see "Increase your device limit" on page 39. Extensions Additional product features that are enabled for your account, such as Branding or Patch Policies. Billing Portal View and Pay Your Invoices Click this link to open the Autotask billing portal. Refer to "View and pay your invoices" on page 37. CentraStage Invoices (Deprecated) CentraStage Invoices Old invoices will still be available to view in the existing billing portal. New invoices and your account balance at the point of transition will be available in the Autotask Billing Portal and can be paid there. Terms and Conditions Clicking the link will open the Autotask Master Services Agreement. © 2015 Autotask Corporation l Page 36 of 197 You can find the VAT number for your account and the billing email on the Account > Details tab. How to... View and pay your invoices 1. Log into the Web Portal. 2. Navigate to Accounts > Packages. 3. In the Billing Portal section, click View and Pay Your Invoices. The Autotask Billing Portal will open. 4. Review your account information to make sure it is correct. You can update billing details on the Account > Details tab. Refer to "Edit your user details" on page 33. Changes may take up to 72 hours to apply. 5. If you have not yet configured a payment method, click Set Payment Method. The Payment Configuration window will open. © 2015 Autotask Corporation l Page 37 of 197 6. Enter the required information and click Save Settings. 7. Optionally, you can check Enroll in Autopay in the Autotask Billing Portal window. When Autopay is selected, your invoice will automatically be paid in full on the due date, using the credit card information you entered in the previous step. Invoices are listed below the account and payment information. The invoice status can be Awaiting (that is, unpaid) or Paid. 8. To view an invoice, click View PDF. 9. To pay your invoice, click Pay Now. © 2015 Autotask Corporation l Page 38 of 197 10. In the Confirmation window, click Submit Payment. The status of the invoice is updated to Paid. Invoices issued prior to June 29, 2015 can still be viewed but cannot be paid here. If you have additional questions about the invoicing process or an invoice, please contact the Autotask Accounts Receivable team. Increase your device limit All accounts in AEM have a device limit. This limit is generally the number you set up when you sign up for an account. You can check the number of used and available Managed and OnDemand licenses by logging into the Web Portal and navigating to Account > Packages. When your account reaches its device limit, the AEM Web Portal will alert you with a banner at the top of the Web Portal. AEM has a 10% buffer to ensure that you don't lose connectivity to your devices when your account has reached its limit, but any new devices added above that buffer will not connect to the AEM platform. To increase your device limit: 1. Click the Request Subscription Increase link. 2. A member of our Sales team will contact you shortly. © 2015 Autotask Corporation l Page 39 of 197 Branding Role that includes access to Account > Branding Account > Branding RebrandingBranding is an extension to the Autotask Endpoint Management application. Downloading the extension lets you apply your company brand to the Web Portal, the Agent browser and reports. Users with role permissions that include access to the Account > Branding tab can customize the color scheme of the Web Portal and a number of Agent settings. How to... Add custom branding to your account 1. Navigate to Account > Branding. 2. To edit the logos or color scheme of the Web Portal, click Edit on the CSM Branding header. 3. Modify the following settings: Setting Description Custom CSM Logo This is the logo that is displayed in the top left corner of the Web Portal. To keep the aspect ratio of your logo, you should not exceed a size of 260 pixels wide by 35 pixels high. © 2015 Autotask Corporation l Page 40 of 197 Setting Description Custom Report Logo This is the logo that is displayed at the top of Endpoint Management reports. To keep the aspect ratio of your logo, you should not exceed a size of 758 pixels wide by 130 pixels high. CSM Header colour Select the color of the page header in Hex value. CSM Menu colour 1 Select the color of the top navigation menu background in Hex value. CSM Menu colour 2 Select the color of the top navigation tabs in Hex value. 4. To keep your changes, click Update. To restore the factory defaults, click Restore Defaults. To cancel without saving any changes, click Cancel. 5. To edit the logos used for the Agent and some labels in the Agent browser, click Edit on the CAG Branding header. 6. Modify the following settings: Setting Description Company Name Appears under the About section in the Agent browser (either right-click on the Agent > About or open the Agent browser > Help > About.) Product Name This is the label for the Agent browser icon in the system tray. Primary Text Specify the text that will be displayed on the Managed Agent login screen. The current text is shown to the right. OnDemand Text Specify the text that will be displayed on the OnDemand Agent login screen. The current text is shown to the right. Company URL Specify the URL that will be used by the Agent. Company Support URL Specify the Company Support URL that will be used by the Agent. Primary Logo Select the primary logo for the Agent browser (176x176, PNG file). Icons Select the icons that will be used to represent the status of the device in the system tray. Icons must be 16 x 16 pixels in ICO format only. If you use the Mac Agent, ICO files with the dimensions of 48 x 48 are required. 7. To keep your changes, click Save. To restore the factory defaults, click Restore Defaults. © 2015 Autotask Corporation l Page 41 of 197 To cancel without saving any changes, click Cancel. 8. Once your changes have been saved, click on Push Changes so that they can be applied. Remove the RebrandingBranding extension To remove the rebranding extension, simply delete it from the Extensions category in your Component Library. © 2015 Autotask Corporation l Page 42 of 197 Roles Administrator Account > Roles Roles allow you to specify and limit the access users have when logged into the Autotask Endpoint Management (AEM) Agent Browser and Web Portal. Users can have more than one role, and change them as needed without having to log out. Roles can be added, edited or deleted only in the AEM Web Portal. Changing roles is possible both in the Agent Browser and the Web Portal. To be able to add, edit or delete a role in the Web Portal, you need to have Account Admin access. For further information, refer to "Users" on page 48. By default, the Account Admin role is assigned to the user who registers the AEM account and it is the only role available to assign to new users until other roles are created. The Account Admin role is a built-in role that cannot be modified or edited in any way. Users who have this role assigned have full and unlimited access to all AEM functionality, and can see and connect to all devices in the AEM account. How to... Add a role 1. In the Web Portal, click on the Account tab. 2. Click Roles. 3. Click Add Role. 4. If you would like to copy an already existing role to use it as a template, you can choose it from the Based On drop-down list on the next page. Otherwise, select New Role. © 2015 Autotask Corporation l Page 43 of 197 5. Give the role a name and a description. 6. Select the options applicable to the new role on the Role Details page. Expand each field. Field Definition Device visibility Controls which devices the role has access to. Turn on the options to include specific profiles or groups. Permissions Turn on permissions for each area of the Web Portal (such as system, profiles, components, etc.), then check Disabled, View or Manage for each separate view. Agent Browser Tools The Agent Browser Tools control the access to each of the functions available within the AEM Agent. Disabling any of the functions will result in the feature appearing as inactive to the user on the Agent Browser. Membership Defines which users belong to this role. 7. Click Apply and Save Changes to finish creating the role. This video tutorial demonstrates how to create a role for technical support engineers allowing them to use only the remote takeover functionality in the Agent Browser and access to the Web Portal. Edit a role 1. In the Web Portal, click on the Account tab. 2. Click Roles. 3. Click on the name of the role you wish to edit. 4. Edit the Role Details. 5. Click Apply and Save Changes. Delete a role 1. In the Web Portal, click on the Account tab. © 2015 Autotask Corporation l Page 44 of 197 2. Click Roles. 3. Hover over the name of the role you wish to delete. 4. Click Delete this role. 5. Confirm role deletion. If the role you are deleting is linked to any existing jobs or policy targets, it will need to be replaced with another of the available roles. While you can replace the role used in existing jobs or policy targets, be aware that it is possible to delete the only role associated with a user. 6. Click Delete. Change your role Users who have more than one role assigned can change their role on the fly in both the AEM Agent and the web browser. Agent © 2015 Autotask Corporation l Page 45 of 197 1. On the local device where AEM is installed, right-click on the AEM Agent icon in the system tray and click Open. 2. Log in with your username and password. 3. Click on the first menu option in the top left corner. 4. Hover over Roles and select the required role from the list. 5. You will be logged out of the Agent automatically. 6. Log back in to be able to use the selected role. Web Portal 1. In the top right corner, click on your current role to see a list of available roles. © 2015 Autotask Corporation l Page 46 of 197 2. Select the required role. 3. The page will automatically refresh and the selected role will be applied. © 2015 Autotask Corporation l Page 47 of 197 Users All users with permission to navigate to Account > Users Account > Users Users in Autotask Endpoint Management (AEM) are individuals set up with a user account. You add and manage users and review the user activity log on the Account > Users tab. On this tab, you can toggle between two views: l l The Users view displays a list of all users that have been set up in your AEM system. Here, you add and manage users. The Activity view is a log of all user activity performed in both the Web Portal and Agent Browser. You can view, filter, search and export the log or parts of it. Refer to User Activity. By default, the Users view is displayed. Manage Users When the Users view is displayed, you can Review your list of users The user list will show up to 100 records on a page. The following columns are displayed: Name Description Selection check box Click the check box in the header row to select all rows, or click one or more rows to perform an action. Username Clicking the Username hyperlink will open the User Details window in Edit mode. Refer to "Edit a user" on page 49. Name Fist and last name of the user. Roles Lists all roles that are associated with this user. © 2015 Autotask Corporation l Page 48 of 197 Name Description Security Level Determines which components can be accessed by users with this role. Select a number between 2 (Low) and 5 (Super). Refer to Components and ComStore. Account Admin A toggle that will instantly add or remove the Account Admin role for the user. Refer to "Roles" on page 43. Search for a specific user 1. In the Search field, enter part of a Username or Name. As you type, the search results are narrowed to match your search string. 2. To display the full list, delete the search criteria. Add a user 1. Click Add User. 2. Fill in all the fields. Field What to Enter Username Enter a unique username, such as firstname.lastname@mycompany.com. Note that the username must be unique not only on your platform but across all platforms. Best practice is to use an email address. Password In order to create a strong password, it has to be at least 8 characters long, with at least one uppercase and one lowercase letter, at least one digit and at least one of the following special characters:* @ # $ ! £ % Email Enter the user's email address. First name, Last name Enter the user's first and last name. Security Level Determines which components can be accessed by users with this role. Select a number between 2 (Low) and 5 (Super). Refer to Components and ComStore. Roles Select the user's default role by clicking on the radio button. The default role will automatically be assigned to them when they log in to the Web Portal. You may assign a user more than one role by selecting the check box next to another role. This will allow them to switch between roles in the Agent's menu options or within the Web Portal using the role drop-down menu next to their username. For more information on managing roles and how to add new ones, refer to "Roles" on page 43. 3. Click Create to create the user, or click Cancel. Edit a user 1. Click on the Username of the user you wish to edit. The User Details page will open. © 2015 Autotask Corporation l Page 49 of 197 2. Edit the User Details. For field descriptions, refer to "Add a user" on page 49. 3. To assign a new password, you can simply enter one into the Password field, or click the Generate random link. The new password is not automatically sent, so you should copy the password and email it to the user. 4. To inactivate the user, uncheck the Enabled check box. 5. Click Update to save the changes. Disable or enable a user You have two options to disable or enable a user. Follow the steps of the first method below: 1. Click on the Account tab. 2. Click Users. 3. Select the user(s) in question and click the Toggle disable/enable user icon from the Action bar. 4. Confirm whether you want to disable / enable the user(s). © 2015 Autotask Corporation l Page 50 of 197 5. In case you have just disabled the user, note the disabled icon displayed next to the user's name. You may also disable or enable a user by following these steps: 1. Click on the Account tab. 2. Click Users. 3. Click on the name of the user you wish to edit. 4. Uncheck or select Enabled in the User Details window. 5. Click Update. Delete a user © 2015 Autotask Corporation l Page 51 of 197 It is possible to delete a user in AEM, however, it is best practice to disable rather than delete a user to keep the integrity of data. Once a user is deleted, all their associations will be deleted and the activity record will show that their actions had been carried out by a deleted user. In order to delete a user, follow these steps: 1. Click on the Account tab. 2. Click Users. 3. Select the user(s) in question and click the Delete user icon from the Action bar. 4. Confirm whether you want to delete the user(s). © 2015 Autotask Corporation l Page 52 of 197 Manage Passwords Autotask Endpoint Management (AEM) allows for managing your own and other users' passwords in a few easy steps. Strong Password Requirements Make sure to create a strong password that meets the below requirements: l At least 8 characters long l Contains at least one uppercase and one lowercase letter l Contains at least one digit l Contains at least one of the following special characters: * @ # $ ! £ % The text in the password entry box will be displayed in red if it does not meet the strong password requirements. Once the password meets all the requirements, its color will change to black. How to... Reset your password in the Web Portal Any user AEM login page If you have forgotten your password, you can reset it by following these steps: 1. Open the AEM login page. 2. Click I forgot my details. © 2015 Autotask Corporation l Page 53 of 197 3. Enter your username and email address to begin the password reset process. 4. Click Reset Password. 5. A password reset link will be generated and emailed to your email address. Click the link in the email. The password reset link automatically expires in one hour after receiving it. 6. Create a new password and click on Change Password. Make sure that your new password meets the strong password requirements - refer to "Strong Password Requirements" on page 53. © 2015 Autotask Corporation l Page 54 of 197 7. Once the password has been changed successfully, log in to your account with your new password. Reset your password in the Agent Browser Any user AEM Agent Browser If you have forgotten your password, you can reset it by following these steps: 1. Open the AEM Agent Browser. 2. Click Forgotten your password?. © 2015 Autotask Corporation l Page 55 of 197 3. Enter your username, if you remember it, and email address to begin the password reset process. If you can't remember your username, enter your email address and click Send me my details. 4. If you entered your username in step 3, skip steps 5-7 and go to step 8. 5. If you didn't enter a username in step 3, you will receive an email with a list of usernames that are associated with this email address. 6. Click Log in here, and on the new window, enter one of the usernames. © 2015 Autotask Corporation l Page 56 of 197 7. Click I forgot my details again. 8. A password reset link will be generated and emailed to your email address. Click on the link in the email. The password reset link automatically expires in one hour after receiving it. 9. Create a new password and click on Change Password. Make sure that your new password meets the strong password requirements - refer to "Strong Password Requirements" on page 53. 10. Once the password has been changed successfully, log in to the Agent Browser with your new password. Change your own password Any user with the permission to manage the Account > Details section. Account > Details > Security Settings The correct permission to access the Account > Details section can be set up in Account > Roles. For further information, refer to "Roles" on page 43. In case you remember your current password but would like to change it: 1. Click on the Account tab. 2. Click on the Details tab. 3. Scroll down to Security Settings and click Change Password. © 2015 Autotask Corporation l Page 57 of 197 4. Type in your current password. 