Setting Up Autotask Endpoint Management

Transcription

Setting Up
Autotask
Endpoint Management
Updated 9/10/2015
© 2015 Autotask Corporation
Table of Contents
Table of Contents
Table of Contents
2
Introduction to Autotask Endpoint Management
4
Overview
5
AEM Web Portal and Agent
6
Infrastructure and Requirements
9
AEM Platforms
10
Whitelisting Requirements for IP Addresses and URLs
12
Supported Operating Systems and Requirements for the Agent Browser
21
Infrastructure and Security
23
Set Up Autotask Endpoint Management
31
Your User Account
33
Licensing and Billing
36
Branding
40
Roles
43
Users
48
Manage Passwords
53
Two-Factor Authentication
60
Account Settings
67
New Device Approval
77
Custom Fields
80
Connection Brokers
84
Node Scores
87
© 2015 Autotask Corporation l Page 2 of 197
Table of Contents
Agent Updates
89
Configuring Third Party Integrations
91
Service Desk Integrations with Autotask Endpoint Management
93
Integrate with Autotask PSA
95
Autotask LiveLinks to AEM Devices
114
ConnectWise
118
Zendesk
127
Datto Backup Integration
133
Kaspersky Endpoint Security Integration
136
Splashtop Remote Screen Share Integration
189
Index
195
Introduction to Autotask Endpoint Management
In the Introduction chapter, we cover the following:
l
l
l
We give you a brief overview of Remote Monitoring and Management software, and introduce you to
Autotask Endpoint Management. Refer to "Overview" on page 5.
We introduce you to the two interface components of Autotask Endpoint Management. Refer to "AEM
Web Portal and Agent" on page 6.
Before you begin with the configuration of your Endpoint Management site, you should make sure that
you are hosted on the right platform, whitelist a number of IP addresses and URLs, and learn about supported operating systems and requirements for the Agent browser. Refer to "Infrastructure and Requirements" on page 9.
Overview
About Remote Monitoring and Management (RMM)
Remote monitoring and management (RMM) software enables managed IT service providers (MSPs) to
remotely and proactively monitor their customers' networks and computers.
Data about the remote devices, also known as endpoints, is collected by a lightweight software program
called Agent which then communicates this data to the Endpoint Management application. The service provider has access to this information via a Web Portal.
With an RMM solution, you can collect information about the customers' network, hardware and software
("audit"), remotely support customers, proactively monitor every endpoint, deploy patches, create alerts and
tickets when issues arise, schedule maintenance jobs, and more. You can stay ahead of issues and resolve
them without going on-site, often before your customers are aware of a problem.
Autotask Endpoint Management and Autotask PSA
Autotask offers complete solutions for RMM (Autotask Endpoint Management) and IT Business Management
(Autotask PSA). Our products can be used as an integrated solution, or as stand-alone products. We will continue to support partner solutions for both product lines.
l
l
For an overview of the Autotask integration of PSA and AEM, refer to "Integrate with Autotask PSA" on
page 95.
For an overview of other RMM tools that integrated with Autotask PSA, refer to Partner Solutions.
AEM Web Portal and Agent
The Autotask Endpoint Management (AEM) platform consists of two separate components: the Web Portal
and the Agent.
The Web Portal
The Web Portal is a cloud-based browser application that lets you manage any number of devices ("endpoints") for multiple customers across multiple operating systems. On the Web Portal, you can:
l
Administer your site, including users, security levels, branding, profiles, groups and filters
l
Set up and manage the profiles and the devices that are associated with them
l
Configure the ready-made components (applications and utilities) you downloaded from the ComStore
l
Schedule jobs to be performed on selected devices, and much else...
The Agent
The Agent is a lightweight software program that is installed on all managed devices that support agent installation. It also acts as a go-between for network devices that do not support Agent installation, but can be managed using SNMP. The Agent collects data on the devices, and communicates it to the Web Portal. It can
also execute a variety of actions on the remote device, such as:
l
Audit the installed hardware and software
l
Proactively monitor the device
l
Deploy software, patches and updates
l
Enable the remote takeover of devices that have the Agent installed
Most of these tasks are accomplished in the Agent browser, an application launched from the Agent icon in
the system tray or from the Web Portal. It contains multiple tools to take control of a remote device.
In the Agent browser, you can:
l
Take a screen shot of the remote device or open a remote takeover tool like RDP, VNC or Splashtop
l
Open a Command Shell and add and edit registry items on the remote device
l
Control Windows Services on the remote device
l
Wake up, shut down or restart the remote device
l
Monitor resources such as CPU or memory in real time
l
Transfer files
l
View event logs
It allows you to diagnose and fix many issues remotely, and often in the background, without the user being
aware of it.