5. Type in your new password twice. Make sure that your new password meets the strong password requirements - refer to "Strong Password Requirements" on page 53. 6. Click Change. Change another user's password Administrator Account > Users > User Details In case you need to change another user's password: 1. Click on the Account tab. 2. Click on the Users tab. 3. Click on the username you wish to edit. © 2015 Autotask Corporation l Page 58 of 197 4. On the User Details page, type in the new password in the Password field. Make sure that your new password meets the strong password requirements - refer to "Strong Password Requirements" on page 53. You may also generate a random password. 5. Click Update. 6. Confirm the password change in the pop-up window by clicking on OK or click Cancel to discard the change. Make sure to provide the user with the new password. © 2015 Autotask Corporation l Page 59 of 197 Two-Factor Authentication About Two-Factor Authentication To enable two-factor authentication for yourself, permission to access Account > Detail page. To enable two-factor authentication for you organization, Account Admin permission is required. Two-factor authentication (2FA) is a security process in which a second level of authentication is added to the account login credentials. Both factors of authentication must be used and must be correct in order to establish the person's identity beyond doubt. The two factors may include: l Something that the user possesses, such as a token, a card, a key, etc. l Something that the user knows, such as a username, password, PIN, etc. l Something that is inseparable from the user, such as a fingerprint, iris, voice, etc. Requirements In Autotask Endpoint Management (AEM), 2FA requires login credentials (username and password) and a one-time password (OTP) issued by an OTP token application. l l l To enable two-factor authentication for yourself, you must have at least View permission for the Account > Details tab A 2FA-token-generating application such as Google Authenticator (Android & iOS), Authy (Android & iOS) or HDE OTP (iOS) must be installed on your smartphone or tablet You should have a valid telephone number set up that can receive SMS messages. The number will be used for recovery purposes or when disabling 2FA on a single user account when logging in We strongly recommend that you assign account admin permissions to more than one user. This is to ensure recovery, should there be an issue authenticating during the initial configuration or if the authenticating device encounters a problem. Enable 2FA for yourself 1. Click on Account. 2. Click on the Details tab. 3. Scroll down to the Security Settings section and click Enable Two Factor Authentication. 4. The Enable Two-Factor Authentication window will open. Scan the QR code with your 2FA-tokengenerating application. © 2015 Autotask Corporation l Page 60 of 197 In case you do not have access to an authenticator, you can also have the token emailed to you by checking the check box at the bottom of the Enable Two-Factor Authentication window. Note that this setting is remembered and will be applied each time you attempt to log in to AEM. 5. Enter the token generated by your app or received via email into the box in the Enable Two-Factor Authentication window in the Web Portal. 6. Click Save. 7. You will receive a message confirming that the TOTP (Time-Based One-Time Password) token has been saved successfully. © 2015 Autotask Corporation l Page 61 of 197 8. Click OK. 9. To confirm if the 2FA has been set up correctly, log out of the Web Portal and log back in. Once you have typed in your credentials, you will see a page asking for the one-time password (OTP) token that your app will generate or that you will receive via email if you set it up that way. Type in the token and click Log In. 10. Note that when accessing the Agent Browser, you will also need to enter an OTP token. Disable 2FA for yourself You can disable two-factor authentication for yourself in two ways: either when already logged in or while logging in to the Web Portal. See the two methods outlined below. You are already logged in to the Web Portal: © 2015 Autotask Corporation l Page 62 of 197 1. Click on Account. 2. Click on the Details tab. 3. Scroll down to the Security Settings section and click Disable Two Factor Authentication. 4. A message will appear confirming that the TOTP token has been disabled. In case the Account Administrator had requested two-factor authentication for all users, the option to disable two-factor authentication for individual users will be inactive. In order to progress, the Account Administrator will need to switch off 2FA for the whole account first by following the steps outlined in "Disable 2FA for all users" on page 65. You are about to log in to the Web Portal: You have the option to disable 2FA when logging in to the Web Portal. This requires that a valid telephone number, that is able to receive SMS messages, is set up for your user account as outlined in the "Requirements" on page 60 section. 1. Open the AEM login page. 2. Enter your username and password. 3. Click on Log In. 4. Click on Disable TOTP. © 2015 Autotask Corporation l Page 63 of 197 5. If you had not set up any phone number in your user account previously, you will not be able to receive the disable code. Please contact Customer Support for further assistance. 6. In case you have a phone number on file, a disable code will be sent to that number. Once you have received the code, enter it on the Web Portal and click Disable Two Factor Auth. 7. Access to the account will be granted once a valid disable code has been entered. The disable code is only valid for 10 minutes and another code will not be sent within that time frame. Enable 2FA for all users Administrator In order to be able to turn on two-factor authentication for all users, the Account Admin user needs to enable it for themselves first. Refer to "Enable 2FA for yourself" on page 60. Two-factor authentication can be enforced as a mandatory requirement for all users in the account. To enable this, you will need to have Account Admin access in AEM. 1. Click on Account. 2. Click on Settings. © 2015 Autotask Corporation l Page 64 of 197 3. Scroll down to the Access Control section and switch on the Require Two Factor Authentication option. 4. Once this has been enabled, all users will be forced to enable 2FA for their respective logins. Refer to "Enable 2FA for yourself" on page 60. Disable 2FA for all users Administrator 1. Click on Account. 2. Click on Settings. 3. Scroll down to the Access Control section and switch off the Require Two Factor Authentication option. © 2015 Autotask Corporation l Page 65 of 197 © 2015 Autotask Corporation l Page 66 of 197 Account Settings Any user with the permission to manage Account Settings. Account > Settings If you are the person who is responsible for implementing Autotask Endpoint Management (AEM) in your company, this guide will help you get your AEM site up and running. There are a few fundamental account settings that you need to be aware of in order to get the most out of the functionality AEM offers. The correct permission to access Account Settings can be set up in Account > Roles. For further information, refer to "Roles" on page 43. The settings described below apply to your entire AEM site, however, they may be modified through Profile Settings if applicable. CSM Password Policy The password policy requirements defined here will apply to all users in both the Web Portal and the Agent Browser. Click Edit to update your settings. Requirement Value Definition Expire Password Never 30 days 60 days 90 days Specify the number of days after which users are required to change their login password. Select Never if you do not require users to change their password. Unique Password Never 2-6 Specify the number of passwords to be used before users can apply a previously used password again. Select Never if you would like to prevent users from being able to apply any previously used password. AEM requires the use of strong passwords that need to meet all of these criteria: l At least 8 characters long l Contains at least one uppercase and one lowercase letter l Contains at least one digit l Contains at least one of the following special characters: * @ # $ ! £ % For information on how to change passwords, refer to "Manage Passwords" on page 53. Access Control This area allows you to control access to your AEM site. Turn the options on or off as required or click Edit to update the Restricted IP List. © 2015 Autotask Corporation l Page 67 of 197 Field Definition Require Two Factor Authentication Allows the Account Admin user to force all users to activate 2FA for themselves. Note: The Account Admin user needs to enable 2FA for themselves first in order to be able to enable it for all other users. For more information on how to enable 2FA for a single user, refer to "Two-Factor Authentication" on page 60. Require New Device Approval If this option is enabled, any new device added to the site will need to be approved by the Account Admin user first. Only once they are approved, will it be possible to manage them through AEM. By default, the option is disabled. For more information, refer to "New Device Approval" on page 77. CSM IP Address Restriction Allows you to restrict access to the Web Portal for specific IP addresses. Once this option is turned on, your current IP address will automatically be added to the Restricted IP List. You can add more than one IP address to the list. Agent IP Address Restriction Allows you to restrict access to the Agent Browser for specific IP addresses. Once this option is turned on, your current IP address will automatically be added to the Restricted IP List. You can add more than one IP address to the list. Restricted IP List If you have enabled the CSM IP Address Restriction and/or Agent IP Address Restriction options, enter one or more IP addresses to the Restricted IP List to ensure that the Web Portal and/or Agent Browser are only accessible through these IP addresses. Note: Your current IP address will automatically be added to this list once you turn on the CSM IP Address Restriction or Agent IP Address Restriction option. If you would like to update the IP addresses or add new ones, click on Edit, make the changes and click Update. Power Rating You can specify the cost and power rating of your devices for the entire account. These numbers will provide the basis for your managed endpoints' energy usage calculation that you can view on the Managed profiles' summary page. For more information, refer to Profile Summary. If the fields are left blank, the default wattage and cost per kWh will be applied. The default wattage of 350W and the default cost can be changed by clicking on Edit. The numbers set here can be overridden in Profile Settings and/or on the Device Summary page. Field Value Desktop Define the power rating of desktops. This can be overridden in Profile Settings and on the Device Summary page. © 2015 Autotask Corporation l Page 68 of 197 Field Value Server Define the power rating of servers. This can be overridden in Profile Settings and on the Device Summary page. Laptop Define the power rating of laptops. This can be overridden in Profile Settings and on the Device Summary page. Other Define the power rating of any other devices. This can be overridden in Profile Settings and on the Device Summary page. Cost per kWh Define the cost per kWh. This can be overridden in Profile Settings. The formula to calculate the managed endpoints' energy usage calculation is as follows: (UptimeInMinutes * Wattage) / 60 / 1000 * Price End-User Ticket Assignee Select a user with Account Admin permissions as the default person to assign tickets to. If No default account is selected, the end-user tickets will be assigned to the user who registered the account. The end-user ticket assignee set here can be overridden by an end-user ticket assignee set at profile level. Refer to Profile Settings. Variables You can specify variables that can be used when writing custom scripts or components. The variables can be defined with a specific value that the Agent will use when executing the script. How you refer to the variables in your script will be defined by the scripting language you apply (e.g. in batch scripts, you can refer to a variable in the format of %VariableName%). For more information, refer to Input Variables. Account variables used in scripts or components will be passed to jobs but will be overridden by profile variables of the same name. You can specify your profile variables in Profile Settings. 1. Click on Click here to add a variable. 2. Give it a meaningful Name. Make sure there is no space in the variable's name. 3. Specify the variable's Value. 4. Check Mask my input if you would like to hide the variable's value. 5. Click Add. © 2015 Autotask Corporation l Page 69 of 197 6. Repeat steps 1-5 to add more variables. Custom Labels You can configure 5 custom field labels at account level that will be applied to the custom fields available on the Device Summary page. These fields can be populated with information that is not picked up in the device audit so that it can be filtered and searched upon to provide additional targeting for jobs and policies. You can enter the custom field information manually on the Device Summary page or it can be populated by the AEM Agent on Windows devices. For further information, refer to "Custom Fields" on page 80. The custom field labels defined here can be overridden at profile level. Refer to Profile Settings. To configure the custom field labels, do the following: 1. Hover over one of the custom fields and click on the pencil icon to edit it. 2. Rename the field under System Override. 3. Click on the green tick to save the changes. Custom Agent Settings Custom Agent settings allow you to define how Agents communicate with the platform and perform network scans. Field Definition Use Connection Brokers AEM uses connection brokers to reduce outbound network traffic within a subnet. If you have a number of devices connected to the platform, connection brokers will handle pings and keep-alive-requests to tell the platform if the devices are online or not. By default, this option is set to ON. Switching this option off will prevent any Agent in the account from becoming a connection broker. For more information refer to "Connection Brokers" on page 84. Note: The setting applied here overrides any setting made at profile level, however, it is possible to manually modify this selection in Profile Settings afterwards. Use alternative settings for Agent Select this to be able to configure further custom Agent settings. © 2015 Autotask Corporation l Page 70 of 197 Field Definition Control Channel Address By default, this field should be left blank. In case a specific Control Channel Address is needed for your site, please contact your AEM Implementation Manager. Control Channel Port By default, this field should be left blank. In case a specific Control Channel Port is needed for your site, please contact your AEM Implementation Manager. Web Service Address By default, this field should be left blank. In case a specific Web Service Address is needed for your site, please contact your AEM Implementation Manager. Tunnel Server Address A tunnel server acts as an interface between devices for remote takeover sessions. Specify an IP / domain and a port to be used for the relayed connection by default (e.g. 123.45.6.789:443). Refer to "Connecting Agents through the Tunnel Server Grid" on page 14. NetAssets Subnet Limit Limits the size of the scan an Agent performs in a single subnet. By default, the limit is set to 65.534 which is also the maximum number of IP addresses that an Agent is able to scan in a subnet. Set the value to 0 to disable network scanning for the entire account. Note: It is not possible to disable network scanning at profile level. For further information, refer to Disable network scanning of SNMP devices. NetAssets Scan Limit The limit of devices that the Agent can scan on the subnet of the device. By default it is set to 254. The minimum value is 0, the maximum value is 1024. For more information about discovered devices, refer to Manage Network Devices and Printers using SNMP. Agent Deployment Credentials To be able to deploy an Agent across a LAN, you'll need to have a username and password for the device(s) you're going to install the Agent on. It is possible to cache these credentials so that you don't have to enter them each time for each device. All credentials entered here will be tried during Agent deployments for any profile. You can add Agent Deployment Credentials at profile level as well. They will be used in addition to those specified here. For further information, refer to Profile Settings. 1. Click on Edit. 2. In the Username field, enter the domain (if in use) and the username in the following format: Domain\Username. 3. Enter the Password. 4. To add further usernames and passwords, click on Add credentials. 5. Click Save Changes. © 2015 Autotask Corporation l Page 71 of 197 SNMP Credentials If you would like to manage SNMP-enabled devices in AEM, you can cache their SNMP credentials so that you don't have to enter these whenever adding new managed network devices. For further information about how to add managed network devices, refer to Manage Network Devices and Printers using SNMP. You can add SNMP Credentials at profile level as well. They will be used in addition to those specified here. For further information, refer to Profile Settings. 1. Click on Edit to be able to add SNMP credentials. 2. Choose the correct Version: v1/v2c or v3. 3. Fill in the details (see below). 4. To add more credentials, click on Add SNMP Credentials and repeat steps 2-3. 5. Click Save Changes. SNMP v1/v2c needs a name and community string, while v3 requires more complex security. If you’re not sure what settings you need to enter here in order to connect to your network device over SNMP, refer to the device documentation or provider for more details. v1/v2c Field What to Enter Name Enter the name of your device. Community The community string works as a password. If the field is left blank, the default read-only community string "public" is applied. If your device has a customized community string, enter it here. V3 Field What to Enter Name Enter the name of your device. V3 User Enter the V3 username. Authentication Select one of the authentication protocols: • None • MD5 • SHA1 V3 Password Enter the V3 password. © 2015 Autotask Corporation l Page 72 of 197 Field What to Enter Encryption Select one of the encryption standards: • None • DES • AES128 • AES192 • AES256 • TripleDES V3 Encryption Key Enter the V3 encryption key. Context Enter the SNMP context ID. Splashtop Settings If you cannot see this section, that is because you haven't downloaded the Splashtop extension for your site, yet. Go to ComStore and search for the extension Splashtop Remote Screen Sharing. Click on Buy to be able to set it up for your account. Once the extension has been downloaded, the Splashtop Settings section will be displayed. You can enable Splashtop functionality or disable it altogether by turning on the option Enable automatic installation of Splashtop Streamer. Once this is enabled, you can opt to automatically install it on all applicable machines without any administrative prompting. The inclusion and exclusion fields are present for configuring this feature. For further information about the settings, refer to "Splashtop Remote Screen Share Integration" on page 189. Agent Update Settings By switching the Automatic Agent Updates option ON/OFF, you can specify if you want Agent updates to be rolled out automatically in your site. Disabling automatic updates allows you to delay the roll-out of new Agents to your devices for up to 2 weeks, and selectively roll out the update to individual profiles in the meantime. After 2 weeks, the Agent update will be rolled out automatically. Emergency updates override individual settings and get rolled out automatically. For further information, refer to "Agent Updates" on page 89. Mail Settings You can specify a From Name and a Reply-To Address for the email notifications you send out to your end users. Once these have been configured, the notification emails will come from the name specified and the replies will be delivered to the reply-to address. 1. Click on Edit. 2. In the From Name field, enter a name that you would like to appear in the from field of the emails sent out, for example IT Support. © 2015 Autotask Corporation l Page 73 of 197 3. In the Reply-To Address, enter an email address to which you want your recipient(s) to reply. 4. Click Update. Mail Recipients By clicking on Add, you can specify one or more email recipients and define what type of email notifications they should receive. The user who registered the account is added as a mail recipient by default. Mail recipients of a particular profile can be specified in Profile Settings. 1. Click Add. 2. Fill in the required fields. Field What to Enter Recipient Name Enter the recipient's name. Recipient Address Enter the recipient's email address. Type Select the preferred email format for this recipient: HTML, Text or Both. Receives Select the types of notifications this recipient will receive: Alerts, Reports, New Devices. 3. Click Add. Update Profile Variables You can update one or more of your Managed profiles' existing variables or add new variables by uploading a .CSV file. In order for the update to be successful, the variable name and variable value fields are mandatory to fill in. To learn more about profile variables, refer to Profile Settings. OnDemand profiles cannot be updated with variables. 1. Click on Download Template. 2. Open the .CSV file you downloaded and fill in the details: Field What to Enter Profile UID The Profile UID (Unique Identifier) is hard-coded and cannot be changed or updated. Profile Name The name of your profile. The name cannot be updated through the .CSV file, however, it can be changed in Profile Settings. © 2015 Autotask Corporation l Page 74 of 197 Field What to Enter Profile Description The description of your profile. The description cannot be updated through the .CSV file, however, it can be changed in Profile Settings. Variable Name* Enter the name of the variable. It can be a new variable or an already existing one. Variable Value* Enter the value of the variable. It can be a new value or an already existing one. Variable is Hidden If you would like to mask the variable value, enter 1. If you would not like to mask the variable value, enter 0. Note: When adding a new variable and leaving this field blank, the variable value will not be masked. *Mandatory field. 3. Save the file in .CSV format. 4. Click on Choose file and select the file you have just saved. 5. Click Update. 6. The following message will appear in a yellow info bar at the top of the page: Profile variables imported successfully. 7. The variables will appear in Profile Settings > Variables. Apple Push Certificate If you cannot see this section, that is because you haven't downloaded the Mobile Device Management extension for your site, yet. To find out how to do that and how to upload an Apple Push Certificate, refer to Mobile Device Management (MDM) and Deploy an iOS Agent. Reset Columns Display If you have changed the column display at various places in your AEM site, this option will allow you to restore the default column display for your entire account. 1. Click Restore Defaults. 2. Confirm your request by clicking OK in the pop-up window. © 2015 Autotask Corporation l Page 75 of 197 Restoring the default column display will apply to your user account only. It will not change other users' settings. Other users will need to restore the default column display for their own user account in Account > Settings or on individual pages where they had previously changed the column display. Windows Security Centre Audit If you cannot see this section, that is because you haven't downloaded and configured the Kaspersky Endpoint Security (KES) extension for your site, yet. Once KES is configured, this section will be displayed and you can configure the following: Field Definition Windows Defender Enable or disable Windows Defender for workstations. By default, it is set to ON. Windows Firewall Enable or disable Windows Firewall for workstations and servers. By default, it is set to ON. If any of the above is turned off, the Windows Security Center summary will not be shown under Device Summary > System > Security. To find out how to disable KES at profile level, refer to Profile Settings. For more information about KES, refer to "Kaspersky Endpoint Security Integration" on page 136. © 2015 Autotask Corporation l Page 76 of 197 New Device Approval Administrator Account > Settings > Access Control > Require new device approval Profiles > Approve Devices Device approval or sandboxing improves account security by giving the Account Admin user control over any new Agents connecting to their account. This functionality is disabled by default in "Account Settings" on page 67. How to... Enable new device approval 1. Navigate to Account > Settings. 2. Locate Access Control. 3. Switch Require new device approval to ON. Once this option has been enabled, any new device connecting to your account will be sandboxed, that is, they will require Account Administrator approval before they can participate in your account activity. The sandboxed devices will not be able to: l Run jobs l Apply policies l Download components They will be able to : l Submit audit data l Submit performance data l Allow remote takeover functionality Devices awaiting approval will be added to the Managed device count and billed as such. Approve or remove devices When a new device gets added to your account and the Require new device approval option is enabled in "Account Settings" on page 67, the new device will be flagged in the Web Portal the following ways: l An Approve Devices button will become visible on the Profiles page. © 2015 Autotask Corporation l Page 77 of 197 The Approve Devices button will not be visible unless a new device is waiting approval, even if the Require new device approval option is enabled. l Devices awaiting approval will appear highlighted in blue in their profiles and a message with a link to the sandboxed device(s) will notify you that they are waiting for your approval. To approve a device or remove it from your account, do the following: 1. Click on either the Approve Devices button on the Profiles page, or the link to the sandboxed devices in a profile. 2. You will be directed to the Devices Awaiting Approval (sandbox) page which will look like this: 3. Click the checkbox next to the device(s) you wish to approve or delete. 4. Click the Approve device(s) button to approve the device(s) or the Delete device(s) remove the device(s) from your account. button to Approved devices will now be allowed to fully communicate with the platform. © 2015 Autotask Corporation l Page 78 of 197 Removed devices will be deleted from the account. © 2015 Autotask Corporation l Page 79 of 197 Custom Fields Administrator Profiles > click on a Profile > Devices > click on a Device > Summary Custom fields in Autotask Endpoint Management (AEM) are used for displaying device information that is not picked up during the device audit. Each device record can have up to 5 custom fields. You can enter the custom field information manually on the Device Summary page or it can be populated by the AEM Agent on Windows devices. Once a custom field is populated with information, the data can be filtered and searched to provide additional targeting criteria for jobs and policies. Note that custom field information can be populated by the AEM Agent on Windows devices only. It will fail on any other operating system. For information about how to set up custom field labels, refer to "Account Settings" on page 67 and Profile Settings. How to... Add custom field information manually In order to manually enter information into the custom fields, do the following: 1. Go to Profiles and click on one of your profiles. 2. Click on the Devices tab and click on one of the device records. 3. On the Device Summary page, click the Edit hyperlink next to the device description. 4. Add the required information into the custom fields. In our example, we entered information into Custom field 1. © 2015 Autotask Corporation l Page 80 of 197 5. Click Save. For more information, refer to Device Summary. Populate custom field information automatically Having custom field information displayed on the device summary page does not have to be a manual process exclusively. On Windows devices, custom fields can also be populated by the AEM Agent. By adding entries to the device registry, the Agent will send the data back to the platform and the custom fields will get populated automatically. This makes for an extremely powerful and useful tool, especially when coupled with the scripting and component mechanisms within AEM. For information on scripting, refer to Scripting. You can use either of the two ways described below to add registry entries to your devices. Use the command line 1. Open the Command Prompt window. 2. To add a registry entry via the command line, use the following syntax: REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\CentraStage /v CustomField /t REG_SZ /d "ValueForFieldHere" /f 3. Make the necessary changes in the command line: © 2015 Autotask Corporation l Page 81 of 197 Field What to Enter CustomField This will be the string value name once added to the registry. Enter one of the following names: • Custom1 • Custom2 • Custom3 • Custom4 • Custom5 ValueForFieldHere This will be the string value data once added to the registry. Enter the information you would like to display on the device summary page. 4. Click Enter. Use RegEdit 1. Open the Registry Editor. 2. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\CentraStage. 3. Right-click in the right-hand window and select New > String Value. 4. Rename the New Value. Enter one of the following names: l Custom1 l Custom2 l Custom3 l Custom4 l Custom5 © 2015 Autotask Corporation l Page 82 of 197 5. Double-click on the value to edit the string. 6. Enter the Value data. This is the information that will be displayed on the device summary page. 7. Click OK. Once the Agent connects to the platform, it will send back the data added to the registry and the information will be displayed on the device summary page in each custom field accordingly. © 2015 Autotask Corporation l Page 83 of 197 Connection Brokers Any User Account > Settings > Custom Agent Settings Profiles > Profile > Settings > Custom Agent Settings About connection brokers Autotask Endpoint Management (AEM) uses connection brokers to reduce outbound network traffic within a subnet. This can be useful especially for low bandwidth environments where you have a number of devices connected to the AEM platform. Connection brokers handle pings and keep alive requests to tell the platform if the devices within the subnet are online or not. By default, the option to use connection brokers is enabled for every account, however, this can be disabled in "Account Settings" on page 67 and Profile Settings. How to... Enable / disable connection brokers The option to use connection brokers is enabled for every AEM account by default, however, you can manually disable it for the entire account or at profile level. The ability to disable connection brokers can be useful when diagnosing single device problems or to overcome local network configuration issues where communication between Agents with a connection broker may be more difficult than allowing them to reach the platform directly. To disable or enable the use of connection brokers, do the following: 1. Go to Account > Settings > Custom Agent Settings or Profiles > select a profile > Settings > Custom Agent Settings. 2. Switch the option Use Connection Brokers on or off accordingly. It will then allow or prevent any Agent from becoming a connection broker in the entire account or at profile level. When switching the option off at account level, it will override any selection made at profile level. However, once you have configured the connection broker option in "Account Settings" on page 67, you can modify it manually at profile level. Nominate a device as connection broker The AEM Agent polls the platform every 90 seconds with keep-alive-messages. If the option to use © 2015 Autotask Corporation l Page 84 of 197 connection brokers is enabled at account and/or profile level, and there is more than one Agent on a LAN connecting to the AEM platform, one of those Agents will automatically be designated as a connection broker. It will then deal with all the pings and keep-alive-messages from the other devices in the subnet, which keeps the outbound traffic to a minimum. To learn how an Agent obtains a node score ranking to become a connection broker automatically, refer to "Node Scores" on page 87. You also have the ability to manually select a device within your network to act as a connection broker. This will give the device a node score of 20 by default. Nominate a device as a connection broker that is likely to have the highest uptime within your network, such as a server. In order to force an Agent to become a connection broker, do the following: 1. Locate the AEM Agent on the local device and right-click on it. 2. Click Settings. 3. Click the Preferences tab. 4. Select the option Force this device to become a Connection Broker (CB). © 2015 Autotask Corporation l Page 85 of 197 5. Click OK. This will set the device to have a node score of 20, thus ensuring that the device is a connection broker. For further information, refer to "Node Scores" on page 87. If you have more than one device that has been set up as a connection broker inadvertently, the device that contacts the platform first will become the connection broker. Find the connection broker The connection broker for each profile is not shown on the Profile Summary screen, however, you can find it through one of the ways outlined below. Through the Agent 1. Open the AEM Agent on a local device. 2. Under the Summary tab, locate the CS Connection section to see the IP address of the connection broker through which this device is connected to the platform. 