Infrastructure and Requirements
If you are responsible for rolling out Autotask Endpoint Management (AEM) in your company, we recommend
that you familiarize yourself with the following technical topics:
l
l
l
l
The AEM cloud application is located on a number of platforms around the globe. Customers are
assigned to the platform that provides the fastest connection, based on their location. Refer to "AEM
Platforms" on page 10.
To allow seamless connectivity to the AEM Web Portal (formerly CSM) and between AEM Agents
(formerly CAGs), you must open TCP PORT 443 Outbound through your firewall. The IP addresses
you must whitelist are specific to your platform. Refer to "Whitelisting Requirements for IP Addresses
and URLs" on page 12.
The AEM Agent can be installed on a wide range of operating systems. Refer to "Supported Operating
Systems and Requirements for the Agent Browser" on page 21.
For a detailed review of the AEM infrastructure and security, refer to "Infrastructure and Security" on
page 23.
AEM Platforms
The Autotask Endpoint Management cloud application (AEM) is located on a number of platforms around the
globe. Each platform consists of a number of individual server instances that control different areas of the
product (Agent connectivity, Web Portal etc.). To achieve the fastest connection, your account will reside on
the platform that is geographically nearest to you, based on the location you specified when you signed up.
If you have accidentally selected a wrong location, contact your Account Manager for assistance to
have your account migrated to the correct platform.
Unified Login Server (ULS)
The AEM Unified Login Server (ULS) is a single sign-on server managing all AEM customers’ credentials,
allowing them to log in at one location and be directed to their specific platform. The login page address of the
AEM ULS is https://centrastage.net.
Current regions and platforms
When logging in through the single sign-on server, you will be directed to the platform where your account is
hosted. The name of the platform will be displayed in the first part of the URL once you have logged in.
For example, if your account is hosted on the Merlot (EMEA West 2) platform, the following URL will
be displayed once you have logged in through the single sign-on server: https://merlot.centrastage.net/csm/.
In addition to the ULS, all five platforms host their own login page. You can log in to your account using the correct direct login URL.
Region
Platform Name
Direct Platform Address
Direct Login Page
Europe (Dublin)
Pinotage
(EMEA West 1)
Merlot
(EMEA West 2)
https://pinotage.centrastage.net
https://merlot.centrastage.net
https://pinotage.centrastage.net/csm/login
https://merlot.centrastage.net/csm/login
US (Virginia,
Oregon)
Concord (US East)
Zinfandel
(US West)
https://concord.centrastage.net
https://zinfandel.centrastage.net
https://concord.centrastage.net/csm/login
https://zinfandel.centrastage.net/csm/login
Asia-Pacific
(Sydney)
Syrah (APAC)
https://syrah.centrastage.net
https://syrah.centrastage.net/csm/login
To connect to your platform, you must open your firewall for platform-specific IP Addresses. Some
firewalls, proxies or security appliances may require access to the URL of the service as well as the
IP address. For further information, refer to "Whitelisting Requirements for IP Addresses and URLs"
on page 12.
Whitelisting Requirements for IP Addresses and URLs
Administrator
To allow seamless connectivity to the Autotask Endpoint Management (AEM) Web Portal, the ComStore, and
between Agents, you must open TCP PORT 443 Outbound through your firewall.
If your company has a more aggressive security posture and port 443 is not open, you must whitelist a number
if IP addresses to allow AEM to make the required connections. The IP addresses you must whitelist are specific to your platform, and you only need to whitelist the ones associated with your platform. For information
about the platform your site is hosted on, refer to "AEM Platforms" on page 10.
Connecting to the AEM Web Portal
To ensure full connectivity to AEM, you will need to open TCP PORT 443 Outbound through your firewall to
the IP addresses and URLs associated with your platform.
IP addresses for each platform
EMEA West 1 (Pinotage)
EMEA West 2 (Merlot)
US East (Concord)
US West (Zinfandel)
APAC (Syrah)
54.77.247.84
54.194.25.164
52.5.251.79
54.201.211.18
54.79.25.73
54.77.108.71
54.194.54.213
52.6.151.191
54.213.57.149
54.79.44.13
54.77.69.163
54.194.245.26
52.7.200.96
54.201.174.248
54.206.73.160
54.154.123.55
54.194.70.100
52.4.97.130
54.201.158.254
54.206.60.138
54.154.110.191
54.194.17.228
54.88.94.23
54.201.148.211
54.79.20.109
54.154.110.190
54.194.42.15
54.172.198.183
54.200.154.205
54.252.198.125
54.154.16.237
54.194.217.74
54.88.212.141
54.213.162.73
54.206.10.157
54.154.76.59
54.194.87.166
54.164.96.143
54.201.132.105
54.206.12.124
54.171.166.217
54.194.59.222
54.165.85.82
54.201.16.209
54.206.20.221
54.77.122.85
54.194.73.199
54.165.240.214
54.191.61.99
54.206.24.91
54.194.81.165
54.173.70.131
54.191.117.5
54.79.4.211
54.194.153.16
54.186.19.220
54.194.242.0
54.186.13.123
54.194.218.239
54.194.100.128
54.194.50.12
URLs
In addition to IP addresses, some firewalls, proxies or security appliances may require access to the URL of
the service as well as the IP address.