3. In case this device is the connection broker, the following entry will be displayed: In the logfile If a connection broker is being used, it will be reported in the AEM logfile in the following format: CB:COMPUTERNAME, Score:3 at 192.168.139.1 For further information about the logfile, refer to How do I Find the AEM Log Files?. © 2015 Autotask Corporation l Page 86 of 197 Node Scores Each device with an Autotask Endpoint Management (AEM) Agent installed will obtain a node score ranking to determine whether it can be established as a Connection Broker. The node score is calculated when a device runs an audit (once a day for Managed Agents and once every 7 days for OnDemand Agents). An Agent will only respond to a connection broker request if its node score is equal to or greater than the node score of the requesting Agent. This ensures that the most robust device of the network will become the connection broker for the subnet. For more information, refer to "Connection Brokers" on page 84. Agents are graded on a score of between 0 and 19, 0 being the least suitable and 19 the most suitable to be used as a connection broker. Devices with disabled node score functionality will show -1 for their node score. The node score is calculated from the following areas: l Network connection type l Operating system type l Time elapsed since last system boot The score will be generated through the following score process: © 2015 Autotask Corporation l Page 87 of 197 © 2015 Autotask Corporation l Page 88 of 197 Agent Updates Administrator Account > Settings > Agent Update Settings Autotask regularly rolls out Agent updates, which typically occurs when a new release comes out. However, updates deemed critical by Autotask, such as security updates, may occasionally be rolled out between releases. Autotask Endpoint Management (AEM) Account Admin users have the ability to control when an Agent update is pushed out to the devices with the exception of emergency updates that overwrite individual settings and are rolled out automatically. Turn on / off Automatic Agent Updates By default, the Automatic Agent Updates option is enabled in every account. When this option is turned off, the Account Admin user can take control of Agent updates at system or profile level. The Automatic Agent Updates option can be turned on / off in the Web Portal in "Account Settings" on page 67: 1. Click on Account. 2. Click on Settings. 3. Scroll down to Agent Update Settings. 4. Switch on / off the Automatic Agent Updates. Disabling automatic updates allows users to delay the roll-out of new Agents to their devices for up to 2 weeks, and selectively roll out the update to individual profiles. Emergency updates will overwrite the user settings and be rolled out automatically. Roll out updates If the Automatic Agent Updates option is disabled in your account, you can control when the updates are rolled out. You will see a pink info bar stating that there is an outstanding Agent update available. System level: © 2015 Autotask Corporation l Page 89 of 197 Profile level: Once you click on apply it, the Agent(s) will be enabled to receive updates. Updates can take up to 24 hours to take effect. © 2015 Autotask Corporation l Page 90 of 197 Configuring Third Party Integrations Autotask Endpoint Management integrates with a number of third-party applications that require a degree of setup and configuration. Professional Services Automation Tools For a comparison of the functionality of these integrations, refer to "Service Desk Integrations with Autotask Endpoint Management" on page 93. Autotask Autotask PSA is our own IT Business Management Platform. The integration with Autotask Endpoint Management (AEM) supports the synchronization of AEM profiles and PSA companies, tickets, and devices (configuration items). Refer to "Integrate with Autotask PSA" on page 95. ConnectWise The ConnectWise integration allows you to join together your Autotask Endpoint Management (AEM) and ConnectWise accounts. This allows tickets created in AEM (either through automatic alerts, or created manually) to be managed and processed in ConnectWise, and to be associated with the correct profiles (or "Companies" in ConnectWise). Refer to "ConnectWise" on page 118. Zendesk The Autotask Endpoint Management (AEM) integration with Zendesk enables all tickets to be handled within Zendesk. Refer to "Zendesk" on page 127. Screen Sharing, Backup and Security Datto Datto is a hybrid cloud backup and recovery service. A Datto device on a local network will perform a snapshot of targeted systems and then back them up to storage in the cloud. Refer to "Datto Backup Integration" on page 133. Kaspersky The Autotask Endpoint Management (AEM) integration with Kaspersky Endpoint Security (KES) solution allows you to manage and administer your IT anti-virus solution from within the AEM Web Portal. Refer to "Kaspersky Endpoint Security Integration" on page 136. © 2015 Autotask Corporation l Page 91 of 197 Splashtop Splashtop is a leading screen share technology that provides a faster and smoother experience than the default VNC. The streamer can be rolled out to all your connected devices, both Windows and Mac, either automatically or on demand. Refer to "Splashtop Remote Screen Share Integration" on page 189. © 2015 Autotask Corporation l Page 92 of 197 Service Desk Integrations with Autotask Endpoint Management AEM integrates with the following service desk applications: l Autotask PSA l ConnectWise l Viva Desk l Zendesk Functionality Overview Compare the functionality each integration offers: Feature Autotask ConnectWise Synchronization of existing AEM profiles and devices to the service desk ● ● Synchronization of changes to profiles between AEM and service desk customers ● ● Automatically open an AEM ticket within service desk ● ● Synchronization of ticket priority and status ● ● Tickets created by monitors sync to service desk ● ● Round trip ticket synchronization ● ● Replaces AEM ticketing system ● Viva Desk Zendesk ● ● ● ● ● Access device audit information from service desk ● Connect to AEM Agent browser from service desk ● Associate certain devices to service desk tickets Sync Frequency ● Minutes ● Minutes 4 hours Minutes Direction of Synchronization Each of the service desk integrations sync certain data with AEM. The sync direction is illustrated below: © 2015 Autotask Corporation l Page 93 of 197 Ticket Synchronization Ticket synchronization can either be two way or one way, depending on which part of the ticket is being synced. © 2015 Autotask Corporation l Page 94 of 197 Integrate with Autotask PSA Administrator Account > Integrations This article describes the integration with Autotask PSA version 2015.2, which is currently being rolled out. If you are not yet on 2015.2. About the Autotask Integration Autotask PSA is integrated with Autotask Endpoint Management (AEM) via a connector. The integration supports the synchronization of AEM and PSA companies (profiles), tickets, and devices (configuration items). To configure the Autotask Connector, Administrator security level is required in PSA, and a role that includes access to Account > Integrations is required in AEM. How to... Download the Autotask Connector To download the Autotask Connector, do the following: 1. Log into the AEM Web Portal. 2. Click the ComStore tab. 3. Select Connectors. The Autotask Connector will be displayed. © 2015 Autotask Corporation l Page 95 of 197 4. Click on it, and in the pop-up window click Buy. Configure the company / profile integration When your download is completed, a new tab will appear under the Account tab, called Integrations. © 2015 Autotask Corporation l Page 96 of 197 1. Click the Integrations tab. 2. Click Run setup wizard. The setup wizard opens to the Autotask credentials page. 3. Enter your Autotask PSA Username and Password. 4. Click Test connection... © 2015 Autotask Corporation l Page 97 of 197 If the credentials are valid, a green check mark will appear. 5. Check Filter accounts by Owner ID to synchronize only Autotask PSA companies to AEM for whom the logged in user is the Account Manager. To synchronize all Autotask companies, leave the check box blank. 6. Click Next. 7. Select the PSA company types you want to retrieve and synchronize with AEM profiles. Limit the selection to company types you have set up profiles for. 8. Click Next. © 2015 Autotask Corporation l Page 98 of 197 9. Review the setup options you have selected so far. 10. Optionally, check Analyse profile and account mapping now. This will start the process of mapping existing AEM profiles to PSA company names. If a profile name is identical to a company name, they will be mapped. 11. Click Save Setup. The wizard will then compare PSA company names to AEM profile names and present a summary of possible matches. On the screenshot below, you can see that there are 200 matches, but one profile was not found in PSA, and 8 accounts/companies were not found in AEM. By default, the missing profiles and accounts would be created automatically. 12. If you think the automatic mapping failed because the company and profile names were slightly different and you do not want to create any duplicates, click the Do not synch radio buttons and then click Edit mapping rules... © 2015 Autotask Corporation l Page 99 of 197 This will launch the Edit mapping rules page that allows you to manually match profile names to company names. © 2015 Autotask Corporation l Page 100 of 197 13. Click Save to close this pop-up window, and then click Accept and Continue. 14. Click OK on the confirmation dialog box. The mapping rules will be applied. A number of progress dialog boxes will appear. 15. Finally, the current mapping rules will be displayed on the page. © 2015 Autotask Corporation l Page 101 of 197 16. If you would like to auto-create accounts for any new AEM profiles, toggle the switch to on. 17. Copy the Extension Callout URL to your clipboard and open Autotask to configure the remaining settings. You will need this URL when you configure the PSA end of this integration. Refer to "Configure the connector in Autotask PSA" on page 109. Configure ticket synchronization The next step in the integration setup process is to configure ticket synchronization between AEM and PSA. 1. On the Autotask Integration page, click Setup next to Ticket synchronization. 2. On the Select Autotask queue page, select the ticket queue that will be used for tickets created in PSA. © 2015 Autotask Corporation l Page 102 of 197 The selected queue must be active, or ticket synchronization will fail. All tickets will initially use the selected queue, but you can set up workflow rules to automatically move tickets into different queues. 3. Click Next. 4. On the Associate ticket statuses page, click the drop-down and select the appropriate Autotask status. © 2015 Autotask Corporation l Page 103 of 197 5. Click Next. 6. On the Associate ticket priorities page, you map CentraStage (AEM) priorities to Autotask ticket priorities. Click the drop-down and select the appropriate Autotask priority. © 2015 Autotask Corporation l Page 104 of 197 We recommend using the Autotask PSA priority "Low" for AEM priorities 4 and 5. 7. Click Next. 8. On the Select Work Type page, select a work type that is applied to all tickets generated in AEM. If needed, the work type can be changed using workflow rules. The selected work type must be active, or ticket synchronization will fail. © 2015 Autotask Corporation l Page 105 of 197 9. Click Save Settings. Configure device synchronization The third step in the integration setup process is to configure device synchronization between AEM and PSA. Devices that are installed at an Autotask customer company are called configuration items, but all configuration items are based on a product, and therefore devices must be mapped at the product level. 1. On the Autotask Integration page, click Setup next to Device synchronization. 2. On the Device synch setup page, manually select an existing Autotask product, or allow AEM to create a matching Autotask product. We recommend that you allow the connector to create a matching product if you do not see the corresponding Autotask product. The new product will have a prefix of AEM_devicetype. This will help to differentiate them from existing PSA products. © 2015 Autotask Corporation l Page 106 of 197 3. Click Next. 4. On the Select product allocation code page, you select the Product Code that will be used for all devices synched from AEM to Autotask. The Product Code is a required field in Autotask used for billing. © 2015 Autotask Corporation l Page 107 of 197 5. Click Next. 6. Review the product mappings and the product allocation code for device synchronization. When everything is correct, check Synchronize my devices now and click Save Settings. © 2015 Autotask Corporation l Page 108 of 197 If you checked Synchronize my devices now, the synchronization is run immediately. The wizard will close, and the integration page will be displayed. You can also click Synchronize my devices now on the Integrations page. 7. If you have not already done so, copy the Extension Callout URL on the Autotask Integration page to your clipboard and open Autotask PSA to configure the remaining settings. Configure the connector in Autotask PSA You must log into Autotask PSA with an Administrator security license with both "Remote Monitoring / Management Extensions" and "Application-Wide (Shared) Features" permissions. Step 1: Create an Extension Callout 1. Navigate to Autotask menu > Admin > Extensions & Integrations > Other Extensions & Tools > Extension Callout (Tickets). 2. Click New Extension Callout. © 2015 Autotask Corporation l Page 109 of 197 3. Complete the following fields: Field Description Name Enter a descriptive name for the callout, for example "AEM". URL Paste the Extension Callout URL you copied from the AEM Autotask Integration page into this field. Refer to "Configure the company / profile integration" on page 96. © 2015 Autotask Corporation l Page 110 of 197 Field Description Username Enter the username you use in AEM. Password Enter the password for this user. Ticket UserDefined Field Make sure that this field is blank. HTTP Transport Method Make sure the transport method is set to GET. 4. Keep the Do not generate e-mail notifications unless a failure is detected check box selected. 5. The Workflow Rules tab displays the name of all workflow rules that will trigger this callout. You will create a workflow rule for this extension callout in Step 2. Ignore this tab for now. 6. Click Save & Close. 7. Complete Step 2. Step 2: Add a Workflow Rule to trigger the Extension Callout 1. Navigate to Autotask menu > Admin > Features & Settings > Application-wide (shared) Features > Workflow Rules. 2. On the Service Desk tab, click New. 3. Set up the new workflow rule as described below. Field Description General Name Enter a descriptive name. Description Enter a description that indicates what the rule accomplishes. Active Check Box Note that the Active check box is checked, and the workflow rule will go into effect as soon as you save it. © 2015 Autotask Corporation l Page 111 of 197 Field Description Events When a/an Ticket is: Select the first four check boxes: Created by Anyone, Edited by Anyone, Note Added by Anyone, Time Added by Anyone. Conditions No conditions are needed for this workflow rule. Do not select anything. Updates © 2015 Autotask Corporation l Page 112 of 197 Field Description No updates are needed for this workflow rule. Do not select anything. Actions Then Execute Extension Callout: Select the newly created Extension Callout from the list. Add Ticket to Primary Resource’s Work List This check box does not apply to Extension Callouts. Leave unchecked. Actions: Create To-Do(s) No to-dos are needed for this workflow rule. Do no complete any fields. 4. Click Save and Close. The new workflow rule will now appear on the Workflow Rules tab of the Extension Callout. Create LiveLinks to AEM Devices To help streamline your Autotask Endpoint Management (AEM) workflow, you can create LiveLinks in Autotask to allow users to connect to a device directly from your Autotask configuration items or tickets. For more information, refer to "Autotask LiveLinks to AEM Devices" on page 114. © 2015 Autotask Corporation l Page 113 of 197 Autotask LiveLinks to AEM Devices Requires Administer LiveLinks permission, assigned from the Security Policies tab in LiveLinks Designer in Autotask Autotask menu > Admin > Extensions & Integrations > Autotask Add-Ons > LiveLinks Designer or, for non-Administrators, Home > View > LiveLinks Designer About LiveLinks LiveLinks are intelligent links from Autotask to external applications or websites, or customized links within Autotask. LiveLinks can pass Autotask information to a target application or website. To help streamline your Autotask Endpoint Management (AEM) workflow, you can create LiveLinks in Autotask to allow users to connect to a device directly from your Autotask configuration items or tickets. How to... Set up LiveLinks 1. Log in to your Autotask account with Administer LiveLinks permission. This can be assigned from the Security Policies tab in LiveLinks Designer. 2. Hover over the Autotask menu and click Admin. 3. Click Extensions & Integrations. 4. Expand the Autotask Add-Ons section and click on LiveLinks Designer. This will open a list of links that are already in your Autotask account. 5. Click Explore the AXN LiveLinks Catalog. 6. Locate the LiveLink called AEM Remote Takeover from Configuration Item or AEM Remote Takeover from Ticket. You can also use the search function on the left of the page. 7. Right-click on any of the LiveLinks and click Install LiveLink. © 2015 Autotask Corporation l Page 114 of 197 8. Read the terms and conditions and if you agree, select the check box I have read and accept the Terms and Conditions. 9. Click Install. 10. Once the installation is complete, click OK in the confirmation window. 11. You will now be taken back to your list of installed LiveLinks. Locate the newly installed LiveLink, rightclick on it and click Edit LiveLink. 12. In the Base URL box, change Zinfandel to the platform your account resides on. For example, if your account is on the Merlot platform, change https://zinfandel.centrastage.net/csm/device/startConnection/ to https://merlot.centrastage.net/csm/device/startConnection/. For more information about the platforms, refer to "AEM Platforms" on page 10. 13. Make sure to activate the LiveLink by selecting the check box of Active on the top of the page. © 2015 Autotask Corporation l Page 115 of 197 14. Click Save & Publish. 15. Select which Security Levels, Departments and Resources you would like to publish the LiveLink to by clicking on each tab. © 2015 Autotask Corporation l Page 116 of 197 16. Click Save & Close. The LiveLink will now be accessible from your tickets and / or configuration items, respectively. The LiveLink will allow you to initiate a connection from an Autotask ticket or configuration item that references an AEM monitored device. © 2015 Autotask Corporation l Page 117 of 197 ConnectWise The ConnectWise connector allows to join together your Autotask Endpoint Management (AEM) and ConnectWise accounts. This allows tickets created in AEM (either through automatic alerts, or raised manually) to be managed and processed in ConnectWise, and to be associated with the correct profiles (or "Companies" in ConnectWise). Requirements To integrate ConnectWise with AEM, you will need the following: l A ConnectWise account l The ConnectWise component, available for download from the "Connectors" section of the ComStore. l A ConnectWise client which you need to download from http://connectwise-internet-client.software.informer.com/download/ Once downloaded, the ConnectWise component will create a new tab called Integrations in the Account section of the Web Portal. How to... Start the configuration 1. Download and install the ConnectWise client from the above URL. 2. Log in to your ConnectWise Account via the client you downloaded. 3. Click the Setup tab on the left side of the home page. 4. Click the Setup Tables tab. © 2015 Autotask Corporation l Page 118 of 197 Choose the category 1. Select the Category drop-down menu and choose General type. 2. Click Search. © 2015 Autotask Corporation l Page 119 of 197 3. From the search list select Integrator Login. © 2015 Autotask Corporation l Page 120 of 197 Create a new item for Integrator Login 1. On the top of the page, click the New Items tab to create new item. 2. You must populate the following fields to create an item: l Username – Enter the username you would like to use l Password – Enter the Password l Access Level – Select All records © 2015 Autotask Corporation l Page 121 of 197 l Service Board – Select Integration l Callback URL – Enter https://connector.centrastage.net/connector/cw/callbackurl?recid= l Enable Available API(s) – Company API, Reporting API, Service ticket API. Enter ConnectWise login details in your AEM account To enter your ConnectWise Login details, do the following: 1. Log into the Web Portal. 2. Select the Account > Integrations tab. 3. Under the ConnectWise section click Edit. © 2015 Autotask Corporation l Page 122 of 197 You will need to provide the following details: l Site URL – Enter ConnectWise site address l Company ID – Type your company name (it can be any) l Company Login ID and Password – must be the one you used in ConnectWise on the Integrator Login page 4. Click Save. Please note the following: l l If the callback URL produces an error (500 Internal Server Error) when invoked through HTTPS, use HTTP instead The site URL must not contain “www" Configure Account Synchronization To synchronize your AEM profiles, status configuration and priorities with ConnectWise: 1. Go to your AEM profile. 2. Select the Account tab. 3. Under the Integrations page, select ConnectWise. 4. Click Setup. Configure Profile Associations 1. To associate AEM profiles and ConnectWise companies: 2. Click Add New Association or choose an existing one. © 2015 Autotask Corporation l Page 123 of 197 3. From the left drop-down box choose an AEM profile. 4. From the right drop-down box choose the appropriate ConnectWise company. 5. Click Next to continue. You can delete an association by checking it and clicking Remove Association. Configure Service Board 1. Select Integration. Configure Existing Status Associations To associate AEM and ConnectWise Ticket Statuses: © 2015 Autotask Corporation l Page 124 of 197 1. From the left box choose an AEM ticket status. 2. From the right box choose appropriate ConnectWise ticket status. 3. Click Next to continue. Configure Existing Priority Associations To associate AEM and ConnectWise ticket priorities: 1. From the left box choose an AEM ticket priority. 2. From the right box choose appropriate ConnectWise ticket priority. © 2015 Autotask Corporation l Page 125 of 197 3. Click Next to continue. Finalize Setup As soon as you see a “Thank you" page, the setup is finished and you can start working. Click Close to continue. Tickets will now be synchronized automatically when they are created in AEM. © 2015 Autotask Corporation l Page 126 of 197 Zendesk Zendesk enables companies to provide great customer support, scale with self-service options, and differentiate with proactive engagement. The result is customer relationships that are more meaningful, personal, and productive — all at a lower cost. Download the Zendesk component 1. Select ComStore. 2. Click on the Extensions section found on the left of the screen. 3. Select the Zendesk component. 4. Click on the extension, then select Buy. 5. Select Account > Settings. 6. Scroll to the bottom of the page to Zendesk integration. © 2015 Autotask Corporation l Page 127 of 197 7. Launch Zendesk and log into your account. 8. Select Admin (found bottom left of the page). 9. Under Apps, select Browse. 10. Select IT Management. 11. Click on the CentraStage app. 12. Select Install App. © 2015 Autotask Corporation l Page 128 of 197 13. Complete the details accordingly from the AEM Settings area. 14. Click Install. 15. Log out and back into AEM. The Zendesk integration setup is now completed. © 2015 Autotask Corporation l Page 129 of 197 Associate an AEM device in Zendesk 1. Click on Views. 2. Select Your unsolved tickets. 3. Open the required ticket by selecting the ticket title. 4. On the right, select Apps if it's not already available . 5. Insert a device name into the Add a Device (it must be the same device name as in AEM). 6. Select the (+) icon to move the device into the Associated devices section. 7. Choose the relevant option under Submit as. The ticket will now be saved and the AEM device is now associated in Zendesk. Create a ticket in AEM for Zendesk 1. Make note of your Zendesk email address (formatted like support@myzendeskcompany.zendesk.com). 2. Browse to a monitor in AEM. 3. Edit the policy by clicking on the pencil icon, then browse to the Response details section. 4. Check Email the following recipients. 5. Enter your Zendesk account email address under Additional recipients. 6. Click Save. © 2015 Autotask Corporation l Page 130 of 197 7. Click Next twice. 8. Select Save to save the monitor. 9. Click Push Changes to apply the changes. AEM will now synchronize with Zendesk, and any alerts raised will generate a ticket in Zendesk. © 2015 Autotask Corporation l Page 131 of 197 © 2015 Autotask Corporation l Page 132 of 197 Datto Backup Integration Datto is a hybrid cloud backup and recovery service. A Datto device on a local network will perform a snapshot of targeted systems and then back them up to storage in the cloud. AEM backup management enables AEM to integrate with Datto NAS and and view information and statistics about the backed up devices via the AEM Manage tab. Prerequisites You will need at least one Datto device and its associated API key. The API key is available from Admin > Integrations in the Datto cloud. If this page is not accessible, please contact Datto directly to obtain your key. How to... Download the Datto Integration and enter the API key To enable the integration, you must download the Datto Integration component from the ComStore and enter the API key in the system settings. 1. Click the ComStore tab. 2. Search for and select Datto Integration and click Buy to add it to your account. 3. Navigate to Account > Integrations and scroll to the Datto section. 4. Enter your Datto API key and click Save. 5. Turn on the Datto integration by sliding the Enabled button to ON. The Datto integration is now enabled in AEM. Associate a Datto device with a profile in AEM The next step is to associate a Datto device with a profile in AEM. The Datto device must be installed on the local area network associated with the profile. © 2015 Autotask Corporation l Page 133 of 197 1. Select a profile and click Manage. 2. Click the Backup Management radio button. 3. Choose a Datto device from the drop-down list to link to this profile. This will allow you to see backup statistics and feedback. 4. Click Save. 5. Click OK on the pop-up window. 6. You have now successfully associated your Datto device with a profile in AEM. Profiles associated with a Datto device will display the Datto icon in the Profiles list. 7. The Backup Management page will now display your Datto device details and the protection status of your devices protected by the Datto device. © 2015 Autotask Corporation l Page 134 of 197 For information on what is displayed on the Backup Management page, refer to Backup Management. Create a monitor for endpoints backed up by Datto You can create a monitoring policy in AEM to alert you if any Datto backup incidents occur. Backup alerts will be delivered at the device level via the AEM Agent. You can create the policy at either system or profile level. Refer to Create a Monitoring Policy. The monitor will alert upon receiving an error feedback from the Datto app on the endpoint. To manage the backup incident, you will need to access the Datto management screen on the Datto device. To learn how to see information and statistics about your Datto protected devices in AEM, refer to Backup Management. © 2015 Autotask Corporation l Page 135 of 197 Kaspersky Endpoint Security Integration You must be an Account Admin in AEM or have the ability to manage policies at system and profile level. Account > Integrations > Kaspersky Endpoint Security To continue giving a complete package for Endpoint Management to our clients, we have teamed up with one of the world’s leading anti-virus solution providers: Kaspersky Lab. The Autotask Endpoint Management (AEM) integration with Kaspersky and their Kaspersky Endpoint Security (KES) solution allows you to manage and administer your anti-virus solution from within the AEM Web Portal with the following features: l l l Deploy KES version 10 for Windows and KES version 8 for Mac Administer Kaspersky licensing from within the AEM Web Portal, allowing you to keep track of license keys, numbers and passwords Pro-active monitoring of your KES to alert you if: o KES is not installed o KES is not active (stopped or disabled) o KES agent requires a reboot o Active threats are found o Configuration file deployment has failed o There is no valid KES license o The definition database is not updated for a number of days that you define l Manually enable / disable KES via the AEM Web Portal l Report on the current status of KES throughout the estate Prerequisites To set up the integration between AEM and KES: l l User must be an Account Admin in AEM or have the ability to manage policies at system and profile level User must have a valid KES license key or license key file We recommend that you use the .key file supplied by Kaspersky when setting up the integration. © 2015 Autotask Corporation l Page 136 of 197 Supported Operating Systems and incompatible products Supported Windows operating systems Microsoft Windows 8.1 Update Pro x86 / х64 Microsoft Windows 8.1 Update Enterprise x86 / х64 Microsoft Windows 8.1 Pro x86 / х64 Microsoft Windows 8.1 Enterprise x86 / х64 Microsoft Windows 8 Pro x86 / х64 Microsoft Windows 8 Enterprise x86 / х64 Microsoft Windows 7 Professional x86 / х64 SP1 Microsoft Windows 7 Enterprise / Ultimate x86 / х64 SP1 Microsoft Windows 7 Professional x86 / х64 Microsoft Windows 7 Enterprise / Ultimate x86 / х64 Microsoft Windows Vista x86 / х64 SP2 Microsoft Windows XP Professional x86 SP3 Supported MAC operating systems Mac OS X 10.10 (Yosemite) Mac OS X 10.9 (Mavericks) Mac OS X 10.8 (Mountain Lion) Mac OS X 10.7 (Lion) Mac OS X 10.6 (Snow Leopard) Mac OS X 10.5 (Leopard) Mac OS X 10.4 (Tiger) Mac OS X Server 10.6 (32/64-bit) Mac OS X Server 10.7 (32/64-bit) List of incompatible products The following anti-virus products are incompatible with KES and can be removed when KES is installed, if the corresponding install option is selected when creating the policy: © 2015 Autotask Corporation l Page 137 of 197 Acer LANScope Agent 2.2.25.84 Acer LANScope Agent 2.2.25.84 x64 Ad-Aware 9.6.0 Adaptive Security Analyzer 2.0 AEC TrustPort Antivirus 2.8.0.2237 AEC TrustPort Personal Firewall 4.0.0.1305 AhnLab V3 Internet Security 8.0 AhnLab V3 Internet Security 8.0 x64 AhnLab SpyZero 2007 and SmartUpdate AhnLab V3 Internet Security 7.0 Platinum Enterprise AhnLab V3 Internet Security 7.0 Platinum Enterprise x64 Aluria Security Center Alyac Antivirus Alyac Antivirus x64 ALYac 2.1 Avira AntiVir PersonalEdition Classic 7 - 8 Avira AntiVir Personal - Free Antivirus 360 Anti Virus ArcaVir Antivir/Internet Security 09.03.3201.9 ArcaVir Antivir/Internet Security 09.03.3201.9 x64 Ashampoo AntiSpyware 2 v 2.05 Ashampoo AntiVirus Ashampoo Anti-Malware 1.11 Ashampoo Firewall 1.20 Ashampoo FireWall PRO 1.14 AtGuard 3.2 Authentium Command Anti-Malware v 5.0.5 © 2015 Autotask Corporation l Page 138 of 197 Authentium Command Anti-Malware v 5.1.0 Authentium Command Anti-Malware v 5.0.9 Authentium Safe Central 3.0.2.3236.3236 ALWIL Software Avast 4.0 ALWIL Software Avast 4.7 ALWIL Avast 5 avast! Free Antivirus / Pro Antivirus / Internet Security 7 avast! Free Antivirus / Pro Antivirus / Internet Security 8 avast! Free Antivirus / Internet Security 9 avast! Free Antivirus 6.0.1 Grisoft AVG 7.x Grisoft AVG 6.x Grisoft AVG 8.x Grisoft AVG 8.5 Grisoft AVG 8.5 Free Grisoft AVG 8.5 Free 64-bit Grisoft AVG 8.5 64-bit Grisoft AVG LinkScanner® 8.5 Grisoft AVG LinkScanner® 8.5 x64 Grisoft AVG 8.x x64 AVG 9.0 AVG 9.0 x64 AVG Free 9.0 AVG Free 9.0 x64 AVG 10.0.1136 Free Edition AVG 2011 AVG 2011 x64 © 2015 Autotask Corporation l Page 139 of 197 AVG 2012.0.1913 x64 AVG 2012.0.1913 x86 AVG 2012 Free 2012.0.1901 x64 AVG 2012 Free 2012.0.1901 AVG 2012 x64 AVG 2012 x86 AVG 2014 x64 AVG 2014 x86 AVG AntiVirus/Internet Security 2011 AVG Anti-Virus Business Edition x64 AVG Anti-Virus Business Edition 2012 AVG Anti-Virus 2013 13.0.2793 x64 AVG Anti-Virus 2013 13.0.2793 x86 AVG Anti-Virus FREE 2013 13.0.0.2654 x64 AVG Anti-Virus FREE 2013 13.0.0.2654 x86 AVG Identity Protection 8.5 AVG Internet Security Business Edition 3491 x64 AVG Internet Security Business Edition 3491 x86 Avira Premium Security Suite 2006 Avira WebProtector 2.02 Avira Free Antivirus 13.0.0.2693 / Avira Antivirus Premium 13.0.0.2693 Avira AntiVir Personal - Free Antivirus 10.0.0.567 Avira AntiVir Personal - Free Antivirus 10.2.0.98 Avira AntiVir Personal - Free Antivirus 10.00.00.36 Avira Free Antivirus 12.0.0.207 Avira AntiVir Personal - Free Antivirus 10.0.0.565 Avira AntiVir Professional 10.2.0.700 © 2015 Autotask Corporation l Page 140 of 197 Avira AntiVir Personal - Free Antivirus 10.2.0.703 Avira AntiVir Personal - Free Antivirus 10.2.0.83 Avira AntiVir Personal - Free Antivirus 12.0.0.1125 Avira AntiVir Personal - Free Antivirus 12.0.0.1167 Avira AntiVir Personal - Free Antivirus 12.0.0.144 Avira AntiVir Personal - Free Antivirus 12.0.0.254 / Avira Professional Security 12.0.0.254 Avira Free Antivirus 12.0.0.323 Avira AntiVir Personal - Free Antivirus 12.0.0.861 Avira AntiVir Personal - Free Antivirus 8.0 - 10.0 \ Avira Professional Security 12 Avira Antivirus Premium 2012 - 2013 Avira AntiVir Premium 10.2.0.148 Avira Internet Security 2012 - 2013 Avira AntiVir Professional 10 Avira AntiVir Professional / Professional Security 10.2 Avira AntiVir Server 10.0.0.1824 Avira AntiVir Server / Desktop / Professional Security 12.0.0.1236 Avira AntiVir PersonalEdition Premium 7.06 Avira Endpoint Security 2.6 Avira Free Antivirus 12.0.0.125 Avira Free Antivirus / Antivirus Suite / Family Protection Suite / Internet Security Suite / Professional Security 14.0.3.350 Avira Free Antivirus 14.0.4.672 Avira Free Antivirus 14.0.6.552 Avira Free Antivirus 14.0.7.342 Avira Professional Security 12.1.9.1577 Avira AntiVir Premium Avira Premium Security Suite © 2015 Autotask Corporation l Page 141 of 197 Avira Premium Security Suite x64 Avira Professional Security 12.1.9.1580 Avira Professional Security 12.0.0.101 Turkish Avira Professional Security 12.0.0.131 Brazil Avira Professional Security 12.0.0.1506 German Avira Professional Security 12.0.0.163 French Avira Professional Security 12.0.0.186 Italian Avira Professional Security 12.0.0.208 Spanish Avira Professional Security 12.0.0.97 Dutch Avira Professional Security / Avira Free Antivirus 14.0.2.286 Avira Professional Security / Avira Free Antivirus 14.0.5.464 Avira Server Security (generic) Avira Management Console Agent \ Avira Professional Security Management agent (x64) Avira Management Console Agent \ Avira Professional Security Management agent (x86) AntiVir Windows Workstation 7.06.00.507 Kaspersky AntiViral Toolkit Pro Kaspersky AntiViral Toolkit Pro (Silent uninstall) Kaspersky Anti-Virus driver AVPG Kaspersky Anti-Virus driver AVPG (9x) Virus Removal Tool Driver Virus Removal Tool Driver x64 BitDefender Antivirus 2008 BitDefender Free Edition BitDefender Antivirus Plus 10.247 BitDefender Client Professional Plus 8.0.2 BitDefender Antivirus Plus 10 BitDefender Standard Edition 7.2 (Fr) © 2015 Autotask Corporation l Page 142 of 197 Bit Defender Professional Edition 7.2 (Fr) BitDefender 8 Professional Plus BitDefender 8 Professional (Fr) BitDefender 8 Standard BitDefender 8 Standard (Fr) BitDefender 9 Professional Plus BitDefender 9 Standard BitDefender Business Client 11 BitDefender Business Client 11.0.20 BitDefender Business Client 11.0.22 BitDefender Business Client 3.5.1.0/3.5.2.153 BitDefender for FileServers 2.1.11 BitDefender Free Edition 2009 12.0.12.0 BitDefender Management Agent 3 BitDefender Management Agent 3.1.8 BitDefender Management Agent 3.1.9 BitDefender Management Agent 3.6.0 BitDefender Security for Windows Servers 3.5.17 BitDefender 2011 14.0.29 x64 BitDefender 2011 14.0.29 x86 Bitdefender 2012 15.0.36 BitDefender Antivirus Pro 2011 BitDefender Antivirus Plus 2013 BitDefender Antivirus Plus 2013 v.17.13 BitDefender Antivirus Plus 2013 v.17.13 x64 BitDefender Antivirus Plus 2013 x64 BitDefender Endpoint Security 