If you are using a proxy or security appliance, ensure that the relevant URLs to your platform are whitelisted.
TCP
Port
Platform
URLs
Direction
EMEA West 1
(Pinotage)
Web Service: https://01ws.centrastage.net
Agent Updates: https://update.centrastage.net
Web Portal: https://pinotage.centrastage.net
Control Channel: 01cc.centrastage.net:443
Tunnel Server: ts.centrastage.net:443
Component Library: https://cpt.centrastage.net, https://cpt.centrastage.net.s3.amazonaws.com
HTTPS
/ 443
Outbound
EMEA West 2
(Merlot)
Agent Updates: https://update-merlot.centrastage.net
Web Portal: https://merlot.centrastage.net
Component Library: https://cpt-merlot.centrastage.net, https://cpt-merlot.centrastage.net.s3.amazonaws.com
HTTPS
/ 443
Outbound
US East (Concord)
Web Service: https://01concordws.centrastage.net
Agent Updates: https://update-concord.centrastage.net
Web Portal: https://concord.centrastage.net
Control Channel: concordcc.centrastage.net:443
Component Library: https://cpt-concord.centrastage.net, https://cpt-concord.centrastage.net.s3.amazonaws.com
HTTPS
/ 443
Outbound
US West (Zinfandel)
Agent Updates: https://update-zinfandel.centrastage.net
Web Portal: https://zinfandel.centrastage.net
Component Library: https://cpt-zinfandel.centrastage.net, https://cpt-zinfandel.centrastage.net.s3.amazonaws.com
HTTPS
/ 443
Outbound
APAC (Syrah)
Web Service: https://syrahws.centrastage.net
Agent Updates: https://update-syrah.centrastage.net
Web Portal: https://syrah.centrastage.net
Control Channel: syrahcc.centrastage.net:443
Component Library: https://cpt-syrah.centrastage.net, https://cpt-syrah.centrastage.net.s3.amazonaws.com
HTTPS
/ 443
Outbound
Connecting Agents through the Tunnel Server Grid
Unless a peer-to-peer connection can be established between devices, Agent to Agent connectivity and
remote takeover are managed by a tunnel server over an encrypted connection.
Tunnel servers are connection relays located around the globe to provide maximum coverage and the best performance depending on your location. They are automatically available to all users.
l
When a remote takeover session is initiated, the admin device queries DNS to find the nearest tunnel
server. The tunnel server is picked based on the proximity to the admin device.
l
Then a connection is made to a load-balanced tunnel server cluster.
l
Finally, a connection is established to the remote device.
To make the most of the tunnel server grid, please ensure that the IP addresses relevant to your geographic
location are open on your own and your endpoint's firewalls.
IP Addresses for the Tunnel Server Grid
EMEA
APAC (Sidney)
APAC (Singapore)
54.72.228.106
54.79.75.129 54.169.119.179 54.207.102.187
54.191.106.204 54.172.163.43
54.77.25.238
54.79.97.42
54.187.170.202 54.173.173.38
54.169.73.64
South America (Sao
Paulo)
54.207.105.254
US WEST (Oregon)
US EAST (Virginia)
54.76.210.230
54.77.1.79
54.77.29.239
54.93.70.139
NEW
54.93.63.109
NEW
This list will be updated as we add more tunnel servers to the grid.
Connecting to the Component Library (ComStore)
The component library is hosted on Amazon servers. EC2 stands for Elastic Computing Cloud. The IP
addresses are assigned when the Amazon EC2 instance is launched. To ensure a successful connection,
you must whitelist all IP address ranges that host components for your region.