4.1.27 x64 © 2015 Autotask Corporation l Page 143 of 197 BitDefender Endpoint Security 4.1.27 x86 BitDefender Total Security 2008 11.0.14 BitDefender Internet Security 2009 BitDefender Internet Security 2010 BitDefender Internet Security 2011 14.0.28 x64 BitDefender Internet Security 2011 14.0.28 x86 Bitdefender Internet Security 2013 v.17.13 Bitdefender Internet Security 2013 v.17.13 x64 BitDefender Internet Security 2013 v. 16.16.0.1348 BitDefender Internet Security 2013 v. 16.16.0.1348 x64 Bitdefender Total Security 2013 v.17.13 Bitdefender Total Security 2013 v.17.13 x64 BitDefender Total Security 2013 v. 16.16.0.1348 BitDefender Total Security 2013 v. 16.16.0.1348 x64 BitDefender Internet Security BitDefender Management Agent 3.0.5 BitDefender Antivirus 2009 12.0.10 BitDefender 2009 12.0.11.5 BitDefender DeploymentTool Agent 3.5.2.242 BitDefender Internet Security 2008 BitDefender Internet Security 2009 12.0.8 BitDefender 2009 Internet Security 12.0.11.5 BitDefender Internet Security v10.108 BitDefender Total Security 2008 BitDefender 2009 Total Security 12.0.11.5 BitDefender 2010 Total Security 13.0.21 BullGuard © 2015 Autotask Corporation l Page 144 of 197 BullGuard AntiVirus BullGuard AntiVirus x64 CA Anti-Virus Plus 7 CA AntiVirus 2008 CA Anti-Virus r8.1 / CA eTrustITM Agent r8.1 CA Anti-Virus r8.1 / CA eTrustITM Agent r8.1 x64 CA eTrust AntiVirus 7 CA eTrust AntiVirus 7.1.0192 eTrust AntiVirus 7.1.194 CA eTrust AntiVirus 7.1 CA eTrustITM 8.1 CA eTrustITM 8.1.637 CA eTrustITM 8.1.637 for Windows 2003 CA eTrustITM 8.1.637 for Windows 2003 (x64) CA eTrustITM 8.1.00 CA eTrustITM Agent 8.0.403 CA eTrust ITM 8.1 and iGateWay 4.2.0.2 CA eTrust Pestpatrol 5.0 CA HIPS Managed Client 1.0 CA eTrust Suite Personal 2008 CA Licensing 1.57.1 CA Personal Firewall 9.1.0.26 CA Personal Firewall 2008 CA Total Defense R12 Client CA Total Defense R12 Client x64 CA Total Defense R12 Client 12.0.831 CA Total Defense R12 Client 12.0.831 x64 © 2015 Autotask Corporation l Page 145 of 197 CA Total Defense for Business v14 CA Total Defense for Business v14 x64 CA eTrust Antivirus 7.1.0194 CA eTrust InoculateIT 6.0 CA PC Security Suite 6.0 \ Private PC Security Suite 6.0 CA PC Security Suite 6.0.00 CheckPoint VPN client 75.10 Check Point VPN 75.20.0000 new CheckPoint VPN client R75 Cipafilter Client Tools 0.952 Cisco Security Agent 6 ClamAV 1.0.26 / gredAV ClamWin Antivirus ClamWin Antivirus x64 ClamWin Free Antivirus ClamWin Free Antivirus x64 Authentium Command AV 4.90.x / 4.92.x Authentium Command AV 4.94.9 Command AntiVirus for Windows 4.94.5 Command AntiVirus for Windows Enterprise 4.94.5 Command AntiVirus for Windows 4 Command AntiVirus for Windows Enterprise 4.95.2 Command Anti-Malware for Enterprise 5.1.12 Comodo AntiSpam 2.6.0.0 Comodo AntiSpam 2.6.0.0 x64 COMODO AntiVirus 1.1 Comodo BOClean 4.25 © 2015 Autotask Corporation l Page 146 of 197 COMODO Firewall Pro 1.0 - 3.x Comodo Safe Surf 1.0.0.7 Comodo Safe Surf 1.0.0.7 x64 Comodo Internet Security / Comodo Antivirus / Comodo Firewall 6.0 Comodo Internet Security / Comodo Antivirus 6.1 Comodo AntiSpam 2.7.0.11 Comodo Internet Security 3 Comodo Internet Security 4.0.4167.742/4.0.10770.828 Comodo Internet Security 5.0 Comodo Internet Security 5.9 Password Manager XP 3 CyberDefender Early Detection Center 5 CyberDefender Link Patrol 6 DrVirus 3.0 DrWeb for Windows 4.30 DrWeb Antivirus for Windows 4.30 Dr.Web AntiVirus 4.33 Dr.Web AntiVirus / Security Space 5 Dr.Web AntiVirus 5.0.0 Dr.Web Security Space Pro 6.0 x86 Dr.Web Anti-Virus for Windows Pro 6.0 Dr.Web Security Space 6.0 (x86) 6.00.0.04080 Dr.Web Security Space 6.0 (x64) 6.00.0.04080 Dr.Web Security Space Pro 6.0 x64 build 4080 Dr.Web anti-virus for Windows Pro 6.0 x64 Dr.Web anti-virus for Windows 6.0 (x86) 6.00.0.04080 Dr.Web anti-virus for Windows 6.0 (x64) 6.00.0.04080 © 2015 Autotask Corporation l Page 147 of 197 Dr.Web Enterprise Server 6.00 Dr.Web Enterprise Server 6.00 (x64) Dr.Web anti-virus for Windows 7.0.1.03050 Dr.Web CommuniGate Plugin 4.33 Dr.Web AntiVirus for Windows Servers 4.33 Dr.Web Anti-virus for Windows 8.0.2.2040 x64 Dr.Web Anti-virus for Windows 8.0.2.2040 x32 Dr.Web Anti-virus for Windows 9.0.0.09170 x64 Dr.Web Anti-virus for Windows 9.0.0.09170 x32 Dr.Web Enterprise Server 6.00.11200 x64 Dr.Web Enterprise Server 6.00.11300 Dr.Web anti-virus for Windows servers 6.00.2.03050 (x86) Dr.Web Enterprise Agent DrWeb Enterprise Client ver 5,6 DrWeb Enterprise Client ver 5,6 x64 Dr.Web Enterprise Server (x64). 6.01.09160 Dr.Web Security Space Pro 6.0 7.0.1.06050 Dr.Web Security Space 8.0.2.2040 x64 Dr.Web Security Space 8.0.2.2040 x32 Dr.Web Security Space 9.0.0.09170 x64 Dr.Web Security Space 9.0.0.09170 x32 EarthLink Protection Center PeoplePC Internet Security 1.5 PeoplePC Internet Security Pack / EarthLink Protection Center EarthLink Protection Control Center eScan Corporate 2.0.016.1 Emsisoft Anti-Malware 5.1 © 2015 Autotask Corporation l Page 148 of 197 eScan Anti-Virus Edition 10.0.962.356 DB eScan Anti-Virus for SMB 10.0.962.356 DB eScan Corporate 10.0.962.356 DB eScan Corporate for Windows 11.0.1139.998 eScan Anti-Virus (AV) for Windows 9.0 eScan Internet Security Suite 9.0 for Windows eScan IIS for SMB 10.0.997.491 DB eScan Virus Control (VC) Edition for Windows ESET NOD32 Antivirus 4.0.314.0 ESET NOD32 Antivirus 4.0.314.0 x64 ESET Smart Security 4.0.314.0 ESET Smart Security 4.0.424.0 x64 Spanish ESET Smart Security 4.0.314.0 x64 ESET NOD32 file on-access scanner ESET NOD32 file on-access scanner (windows 7) ESET Smart Security 3.0 ESET NOD32 Antivirus 3.0.669 EN ESET NOD32 Antivirus 3.0.669 Turkey ESET NOD32 Antivirus 3.0.684 ESET NOD32 Antivirus 3.0.684 x64 ESET NOD32 3.x & 4.x & 5.x generic script ESET NOD32 3.x & 4.x & 5.x generic script (x64) ESET Smart Security 4.0.417 x64 ESET Smart Security 4.0.437 x64 ESET NOD32 Antivirus 4.0.441 ESET NOD32 4.0.467,4.0.627 ESET NOD32 Antivirus 4.0.467 Rus © 2015 Autotask Corporation l Page 149 of 197 ESET NOD32 4.0.468 EN ESET NOD32 Antivirus 4.0.474 ESET NOD32 Antivirus 4.0.474 Spanish ESET NOD32 Antivirus 4.0.474 x64 ESET NOD32 Antivirus 4.0.474 PL ESET NOD32 4.2.71.2 fr ESET NOD32 4.2.71.2 fr x64 ESET Antivirus 3.650 x64 ESET Antivirus 3.650 x64 German ESET Antivirus 3.650 x64 Rus ESET NOD32 Antivirus 3.0.684.0 RUS ESET Antivirus 3.0.672.0 Spanish ESET Endpoint Antivirus 5.0.2122.10 ESET Endpoint Antivirus 5.0.2126.3 x64 turkish Eset Endpoint Antivirus 5.0.2126.0 x64 Eset Endpoint Antivirus 5.0.2126.11 Czech x64 Eset Endpoint Antivirus 5.0.2126.3 x64 IT Eset Endpoint Antivirus 5.0.2126.0 x86 Eset Endpoint Antivirus 5.0.2126.11 Czech x86 Eset Endpoint Antivirus 5.0.2126.3 x86 IT Eset Endpoint Antivirus 5.0.2225.1 x64 Turkish Eset Endpoint Antivirus 5.0.2225.1 x86 Russian Eset Endpoint Antivirus 5.0.2225.1 x86 Turkish ESET Endpoint Antivirus 5.0.2228.1 Russian x86 ESET Smart Security 4.2.40.10 x64 Eset Endpoint Security 5.0.2214.7 x64 russian Eset Endpoint Security 5.0.2122.14 x86 russian © 2015 Autotask Corporation l Page 150 of 197 ESET NOD32 Antivirus 4.0.314 Russian ESET NOD32 Antivirus 4.0.314 x64 Spanish ESET NOD32 Antivirus 4.0.424.0 RUS ESET NOD32 Antivirus 4.0.474.0 ESET NOD32 Antivirus 3.0.672.0 RU ESET NOD32 Antivirus 3.0.551.0 ESET NOD32 Antivirus 3.0.563.0 ESET NOD32 Antivirus 3.0.621 ESET NOD32 Antivirus 3.0.645 Spanish ESET NOD32 Antivirus 3.0.644.0 Traditional Chinese ESET NOD32 Antivirus 3.0.667.0 ESET NOD32 Antivirus 3.0.669.0 Traditional Chinese ESET NOD32 Antivirus 3.0.669.0 French ESET NOD32 Antivirus 3.0.669 Spanish ESET NOD32 Antivirus 3.0.672.0 FRA ESET NOD32 Antivirus 3.0.684.0 ESET NOD32 Antivirus 3.0.695 ESET NOD32 Antivirus 3.0.695.0 Traditional Chinese ESET NOD32 Antivirus 3.0.695 Spanish ESET NOD32 Antivirus 3.0.695 x64 Spanish ESET NOD32 Antivirus 4.2.40 x64 ESET NOD32 Antivirus 4.2.42.0 x64 ESET NOD32 Antivirus 4.2.64 x64 ESET NOD32 Antivirus 4.2.71.3 x86 ESET NOD32 Antivirus 4.2.71.3 x64 ESET NOD32 Antivirus 4.2.67 Spanish ESET NOD32 Antivirus 4.2.67 x64 Spanish © 2015 Autotask Corporation l Page 151 of 197 ESET NOD32 Antivirus 4.2.67.10 Traditional Chinese ESET NOD32 Antivirus 4.2.67.10 Traditional Chinese (x64) ESET NOD32 Antivirus 4.2.71 ESET NOD32 Antivirus 4.2.71 Spanish ESET NOD32 Antivirus 4.2.71 x64 ESET NOD32 Antivirus 4.2.71 x64 Spanish ESET NOD32 Antivirus 4.2.71.2 Traditional Chinese ESET NOD32 Antivirus 4.2.71.2 Traditional Chinese (x64) ESET NOD32 Antivirus 4.2.76.1 Ru ESET NOD32 Antivirus 4.2.76.1 Rus ESET NOD32 Antivirus 4.2.76 Spanish ESET NOD32 Antivirus 4.2.76 x64 Spanish ESET NOD32 Antivirus 4.2.76.1 Czech x64 ESET NOD32 Antivirus 4.2.76.1 Czech x86 ESET NOD32 Antivirus 4.0.314 Spanish ESET NOD32 Antivirus 4.0.417 Spanish ESET NOD32 Antivirus 4.0.417.0 FRA ESET NOD32 Antivirus 4.0.424.0 Spanish ESET NOD32 Antivirus 4.0.424.0 x64 Spanish ESET NOD32 Antivirus 4.0.437.0 ESET NOD32 Antivirus 4.0.437 Spanish ESET NOD32 Antivirus 4.0.467.0 Traditional Chinese ESET NOD32 Antivirus 4.0.467.0 Traditional Chinese (x64) ESET NOD32 Antivirus 4.0.467 Spanish ESET NOD32 Antivirus 4.0.467 x64 Spanish ESET NOD32 Antivirus 4.0.474.10 Traditional Chinese ESET NOD32 Antivirus 4.0.474.10 Traditional Chinese (x64) © 2015 Autotask Corporation l Page 152 of 197 Eset NOD32 Antivirus 5.2.9.12 x64 german Eset NOD32 Antivirus 5.2.9.12 x64 spanish Eset NOD32 Antivirus 5.2.9.12 x64 french Eset NOD32 Antivirus 5.2.9.12 x86 german Eset NOD32 Antivirus 5.2.9.12 x86 spanish Eset NOD32 Antivirus 5.2.9.12 x86 french Eset NOD32 Antivirus 5.2.9.12 x86 IT Eset NOD32 Antivirus 5.2.9.1 x64 Eset NOD32 Antivirus 5.2.9.1 x86 Eset NOD32 Antivirus 6.0.306.2 x64 russian Eset NOD32 Antivirus 6.0.306.2 x86 russian Eset NOD32 Antivirus 7.0.302.8 x86 russian ESET NOD32 Antivirus Business Edition 3.0.650.0 Spanish ESET NOD32 Antivirus Business Edition 4.0.424.0 Eset NOD32 Antivirus 3.0.669.0 china ESET Antivirus 3.0.642.0 eng ESET Antivirus 3.642 German ESET Antivirus 3.650 ESET Antivirus 3.650 Rus ESET NOD32 Antivirus Brazilian 3.0.672 ESET Antivirus 3.0.672.0 English Eset NOD32 Antivirus 4.0.474.0 x64 german Eset NOD32 Antivirus 4.0.474.0 x86 german ESET NOD32 Antivirus 4.2.35 ESET NOD32 Antivirus 4.2.35 x64 ESET NOD32 Antivirus 4.2.40 ESET NOD32 Antivirus 4.2.40.10 Brazil © 2015 Autotask Corporation l Page 153 of 197 ESET NOD32 Antivirus 4.2.40.10 FRA ESET NOD32 Antivirus 4.2.40.10 FRA x64 ESET NOD32 Antivirus 4.2.40 Spanish ESET NOD32 Antivirus 4.2.40.10 x64 Brazil ESET NOD32 Antivirus 4.2.40.10 x64 Spanish ESET NOD32 Antivirus 4.2.40.10 Business Edition x86 ESET NOD32 Antivirus 4.2.42.0 ESET NOD32 Antivirus 4.2.58 ESET NOD32 Antivirus 4.2.64 ESET NOD32 Antivirus 4.2.64 x64 Spanish ESET NOD32 Antivirus 4.2.67.10 x32 English ESET NOD32 Antivirus 4.2.67.10 x64 English ESET NOD32 Antivirus 4.2.71.2 ESET NOD32 Antivirus 4.2.71.2 x64 ESET NOD32 Antivirus 4.2.71.3 ESET NOD32 Antivirus 4.2.64 Spanish ESET NOD32 Antivirus 4.0.417 Eset Nod32 Antivirus Business Edition 4.2.71.2 / 4.2.76.0 x64 Eset Nod32 Antivirus Business Edition 4.2.71.2 / 4.2.76.0 x32 ESET Remote Administrator Console 2.0.29 ESET Remote Administrator Console 3.0.105 ESET Remote Administrator Server 3.0.105 ESET Smart Security x64 ESET Smart Security x64 Ger ESET Smart Security x64 Rus ESET Smart Security 3.0.645 Spanish ESET Smart Security © 2015 Autotask Corporation l Page 154 of 197 ESET Smart Security German ESET Smart Security Rus ESET Smart Security 3.0.667 Spanish ESET Smart Security 3.0.672 English ESET Smart Security 3.0.672.0 Spanish ESET Smart Security 3.0.695 Spanish ESET Smart Security 3.0.695 x64 Spanish ESET Smart Security 4.0.437.0 PL ESET Smart Security 4.2.22.0 x64 ESET Smart Security 4.2.40 ESET Smart Security 4.2.64 ESET Smart Security 4.2.64 Spanish ESET Smart Security 4.2.64 x64 ESET Smart Security 4.2.71 ESET Smart Security 4.2.71 Spanish ESET Smart Security 4.2.71 x64 ESET Smart Security 4.2.71 x64 Spanish Eset Smart Security 4.2.71.2 x64 german Eset Smart Security 4.2.71.2 x86 german ESET Smart Security 4.2.76.0 x64 ESET Smart Security 4.2.76.0 ESET Smart Security 4.2.76.1 ESET Smart Security 4.2.76.1 x64 ESET Smart Security 4.2.76 Spanish ESET Smart Security 4.0.314.0 Spanish ESET Smart Security 4.0.314.0 PL ESET Smart Security 4.0.417.0 Spanish © 2015 Autotask Corporation l Page 155 of 197 ESET Smart Security 4.0.424.0 Spanish ESET Smart Security 4.0.424.0 PL ESET Smart Security 4.0.437.0 Spanish ESET Smart Security 4.0.467.0 ESET Smart Security 4.0.467 Spanish ESET Smart Security 4.0.474 Spanish ESET Smart Security 4.0.424.0 Fr ESET Smart Security 4.0.417.0 Fr ESET Smart Security 4.0.437.0 Fr Eset Smart Security 5.0.95.0 x64 turkish Eset Smart Security 5.0.95.0 x86 turkish Eset Smart Security 5.0.95 x64 german Eset Smart Security 5.0.95 x86 german Eset Smart Security 5.2.15.0 x64 Eset Smart Security 5.2.15.0 x86 Eset Smart Security 5.2.15.1 x64 german Eset Smart Security 5.2.15.1 x64 spanish Eset Smart Security 5.2.15.1 x64 french Eset Smart Security 5.2.15.1 x64 russian Eset Smart Security 5.2.15.1 x86 german Eset Smart Security 5.2.15.1 x86 spanish Eset Smart Security 5.2.15.1 x86 french Eset Smart Security 5.2.15.1 x86 russian Eset Smart Security 5.0.9.12 x64 german Eset Smart Security 5.0.9.12 x64 spanish Eset Smart Security 5.0.9.12 x64 french Eset Smart Security 5.0.9.12 x86 german © 2015 Autotask Corporation l Page 156 of 197 Eset Smart Security 5.0.9.12 x86 spanish Eset Smart Security 5.0.9.12 x86 french Eset Smart Security 5.2.9.12 x86 turkish Eset Smart Security 5.0.9.1 x64 Eset Smart Security 5.0.9.1 x86 Eset Smart Security 6.0.306.2 x64 russian Eset Smart Security 6.0.306.2 x86 russian Eset Smart Security 7.0.302.8 x86 russian eTrust EZ Antivirus 6.1 eTrust EZ Firewall 6.1.7.0 CA eTrust Anti-Virus 7.1.0194 eTrust Anti-Spam 2005 eTrust EZ Antivirus 2005-2008 eTrust Personal Firewall 5.5.114 CA eTrust PestPatrol Anti-Spyware Corporate Edition CA eTrust PestPatrol Anti-Spyware eEye Digital Security Blink 4 Trust EZ Firewall 5.1.039 Filseclab Personal Firewall Microsoft Forefront Client Security Antimalware Service 1.5.1941 Microsoft Forefront Client Security Antimalware Service 1.5.1973 Microsoft Forefront Client Security Antimalware Service 1.5.1981.0 FortiClient 3 FortiClient Endpoint Security 4 FortiClient 4.0.4.0061 FortiClient 4.0.4.0061 x64 F-Prot for Windows 3.14 © 2015 Autotask Corporation l Page 157 of 197 F-Prot Antivirus 6 F-PROT Antivirus for Windows 6 F-PROT Antivirus for Windows 6.0.7.1 F-Secure Anti-Virus 2006 F-Secure Anti-Virus/Internet Security 2008 F-Secure Anti-Virus/Internet Security 2009 F-Secure Anti-Virus 5-6 F-Secure Anti-Virus for Workstations - Virus & Spy Protection 2009 F-Secure Anti-Virus for Workstations 9.0 F-Secure Anti-Virus for Workstations 9.0 + DeepGuard F-Secure Client Security 7.11 F-Secure Anti-Virus / STREAM Antivirus 9.20 / F-Secure Antivirus for workstation 9.01 F-Secure Anti-Virus for Windows Servers 7.01 F-Secure Anti-Virus for Windows Servers 7.20 F-Secure Anti-Virus for Windows Servers 8.00 build 123 F-Secure antivirus for workstation 9.10 F-Secure antivirus for workstation 9.20 F-Secure Client Security 11.00 F-Secure Client Security - Virus & Spy Protection F-Secure Client Security 8.01 F-Secure Client Security 9.00/2010/2011 F-Secure Client Security 9.01 F-Secure Client Security 9.10 F-Secure Client Security 9.11 F-Secure Client Security 9.20 F-Secure Client Security 9.30 F-Secure Client Security 9.31 © 2015 Autotask Corporation l Page 158 of 197 F-Secure Client Security 9.32 F-Secure Internet Security 2012 F-PROT Antivirus 6.0.9.1 F-PROT Antivirus 6.0.9.1 x64 G DATA AntiVirus 19.0.0.53 G DATA AntiVirus 2010 G DATA AntiVirus Client G DATA InternetSecurity 2008 G DATA AntiVirusKit 2005 G DATA Software AntiVirenKit 2006 G DATA AntiVirus Kit 2007 G DATA Internet Security 19.0.0.53 G DATA InternetSecurity 2010 G DATA InternetSecurity 2011 G DATA Total Care 19.0.0.53 G DATA TotalCare 2010 G DATA AntiVirus 1 G Data AntiVirus 2011 G DATA AntiVirus 2012 G DATA Total Protection 2013 x64 G DATA Total Protection 2013 VIPRE Antivirus VIPRE Internet Security G Data AntiVirus 2013 x64 G Data AntiVirus 2013 G Data Internet Security 2013 x64 G Data Internet Security 2013 © 2015 Autotask Corporation l Page 159 of 197 HitmanPro.Alert 2.6.5.77 x64 HitmanPro.Alert 2.6.5.77 x86 Ikarus virus utilities 1.0.97 Zone Labs IMsecure 1.5.0.39 Integrity Flex 5 Iolo Antivirus 4.94.6 Iolo Personal Firewall 1.5.2 IObit Security 360 IObit Malware Fighter Infowatch Crypto Storage InfoWatch CryptoStorage (2.0.70) InfoWatch CryptoStorage (2.1.36) Infowatch Crypto Storage x64 Infowatch Crypto Storage x64 EN Infowatch Crypto Storage EN Jiangmin Antivirus KV2008 JiangMin Antivirus Software JUST Internet Security x64 Just Internet Security K7AntiVirus 7.0 K7TotalSecurity 9.5 K7TotalSecurity 10 K7 Anti-Virus Premium 12.0 Kaspersky Anti-Hacker 1.0-1.5 Kaspersky Anti-Hacker 1.0-1.5 (Silent uninstall) Kaspersky Anti-Hacker 1.7-1.9 Kaspersky Anti-Hacker 1.7-1.9 (Silent uninstall) © 2015 Autotask Corporation l Page 160 of 197 KAVKIS 2009 (8.0) Kaspersky Anti-Virus 4.x Kaspersky Anti-Virus 4.x (Silent uninstall) Kaspersky Anti-Virus Lite 4.5 Kaspersky Anti-Virus Lite 4.5 (Silent uninstall) Kaspersky Anti-Virus Personal 5.0 Kaspersky Anti-Virus Personal Pro 5.0 (5.0.16 - 5.0.20) Kaspersky Anti-Virus Personal Pro 5.0 (5.0.372 - 5.0.712) Kaspersky Anti-Virus Personal Pro 5.0 (5.0.372 - 5.0.712) (Silent uninstall) Kaspersky Anti-Virus Personal Pro 5.0 (5.0.16 - 5.0.20) (Silent uninstall) Kaspersky Anti-Virus Personal 5.0 (Silent uninstall) Kaspersky Anti-Virus for Windows Workstation 5.0 (5.0.145 - 5.0.225) Kaspersky Anti-Virus for Windows Workstation 5.0 (5.0.145 - 5.0.225) (Silent uninstall) Kaspersky Anti-Spam Personal 1.0 Kaspersky Anti-Spam Personal 1.1-1.2 Kaspersky Anti-Spam Personal 1.1-1.2 (Silent uninstall) Kaspersky Anti-Spam Personal 1.0 (Silent uninstall) Kaspersky Anti-Virus 5.0 for Windows File Servers Kaspersky Anti-Virus 5.0 for Windows File Servers (Silent uninstall) Kerio Personal Firewall 4.1.2 Kerio Personal Firewall 4.2.3 Kerio WinRoute Firewall 6.0 Kerio WinRoute Firewall 6.3 Kerio Personal Firewall 6.5.2 Kerio Personal Firewall 6.5.2 x64 Kerio Personal Firewall 6.7.1 Kerio Personal Firewall 6.7.6 © 2015 Autotask Corporation l Page 161 of 197 Kerio Personal Firewall 6.7.6 x64 Kerio Personal Firewall 2.1.5 Sunbelt Kerio Personal Firewall 4.3 Kingsoft Internet Security 2006 + Kingsoft Internet Security 2007 Kingsoft Internet Security 9 Kingsoft AntiSpyware 2006 + Kingsoft AntiVirus Kingsoft Internet Security Kingsoft Internet Security 9 plus Kingsoft Internet Security U SP1 KingsoftSecurityCare-ksaduba Kingsoft System Defender 2.8.1.136 Kaspersky Anti-Virus driver KL1 Kaspersky Anti-Virus driver KLFLT KLFLTDEV Upper Filter Kaspersky Anti-Virus driver KLICK Kaspersky Anti-Virus driver KLICK (9x) Kaspersky Anti-Virus driver KLIF Kaspersky Anti-Virus driver KLIF detected by registry Kaspersky Anti-Virus driver KLIN Kaspersky Anti-Virus driver KLIN (9x) Kaspersky Anti-Virus driver KLMC Kaspersky Anti-Virus driver KLMC (9x) Kaspersky Anti-Virus driver KLOP Kaspersky Anti-Virus driver KLOP (9x) Kaspersky Anti-Virus driver KLPF © 2015 Autotask Corporation l Page 162 of 197 Kaspersky Anti-Virus driver KLPF (9x) Kaspersky Anti-Virus driver KLPID Kaspersky Anti-Virus driver KLPID (9x) Kaspersky Crypto Storage EN Kaspersky Crypto Storage RU Kaspersky Crypto Storage x64 EN Kaspersky Crypto Storage x64 RU Kaspersky Password Manager Lamantine Sticky Password LANDesk Antivirus 8 Lavasoft Personal Firewall x32 Lavasoft Personal Firewall x64 Lavasoft Personal Firewall 1.0 Lightspeed Systems Security Agent 6.0 Lightspeed Systems Security Agent 6.2.0 Lightspeed Security Agent 7 Lightspeed Security Agent 7.01.02 Lightspeed Security Agent 7.01.03 Lightspeed Security Agent 7.02.01 Lightspeed Security Agent 7.02.03 Lightspeed Security Agent 8.00.01 Lightspeed Security Agent (x64) 8.00.01 Lightspeed Security Agent 8.00.02 Lightspeed Security Agent 8.00.03 Lightspeed Security Agent 8.01.02 Lightspeed Security Agent 8.01.04 Lightspeed Security Agent 8.02.01 © 2015 Autotask Corporation l Page 163 of 197 Lightspeed Security Agent 8.02.01 x64 Lightspeed Security Agent 8.02.02 Lightspeed Security Agent 8.02.02 x64 Lightspeed Security Agent 8.02.04 Lightspeed Security Agent 8.02.04 x64 Lightspeed Security Agent 8.02.05 Loaris Trojan Remover 1.2 Look'n'stop Firewall sp3 Look'n'stop Firewall sp3 x64 Look 'n' Stop Firewall 2.06 AdAware 7-8 Lavasoft Anti-Virus Helix America Online Antivirus (Powered by McAfee) McAfee Anti-Spyware Enterprise Module McAfee AntiSpyware Enterprise 8.5 McAfee Desktop Firewall 8.0 / 8.5 McAfee Firewall 4 McAfee Firewall Protection Service 5.2.0.603 McAfee Personal Firewall Plus 7 McAfee Firewall Protection Service 8.2.120 McAfee SiteAdvisor 2.x McAfee Virus and Spyware Protection Service McAfee Virus and Spyware Protection Service 5.2.2.121 McAfee Virus and Spyware Protection Service 5.2.2.104 McAfee SpamKiller McAfee VirusScan 7.0 McAfee VirusScan Online © 2015 Autotask Corporation l Page 164 of 197 McAfee VirusScan McAfee VirusScan Home Edition McAfee VirusScan Professional Bonus Pack McAfee VirusScan 4.5.1 McAfee VirusScan Enterprise 7.0 McAfee VirusScan Enterprise 7.0 German McAfee VirusScan Enterprise 7.1 McAfee VirusScan Enterprise 7.1 German McAfee VirusScan Enterprise 7.1 French McAfee VirusScan Enterprise 8.0 McAfee VirusScan Enterprise 8.0 German McAfee VirusScan Enterprise 8.0 italian McAfee VirusScan Enterprise 8.0 Spanish McAfee VirusScan Enterprise 8.5.0i McAfee VirusScan 4.5.1 Simplified Chinese McAfee VirusScan 4.5.1 Traditional Chinese McAfee VirusScan 4.5.1 Dutch McAfee VirusScan 4.5.1 French McAfee VirusScan 4.5.1 German McAfee VirusScan 4.5.1 Italian McAfee VirusScan 4.5.1 Korean McAfee VirusScan 4.5.1 Polish McAfee VirusScan 4.5.1 Portuguese McAfee VirusScan 4.5.1 Spanish McAfee VirusScan 4.5.1 Swedish McAfee VirusScan Enterprise 8.0i French McAfee Virus Scan Enterprise 8.0.0 Patch 10 © 2015 Autotask Corporation l Page 165 of 197 McAfee Agent 4.0 McAfee Agent 4.0.0.1496 McAfee Agent (generic) McAfee Alert Manager 4.7.1 McAfee Antivirus Software McAfee Host Intrusion Prevention 7.00.0700 McAfee Host Intrusion Prevention 8.00.0202 x64 McAfee Host Intrusion Prevention 8.00.0202 x86 McAfee VirusScan Core McAfee Anti-Virus File System Filter Driver McAfee Security Center 10.0.587 McAfee Site Advisor 3.0.163 McAfee SiteAdvisor McAfee SiteAdvisor Enterprise Plus 3.0.0.476 McAfee McAfee Security Scan Plus 3.0.250.5 McAfee Total Protection 10.5.178 McAfee Total Protection 11.0.623 build 12.0.129.0 McAfee Total Protection Service 4.9.2.358 McAfee VirusScan Enterprise 7.1.0 McAfee VirusScan Enterprise 8.0.0 McAfee VirusScan Enterprise 8.7.0i McAfee VirusScan Enterprise 8.8.0 Microsoft Forefront Client Security Antimalware Service 1.5 Microsoft Forefront Client Security Antimalware Service 1.5.19 Microsoft Forefront Client Security Antimalware Service 1.5.1993 Microsoft Forefront Client Security Antimalware Service 1.5.1996 Microsoft Forefront Client Security State Assessment Service 1.0 © 2015 Autotask Corporation l Page 166 of 197 Microsoft Forefront Server Security 10.0 Microsoft Security Client 2.1.1116.0 Microsoft Security Essentials (all versions) MS Security Essentials / Forefront EP 2-4 / MS System Center EP MS Security Essentials / Forefront EP 2-4 x64 / MS System Center EP x64 Microsoft Security Essentials Prerelease 4.2.223 Microsoft Security Essentials 4.3.216 x64 Microsoft Security Essentials x64 (all versions) Microsoft AntiSpyware NANO AntiVirus Symantec Norton AntiVirus 2008 Norton AntiVirus Corporate Edition 7.6.0.0000 NAVER Anti-virus 1.0.0.24 Symantec Norton AntiVirus 2004 Professional Symantec Norton AntiVirus 2005 Norton AntiVirus 2007 Nifty Security24 Norton Internet Security Professional 2004 Symantec Norton Internet Security 2005/2006 (8.0.0.64) Norton Internet Security 2005 Symantec Norton Internet Security 2007 Norton Internet Security 2008 Norton Internet Security / Norton Antivirus 2009-2013 / Norton 360 v.20.1.0.24 Norton Internet Security 8.0.0.64 Eset NOD32 for Windows 2.xx Eset NOD32 for Windows 2.x ESET NOD32 Antivirus rus 3.0.669.0 © 2015 Autotask Corporation l Page 167 of 197 Norman Virus Control 5.8 Norman Virus Control 5.9 Norman Endpoint Protection Stand Alone 8.10.0300 x86 Norman Endpoint Protection 8.10.0300 x64 Norman Personal Firewall 1.42 Norman Security Suite 7.10.1 Norman Security Suite 8.0 Norman Security Suite 9.00.0100 Norman Endpoint Protection 9.0 x32 Norman Endpoint Protection 9.0 x64 Norman Endpoint Protection 7.20 Norman Virus Control 2008 5.99 Nortel Networks Contivity VPN Client 5.01 Nortel Networks Contivity VPN Client 4.86 Norton AntiVirus 2001 Norton AntiVirus 2002 Norton AntiVirus 2002 Professional Edition Norton AntiVirus 2003 Professional Edition Norton AntiVirus 2004 Symantec Norton 360 ver. 1.0.0.184 Norton AntiVirus 5.02 for Windows NT Workstation Norton AntiVirus Corporate Edition 7.0 Symantec AntiVirus 10.2.0.276 Symantec AntiVirus 10.1.6.6000 for x64 Symantec AntiVirus 10.1.5000.5 for x64 Symantec AntiVirus 10.0.2.2000 Symantec AntiVirus 10.0.6.600 © 2015 Autotask Corporation l Page 168 of 197 Symantec AntiVirus 10.0.1000 Symantec AntiVirus 10.1.394 Symantec AntiVirus 10.1.5.5000 Symantec AntiVirus 10.1.6.6000 Symantec AntiVirus 10.1.8.8000 Symantec AntiVirus 10.0.359 Symantec AntiVirus 10.1.4.4000 Symantec Norton 360 v5.0.0.125 Symantec Norton 360 v6.0.0.54 Beta Norton 360 6.0.0.145 x64 Norton 360 6.0.0.145 Norton 360 6.0.1.2 x64 Norton 360 6.0.1.2 Norton AntiVirus Corporate Edition 7.5 Symantec AntiVirus Corporate Edition 8 Symantec AntiVirus Corporate Edition 9.0.0 Symantec AntiVirus Corporate Edition 9.0.4 Symantec AntiVirus Corporate Edition 9.0.6 Norton Confidential 1.0.0 Norton Confidential 1.5.1.8 nProtect Antivirus/Antispyware 2007 nProtect Personal 5 Online Armor 4.0 Orange AntiVirus Firewall Orange Launch pad 1.62.366.0 Orbit Downloader Agnitum Outpost Firewall 1.0 © 2015 Autotask Corporation l Page 169 of 197 Agnitum Outpost Firewall 1.0 SDK Agnitum Outpost Firewall Pro 2.1 Agnitum Outpost Firewall 2.5 Agnitum Outpost Firewall 2.x Agnitum Outpost Firewall Pro 6.0 Agnitum Outpost Firewall Pro 6.0 x64 Agnitum Outpost Network Security Client 3.5 Agnitum Outpost Antivirus Pro 6 Agnitum Outpost Antivirus Pro 6 x64 Agnitum Outpost Security Suite Pro 6.0 Agnitum Outpost Security Suite Pro 6.0 x64 Panda AntiVirus 2004 Panda Antivirus 2007/2008 3.01.00 Panda Platinum Internet Security Panda AntiVirus 2006-2008 Panda Internet Security 2007-2008 Panda Security for File Servers 8 Panda WebAdmin AntiVirus Panda AdminSecure 2007-2010 Panda Antivirus Pro 2009 - 2014 Panda Antivirus Pro 2009 - 2014 x64 Panda Antivirus Panda Cloud Antivirus 2.0.1 Panda Client Shield 4.01.10 / Panda Security for Desktops 4.03.10.0000 Panda Endpoint Agent 6.20.00.0000 Panda Endpoint Protection 5.50.00.0000 x64 Panda Endpoint Protection 5.50.00.0000 x86 © 2015 Autotask Corporation l Page 170 of 197 Panda Endpoint Protection 06.20.11.0000 x64 Panda Endpoint Protection 06.20.11.0000 x86 Panda Global Protection 2012 v5.01.00 Panda Global Protection 2009/2010 Panda Internet Security 2009 - 2014 / Panda IS 2012 for Netbooks Panda Security for Desktops 4.50 Panda Security for Desktops 4.50.22 Panda Security for File Servers 8.50 PC Tools AntiVirus PC Tools Firewall Plus 3.0 for Windows PC Tools Firewall Plus 5.0 PC Tools Internet Security 2008 Spam Monitor 3.0 PC Tools Spyware Doctor 8.0 - 9.0 \ PC Tools Internet Security 8.0 PC-cillin AntiVirus 2002 PC-cillin AntiVirus 2003 PeoplePC Internet Security Pack Prevx 3.0 PrivateFirewall 6-7 Quick Heal AnitVirus 2008 Quick Heal Total Security 2008 RAV AntiVirus Rising AntiVirus Rising Personal Firewall 20 Rising Internet Security Authentium Safe Central 4.0.0.168 360 Safety Guard / 360 Antivirus / 360 Safe Defender © 2015 Autotask Corporation l Page 171 of 197 SafeGuard PrivateCrypto 2.31.1 SafeNet ProtectDrive 9.4.2 StarForce SafenSec StarForce SafenSec Pro Securitoo AntiVirus Firewall 7.x SiWinAcc.sys Driver Sophos AutoUpdate 2.x Sophos Anti-Virus version 4.6.10 Sophos Antivirus 4.x Sophos Antivirus 6.x/5.x Sophos Anti-Virus 7.x Sophos AutoUpdate 3.1.1.18 Sophos Compliance Agent 3.9.41.0 x64 Sophos Compliance Agent 3.9.41.0 x86 Sophos Endpoint Security and Control 9.X - 10.x \ Sophos Anti-Virus 10.0.10 Sophos Endpoint Security and Control / Sophos Anti-Virus 10.3.1 Sophos Endpoint Security and Control / Sophos Anti-Virus 10.3.x Sophos Enterprise Console 3.0.0 Sophos Enterprise Console 4.5.0 Sophos Client Firewall 2.9.4 Sophos Management Server 5.1 x86 Sophos NAC Application Server 3.5.305.0 Sophos NAC Application Server 3.5.305.0 x64 Sophos Patch Agent 1.0.307.0 x64 Sophos Patch Agent 1.0.307.0 x86 Sophos Safeguard 5.50.0 Virus Security x64 © 2015 Autotask Corporation l Page 172 of 197 Virus Security x86 Agnitum Spam Terrier Agnitum Spam Terrier x64 Spybot - Search & Destroy 1.3 & 1.4 Spybot - Search & Destroy 1.6.2 Sygate Personal Firewall 5 AhnLab SpyZero 2006 Steganos Internet Anonym Pro 7 Sunbelt iHate Spam for Outlook 5.3.4347.0 Sunbelt Personal Firewall 4.5 Sunbelt personal Firewall 4.6.1861 Sunbelt VIPRE Antivirus and Antispyware 3.2.1881.2 Sunbelt VIPRE 3.0 VIPRE Antivirus 4.0.3248 VIPRE Antivirus 4.0.3907 / VIPRE GFI Business Agent 5.0 Sunbelt iHateSpam for Microsoft Outlook 5 Subelt iHate Spam 4.0.632 Subelt iHate Spam Outlook Edition VIPRE Antivirus 4.0.3275 SUPERAntiSpyware Free Edition 4.26.0.1002 Sygate Personal Firewall 5.0 Sygate Personal Firewall 5.5 Symantec AntiVirus 10.2.1000.1 Symantec AntiVirus 10.2.1000.1 for 64-bit Symantec AntiVirus 10.2.2000.2 Symantec AntiVirus 10.2.298.0 x64 Symantec AntiVirus 10.2.3.3000 © 2015 Autotask Corporation l Page 173 of 197 Symantec AntiVirus 10.2.4000.4 Symantec AntiVirus 10.2.4000.4 x64 Symantec Client Firewall 8.7.4.79 & Symantec AntiVirus 10.1.4.4000 Symantec Antivirus 10.0.1000.1 Symantec Antivirus 10.1.7000.7 x64 Symantec Antivirus 10.1.7000.7 x86 Symantec AntiVirus 10.0.2000.2 german Symantec Client Security 10.1.5000.5 Symantec.cloud - Cloud Agent Symantec.cloud - Endpoint Protection - Server 12.1.1101.401 Symantec.cloud - Endpoint Protection x64 Symantec.cloud - Endpoint Protection x86 Symantec Endpoint Protection x64 11.0.4000.2295 Symantec Endpoint Protection 11.0.2000.1567 Symantec Endpoint Protection 11.0.4000.2295 Symantec Endpoint Protection 11.0.4010 Symantec Endpoint Protection 11.0.5002.333 Symantec Endpoint Protection 11.0.5002.333 x64 Symantec Endpoint Protection 11.0.6000.550 Symantec Endpoint Protection 11.0.6000.550 x64 Symantec Endpoint Protection 11.0.6005.562 Symantec Endpoint Protection 11.0.6005.562 x64 Symantec Endpoint Protection 11.0.6100.645 Symantec Endpoint Protection 11.0.6100.645 x64 Symantec Endpoint Protection 11.0.6200.754 Symantec Endpoint Protection 11.0.6200.754 x64 Symantec Endpoint Protection 11.0.6300.803 © 2015 Autotask Corporation l Page 174 of 197 Symantec Endpoint Protection 11.0.6300.803 x64 Symantec Endpoint Protection 11.0.700.975 Symantec Endpoint Protection 11.0.700.975 x64 Symantec Endpoint Protection 11.0.7101.1056 Symantec Endpoint Protection 11.0.7101.1056 x64 Symantec Endpoint Protection 11.0.7200.1147 x64 Symantec Endpoint Protection 11.0.7200.1147 x86 Symantec Endpoint Protection 11.0.7300.1294 Symantec Endpoint Protection 11.0.7300.1294 x64 Symantec Endpoint Protection 11.0.3 Symantec Endpoint Protection 11.0.3 x64 Symantec Endpoint Protection 11.0.4014.26 Symantec Endpoint Protection x64 11.0.4014.26 Symantec Endpoint Protection 11.0.4202.75 Symantec Endpoint Protection 11.0.4202.75 x64 Symantec Endpoint Protection 12.0.1001.95 Symantec Endpoint Protection 12.0.1001.95 x64 Symantec Endpoint Protection 12.0.122.192 Brazil Symantec Endpoint Protection 12.0.122.192 x64 Brazil Symantec Endpoint Protection 12.1.1000.157 Symantec Endpoint Protection 12.1.1000.157 Brazil Symantec Endpoint Protection 12.1.1000.157 Brazil x64 Symantec Endpoint Protection 12.1.1000.157 x64 Symantec Endpoint Protection 12.1.1000.157 RU / FR Symantec Endpoint Protection 12.1.1000.157 x64 FR Symantec Endpoint Protection 12.1.1000.157.105 x64 russian Symantec Endpoint Protection 12.1.1000.157.105 x86 russian © 2015 Autotask Corporation l Page 175 of 197 Symantec Endpoint Protection 12.1.1000.157 x64 german Symantec Endpoint Protection 12.1.1000.157 x64 IT Symantec Endpoint Protection 12.1.1000.157 (x86) DE Symantec Endpoint Protection 12.1.1000.157 x86 italy Symantec Endpoint Protection 12.1.1101.401 x64 spanish Symantec Endpoint Protection 12.1.1101.401 x86 spanish Symantec Endpoint Protection 12.1.1101.401 Eng Symantec Endpoint Protection 12.1.1101.401 Rus Symantec Endpoint Protection 12.1.1101.401 x64 portugese Symantec Endpoint Protection 12.1.1101.401 x64 chinese traditional Symantec Endpoint Protection 12.1.1101.401 x64 chinese simplified Symantec Endpoint Protection 12.1.1101.401 x64 Symantec Endpoint Protection 12.1.1101.401 x64 Eng Symantec Endpoint Protection 12.1.1101.401 x64 french Symantec Endpoint Protection 12.1.1101.401 x64 italian Symantec Endpoint Protection 12.1.1101.401 x64 Rus Symantec Endpoint Protection 12.1.1101.401 x86 portugese Symantec Endpoint Protection 12.1.1101.401 x86 chinese traditional Symantec Endpoint Protection 12.1.1101.401 x86 chinese simplified Symantec Endpoint Protection 12.1.1101.401 x86 Symantec Endpoint Protection 12.1.1101.401 x86 french Symantec Endpoint Protection 12.1.1101.401 x86 italian Symantec Endpoint Protection 12.1.2015.2015 x64 german Symantec Endpoint Protection 12.1.2015.2015 x64 Symantec Endpoint Protection 12.1.2015.2015 x64 IT Symantec Endpoint Protection 12.1.2015.2015 x64 russian Symantec Endpoint Protection 12.1.2015.2015 x86 german © 2015 Autotask Corporation l Page 176 of 197 Symantec Endpoint Protection 12.1.2015.2015 x86 Symantec Endpoint Protection 12.1.2015.2015 x86 IT Symantec Endpoint Protection 12.1.2015.2015 x86 russian Symantec Endpoint Protection 12.1.4013.4013 x64 Symantec Endpoint Protection 12.1.4013.4013 x64 ru Symantec Endpoint Protection 12.1.4013.4013 (x86) Symantec Endpoint Protection 12.1.4013.4013 x86 ru Symantec Endpoint Protection 12.1.4112.4156 x64 English Symantec Endpoint Protection 12.1.5337.5000 x64 english Symantec Endpoint Protection 12.1.5337.5000 x86 english Symantec Endpoint Protection 12.1.601.4699 x64 Symantec Endpoint Protection 12.1.671.4971 Symantec Endpoint Protection 12.1.671.4971 Spanish Symantec Endpoint Protection 12.1.671.4971 Spanish x64 Symantec Endpoint Protection 12.1.671.4971 x64 Symantec Endpoint Protection 12.1.671.4971 x64 FR Symantec Endpoint Protection 12.1.671.4971.105 Symantec Endpoint Protection 12.1.671.4971.105 x64 Symantec Endpoint Protection 12.1.671.4971 x64 chinese Symantec Endpoint Protection 12.1.671.4971 (x64) DE Symantec Endpoint Protection 12.1.671.4971 x86 chinese Symantec Endpoint Protection 12.1.671.4971 (x86) DE Symantec Endpoint Protection 12.1.671.4971 (x86) IT Symantec Endpoint Protection 12.1.671.4971 FR Symantec Endpoint Protection Manager 12.1.3001.165 Symantec Endpoint Protection Manager 12.1.4013.4013 Symantec Network Access Control v11.0.6100.645 © 2015 Autotask Corporation l Page 177 of 197 Symantec Network Access Control v11.0.7200.1147 Symantec Network Access Control v12.1.1101.401 x64 Symantec Network Access Control v12.1.1101.401 x86 Symantec Protection Agent 5.1 Symantec Client Security 10.1.8000.8 Symantec Client Security 10.1.394.0 Symantec Client Security 10.1.7000.7 Symantec Client Security 10.1.9000.9 Symantec Client Security 10.1.9000.9 x64 Symantec Client Security 9.0 Symantec Endpoint Protection x64 11.0.1000.1375 Symantec Endpoint Protection 11.0.901.2006 Symantec Endpoint Protection 11.0.780.1008 and 11.0.1000.1375 Symantec Endpoint Protection 11.0.2010.25 Symantec Endpoint Protection 11.0.20 x64 Symantec Endpoint Protection 11.0.2020.56 Symantec LiveUpdate Tiny Firewall Pro 6.0 Tiny Personal Firewall 6.5.92 Trend Micro Client/Server Security Agent 3.7.1055 Trend Micro OfficeScan Client 8 / 10 Client Trend SBSA 3.0 SP1 Trend Micro Security Server Trend Micro Titanium Antivirus Plus x64 Trend Micro Titanium Antivirus Plus x86 Trend Micro Titanium Internet Security x64 Trend Micro Titanium Internet Security x86 © 2015 Autotask Corporation l Page 178 of 197 Trend Micro Titanium Maximum Security x64 Trend Micro Titanium Maximum Security x86 Trend Micro Anti-Spyware 3.0/3.5 Trend Micro Anti-Spyware for SMB / Enterpise 3.x Trend Micro PC-cillin Internet Security 2006 (14) Trend Micro OfficeScan Client 5.0 - 10.0 Trend Micro OfficeScan Server 10.5.1083 Trend Micro ServerProtect 5.80 Trend Micro ServerProtect 5.80 x64 Trend Micro ServerProtect 5.58 Trend Micro Titanium 3.0 x86 Trend Micro Titanium Maximum Security 2012 Trend Micro Titanium Maximum Security 2012 v5.00 Trend Micro Titanium 3.0 x64 Trend Micro PC-cillin AntiSpam Pilot Trend Micro Worry-Free Business Security Agent 7.0 x64 Trend Micro Worry-Free Business Security Agent 7.0 x86 Trend Micro Worry-Free Business Security Agent 8.0 x64 Trend Micro Worry-Free Business Security Agent 8.0 x86 Trend Micro PC-cillin Internet Security 2008 Trend Micro Internet Security 2009 (Pro) Trend Micro Internet Security 2009 (Pro) x64 Trend Micro Internet Security 2010 Trend Micro Internet Security 2010 x64 Trend Micro PC-cillin Internet Security 2005 Trend Micro PC-cillin Internet Security 2007 Trustport Antivirus 2013/Internet Security 2013/Total Protection 13.0.6.5088 © 2015 Autotask Corporation l Page 179 of 197 Installer for User Profile Hive Cleanup Service 1.6.36 AhnLab V3 VirusBlock 2006 AhnLab V3 VirusBlock Internet Security 2007 7.0.0.274 AhnLab V3 VirusBlock Internet Security 2007 Platinum V3 Lite V3 Lite x64 VirusBlokAda AntiVirus 3.11 Virus Block ADA 32 3.12.10.1 Vexira Antivirus Professional 5.3 Vexira/VirusBuster Antivirus Professional 6.2 Vexira Antivirus Professional 7.3 Vexira Antivirus Professional 7.3 x64 Vexira Antivirus prof for x64 and all vista Vexira Antivirus prof for x64 Vexira Antivirus CMS 7 Vexira Antivirus for Windows Servers 5.3 Vexira Antivirus for Windows Servers 7 Vexira Antivirus for Windows Servers 7 x64 TEGAM International ViGUARD ViPNet Office Firewall ViPNet Personal Firewall VIPRE Antivirus 7.0.6.2 VIPRE Internet Security 7.0.6.2 VirusBuster Personal 5.2 VirusBuster Professional 5.2 ViRobot Desktop 5.5 ViRobot Desktop 5.5 ISMS © 2015 Autotask Corporation l Page 180 of 197 ViRobot Desktop 5.0 ViRobot ISMS Client 3.5 ViRobot Windows Server 3.5 Virus Security v9 - 10 Virus Buster Internet Security 6.0 VirusBuster for x32 VirusBuster for x64 Virus Chaser 5.0a Virus Dr.(v10) Rising Antivirus 2007/ Virus Killer Virus Security ZERO SOURCE NEXT Virus Security ZERO Wave software driver Webroot AntiSpyware Client 3.5 Webroot AntiSpyware Client 3.5.1.5088 Webroot AntiSpyware Client 3.5.1.5118 Webroot Desktop Firewall 5.8.0.25 Webroot Internet Security Essentials 6.0 / Webroot AntiVirus and AntiSpyware Webroot SecureAnyehwere 8.0.1.20 Webroot Software 7.0 Microsoft Windows OneCare Live AntiSpyware and AntiVirus Windows Live OneCare 2.0.2500.14 Kaspersky Anti-Virus for Windows Workstations 5.0 (5.0.527 - 5.0.712) Kaspersky Anti-Virus for Windows Workstations 5.0 (5.0.527 - 5.0.712) (Silent uninstall) ZoneAlarm Security Suite ZoneAlarm Firewall ZoneAlarm Anti-Virus © 2015 Autotask Corporation l Page 181 of 197 ZoneAlarm with Antivirus ZoneAlarm Firewall Pro ZoneAlarm Anti-spyware ZoneAlarm Wireless Security Zillya! Antivirus 1.1.2343.0 Zillya! Internet Security 1.1 Zondex Guard 5.4.2 ZoneAlarm Firewall 10.1.079.000 ZoneAlarm Free Antivirus + Firewall 10.2.064.000 How to... Download the Kaspersky extension 1. Log into your AEM account and click on the ComStore tab. 2. Search for the Kaspersky Endpoint Security extension. Do not confuse this with the component called “Kaspersky 2011 Internet Security monitor”. 3. Open it and click Buy to download it. As soon as you download KES for your account, a new section will be added to your Account Settings and Profile Settings. Refer to "Windows Security Centre Audit" on page 76 and Kaspersky Endpoint Security. At the same time, the anti-virus summary will slightly change at both Profile and System level. Refer to Profile Summary and System Dashboard. Add the license key 1. Navigate to Account > Integrations. You will now have a new section in the Integrations page called Kaspersky Endpoint Security. © 2015 Autotask Corporation l Page 182 of 197 2. Click Add License. The Add new License Key window will open. Complete the following fields: Field Description Name Enter a name for the license key. Description Enter a description. © 2015 Autotask Corporation l Page 183 of 197 Field Description Security Type Use the radio button to select how you will enter the key. • Select Upload Key File to upload the key file provided by Kaspersky. • Select Key to manually enter the key in the field below. To minimize potential errors, we recommend that you upload the .key file supplied by Kaspersky. Key If you selected Key, use this field to copy in the key. Expiry Date Enter the expiration date of your key. Number of Endpoints Enter the number of endpoints. AEM does not currently get expiry and endpoint information from Kaspersky. Please provide accurate information, or the integration will stop working without warning. 3. Click Add. Your license information will appear on the Integrations page. You can add as many licenses as you have available by repeating steps 1-2. Add Agent configuration files In this step, you will provide the information from the local Kaspersky agent configuration (scan settings, whitelisting, exclusions, etc.) to AEM. You can either add your own configuration file or use the Default Mac Configuration File and Default Windows Configuration File. If you choose to use any of the default configuration files, you still need to download a copy and upload it to your account using the Add new configuration file button. 1. To start with any of the default configuration files, click the green Download arrow on the right to save it to your computer. Then click Add new configuration file. To use your own configuration file, click Add new configuration file. © 2015 Autotask Corporation l Page 184 of 197 2. Complete the following fields: Field Description Operating System Select the operating system of the endpoint device the Kaspersky agent will be monitoring. Name Enter a name for the configuration file Description Enter a description for the configuration file. © 2015 Autotask Corporation l Page 185 of 197 Field Description Configuration File Password Ensure that the password you input here is the same as the password in the configuration file. The password entered in the AEM Web Portal is used to make the connection to KES. If this password does not match the one in KES, the connection will not be possible. Please note: a. To apply a configuration file to KES, it must be password protected (on installation, KES will have set up a default password). b. The password from the configuration file must match the password you enter above. The password from the configuration file is encrypted, thus AEM cannot check if the one you enter in the Web Portal matches the actual password from the configuration file. The Account Admin has to ensure that these are identical. c. If the password from the configuration file, does not match the one you enter in the Web Portal, the configuration file will be applied, however, all next actions with Kaspersky will not be possible (Configuration file application, Uninstall of KES, Apply license to KES). Configuration File To upload either your own configuration file or any of the default configuration files downloaded in step 1, click the green Upload arrow. 3. Once you have filled in all the fields and uploaded your configuration file, click Save. 4. You can add as many configuration files as you wish. 5. To edit the uploaded configuration files, click the pencil icon. Make the changes in the Edit Configuration File window and click Save. You have now successfully completed the setup of the Kaspersky Endpoint Security Integration. Follow the steps below to deploy the Kaspersky agent to your endpoints, and enable the monitoring of the Kaspersky Endpoint Security solution. Deploy the KES agent and enable Pro-Active Monitoring Now that you have set up the integration with your license files(s) and configuration file(s), you can use the power of AEM to push out the Kaspersky Endpoint Security agent (version 10 for Windows and version 8 for Mac). Set up a Security Management Policy to push out KES to your devices and to raise alerts and tickets as per the criteria you set in the monitor details. You can create the policy at either system or profile level. For © 2015 Autotask Corporation l Page 186 of 197 further information, refer to Create a Security Management Policy. Uninstall KES from devices To be able to uninstall KES from your endpoints, you must ensure the Kaspersky Endpoint Security extension is enabled and set up for your account and your endpoints are targeted with the Security Management Policy. To uninstall KES from these devices: 1. Login to your AEM account and navigate to the system or profile policy which targets the devices you want to uninstall KES from. 2. Remove the required devices from the list of target devices. 3. Click Save and click Push changes. If Allow Force Reboot is checked, the device will automatically reboot after the KES uninstall is completed. To learn how to see information and statistics about your devices with the KES agent installed, refer to Backup Management. Status indicators The status of your endpoints is transmitted to the Web Portal at the device level and on the Profile Summary page. The following indicators will appear. Icon Description No issues found Active threats are found KES is not up to date Note: After the first installation of KES, the alert for this status will be postponed until 24 hours after install OR 30 minutes after first reboot. KES requires reboot Deployment of the configuration file has failed KES is disabled KES is not installed © 2015 Autotask Corporation l Page 187 of 197 In the Web Portal, profiles with an active KES policy will display the Kaspersky logo: © 2015 Autotask Corporation l Page 188 of 197 Splashtop Remote Screen Share Integration Traditionally, Autotask Endpoint Management (AEM) has used RDP and VNC as its main remote screen viewers. Autotask now offers an integration with Splashtop that uses the latest remote screen share technology: l l l Windows and Macintosh support - Splashtop enables remote desktop support in both Windows and OS X. Retina display support - The use of Splashtop gives remote takeover ability to retina display Macs, as well as the ability to take over OS X devices unattended. Secure connection - All ports are routed through our secure tunnel servers when the connection is initiated from an AEM Agent. If you have an account with Splashtop, it is possible to enter the credentials of your account with the streamer where you can log in with your Splashtop details. In this instance, you will be using Splashtop’s infrastructure and it will not be tunneled through our secure connection, and is not supported by AEM. Minimum requirements Windows l XP Pro and later versions While it operates in Windows server environments, there can be issues when switching from different user accounts. Splashtop hopes to resolve this limitation soon. In the meantime, we suggest the use of RDP for remote sessions to Windows server environments. More information on this issue can be found on Splashtop’s support page. Mac OS X l l 10.6 + Snow Leopard and later versions 1.6 GHz or faster dual-core CPU (use of a less powerful CPU may cause higher CPU usage when connected) l 1 GB of RAM l Support for 2560 (or less) screen resolution for Windows l Support for 2560 (or less) screen resolution for Mac l Audio setting within the 32 kHz to 96 kHz range l Optimized for NVIDIA graphics cards. For further information, refer to What NVIDIA optimization does Splashtop support? © 2015 Autotask Corporation l Page 189 of 197 How to... Enable Splashtop In order to enable Splashtop in your account, you need to enable the extension to do this. l Go to ComStore. l Click Extensions. l Choose Splashtop Remote Screen Sharing. l Click on Buy. Install the Streamer Splashtop deployment works by utilizing a server and a viewer application, or in Splashtop terms, a streamer for the remote side and a client for the viewing side. The Splashtop installer, i.e. the streamer makes it possible to remotely view a device. You can choose to automatically push out the streamer to devices on a per profile basis, all devices, or only those devices that you select by clicking on the Splashtop icon in the Agent browser. To install the Agent automatically to all devices in the account or in a profile: 1. Navigate to Account > Settings. 2. Scroll down to Splashtop Settings and turn on Enable automatic installation of Splashtop Streamer. Once enabled, it will select the default setting of Auto install Splashtop for all profiles and proceed to download and install the appropriate streamer on each device the first time they come online after the service on that device has restarted. This means, if the device is online at the point of enabling the auto install option, the Agent service must be restarted either manually or by rebooting the device for the streamer to be installed. © 2015 Autotask Corporation l Page 190 of 197 Alternatively, there is an option to enable the streamer for specific profiles. 1. Change the auto install setting to Selected Profiles. 2. Choose the profiles you want to enable Splashtop for. If you do not enable the Splashtop streamer to be deployed in this method, clicking the Splashtop Agent icon when connected to a device in the Agent browser will install the streamer on the device. It may take a few moments for it to install when connecting for the first time. Install the Client Installation of the client is automatic on each device upon the first time a connection of this type is initiated. Update the Client and Streamer The client and streamer will automatically be updated in the same way Agents are updated when updates © 2015 Autotask Corporation l Page 191 of 197 become available. Establish a remote takeover session Web Portal 1. Find the device you wish to connect to. 2. At the end of the row of data about the device, you will see the connect, RDP, VNC and Splashtop icons. 3. Click on the Splashtop icon to initiate a connection to the device. Agent Browser Much in the same way as you find the Splashtop icon in the Web Portal, you will now see a new Splashtop icon in the Agent browser. To initiate the remote takeover using Splashtop: 1. Login to the Agent browser. 2. Find the device in the way you normally would (use search, locate by IP, hostname etc.). 3. Connect to device so the device shows in the connected devices area. 4. Once connected, locate the Splashtop icon and click connect. You will now be connected to the device via Splashtop. © 2015 Autotask Corporation l Page 192 of 197 Remote session controls Once the Splashtop window is open, you can access the following control icons by clicking the down arrow: Icon Description Disconnect. Ends the remote takeover session and disconnects you from the endpoint. CTRL-ALT-DEL. This will send the key press combination of CTRL-ALT-DEL to the remote device. Sharp mode/Smooth mode toggle. Sharp mode gives clearer display quality. Smooth mode gives faster streaming performance, but consumes more CPU power on your computer. Scaled/Original size screen toggle. This will toggle between a scaled resolution of the remote screen in your window and the actual resolution of the remote display. © 2015 Autotask Corporation l Page 193 of 197 Icon Description Full screen toggle. Switch between a windowed or full screen view of the remote desktop. Switch display (or monitors). Provides switching to (and from) your secondary monitor if your computer has more than one display or monitor attached. © 2015 Autotask Corporation l Page 194 of 197 Index: .Net Framework – IP address ranges Index custom agent settings 67 custom fields 67, 80 . custom labels 67 .Net Framework 21 D 2 Datto 133 2FA 60, 67 device approval 67, 77 A device limit 36 access control 67 disable 2FA 60 account settings 67 disable TOTP 60 account setup 67 disable two factor authentication 60 agent I about 6 I forgot my password 53 agent browser 6 infrastructure 23 agent updates 67, 89 overview 9 Amazon 12 integrations 91 Autotask PSA 95 Autotask PSA 95 B configuring 91 billing portal 36 ConnectWise 118 branding 40 Datto 133 C change password 33, 53 command prompt 80 Concord 10 configuration 31 connection broker 84, 87 Kaspersky 136 service desk 93 Splashtop 189 Zendesk 127 introduction to AEM 4-5 IP address ranges 12 ConnectWise 118 ©2015 Autotask Corporation l Page 195 of 197 Index: Kaspersky – ticket assignee K reg edit 80 regedit 80 Kaspersky 136 L region 10 license 36 registry editor 80 LiveLink 95, 114 remote connection 114 LiveLinks Designer 114 remote takeover 114 M requirements overview 9 mail recipients 67 mail settings 67 reset columns display 67 manage password 53 reset password 53 Merlot 10 roles 43 S Mono 21 N sandboxing 77 security 23 node score 84, 87 O service desk 93 setup 31 OTP token 60 P SNMP credentials 67 Splashtop 189 package 36 strong password requirements 53 password 53, 67 subnet 84 password policy 67 supported operating systems 21 Pinotage 10 Syrah 10 platform 10 system requirements 21 power rating 67 T profile variables 67 R rebranding 40 TFA 60 ticket assignee 67 ©2015 Autotask Corporation l Page 196 of 197 Index: two-factor authentication – Zinfandel two-factor authentication 33, 60, 67 U ULS 10 unified login server 10 user account 33 users 48 V variables 67 W web portal, about 6 whitelisting 12 windows registry 80 Z Zendesk 127 Zinfandel 10 ©2015 Autotask Corporation l Page 197 of 197