Amazon AWS EC2 IP Address Ranges
EU (Ireland)
US East (Virginia)
Asia Pacific (Sydney)
79.125.0.0/17 (79.125.0.0 79.125.127.255)
72.44.32.0/19 (72.44.32.0 72.44.63.255)
54.252.0.0/16 (54.252.0.0 54.252.255.255)
46.51.128.0/18 (46.51.128.0 46.51.191.255)
67.202.0.0/18 (67.202.0.0 67.202.63.255)
54.253.0.0/16 (54.253.0.0 54.253.255.255)
46.51.192.0/20 (46.51.192.0 46.51.207.255)
75.101.128.0/17 (75.101.128.0 75.101.255.255)
54.206.0.0/16 (54.206.0.0 54.206.255.255)
46.137.0.0/17 (46.137.0.0 46.137.127.255)
174.129.0.0/16 (174.129.0.0 174.129.255.255)
54.79.0.0/16 (54.79.0.0 54.79.255.255)
46.137.128.0/18 (46.137.128.0 46.137.191.255)
204.236.192.0/18 (204.236.192.0 204.236.255.255)
54.66.0.0/16 (54.66.0.0 54.66.255.255) NEW
176.34.128.0/17 (176.34.128.0 176.34.255.255)
184.73.0.0/16 (184.73.0.0 184.73.255.255)
176.34.64.0/18 (176.34.64.0 176.34.127.255)
184.72.128.0/17 (184.72.128.0 184.72.255.255)
54.247.0.0/16 (54.247.0.0 54.247.255.255)
184.72.64.0/18 (184.72.64.0 184.72.127.255)
54.246.0.0/16 (54.246.0.0 54.246.255.255)
50.16.0.0/15 (50.16.0.0 50.17.255.255)
54.228.0.0/16 (54.228.0.0 54.228.255.255)
50.19.0.0/16 (50.19.0.0 50.19.255.255)
54.216.0.0/15 (54.216.0.0 54.217.255.255)
107.20.0.0/14 (107.20.0.0 107.23.255.255)
54.229.0.0/16 (54.229.0.0 54.229.255.255)
23.20.0.0/14 (23.20.0.0 23.23.255.255)
54.220.0.0/16 (54.220.0.0 54.220.255.255)
54.242.0.0/15 (54.242.0.0 54.243.255.255)
54.194.0.0/15 (54.194.0.0 54.195.255.255)
54.234.0.0/15 (54.234.0.0 54.235.255.255)
54.72.0.0/14 (54.72.0.0 54.75.255.255)
54.236.0.0/15 (54.236.0.0 54.237.255.255)
54.76.0.0/15 (54.76.0.0 54.77.255.255)
54.224.0.0/15 (54.224.0.0 54.225.255.255)
EU (Ireland)
US East (Virginia)
54.78.0.0/16 (54.78.0.0 54.78.255.255)
54.226.0.0/15 (54.226.0.0 54.227.255.255)
54.74.0.0/15 (54.74.0.0 54.75.255.255) NEW
54.208.0.0/15 (54.208.0.0 54.209.255.255)
185.48.120.0/22 (185.48.120.0 185.48.123.255) NEW
54.210.0.0/15 (54.210.0.0 54.211.255.255)
54.170.0.0/15 (54.170.0.0 54.171.255.255) NEW
54.221.0.0/16 (54.221.0.0 54.221.255.255)
87.238.80.0/21 NEW
54.204.0.0/15 (54.204.0.0 54.205.255.255)
79.125.0.0/17 NEW
79.125.0.0/17 NEW
54.78.0.0/16 NEW
54.78.0.0/16 NEW
54.76.0.0/15 NEW
54.76.0.0/15 NEW
54.74.0.0/15 NEW
54.74.0.0/15 NEW
54.72.0.0/15 NEW
54.72.0.0/15 NEW
54.247.0.0/16 NEW
54.196.0.0/15 (54.196.0.0 54.197.255.255)
54.198.0.0/16 (54.198.0.0 54.198.255.255)
54.80.0.0/13 (54.80.0.0 54.87.255.255)
54.88.0.0/14 (54.88.0.0 54.91.255.255) NEW
54.92.0.0/16 (54.92.0.0 54.92.255.255) NEW
54.92.128.0/17 (54.92.128.0 54.92.255.255) NEW
54.160.0.0/13 (54.160.0.0 54.167.255.255) NEW
54.247.0.0/16 NEW
54.246.0.0/16 NEW
54.172.0.0/15 (54.172.0.0 54.173.255.255) NEW
54.246.0.0/16 NEW
54.240.220.0/22 NEW
54.240.197.0/24 NEW
54.239.99.0/24 NEW
54.239.32.0/21 NEW
EU (Ireland)
US East (Virginia)
54.231.128.0/19 NEW
54.229.0.0/16 NEW
54.229.0.0/16 NEW
54.228.16.0/26 NEW
54.228.0.0/16 NEW
54.228.0.0/16 NEW
54.220.0.0/16 NEW
54.220.0.0/16 NEW
54.216.0.0/15 NEW
54.216.0.0/15 NEW
54.194.0.0/15 NEW
54.194.0.0/15 NEW
54.170.0.0/15 NEW
54.170.0.0/15 NEW
54.155.0.0/16 NEW
54.155.0.0/16 NEW
54.154.0.0/16 NEW
54.154.0.0/16 NEW
46.51.192.0/20 NEW
46.51.192.0/20 NEW
46.51.128.0/18 NEW
46.51.128.0/18 NEW
46.137.128.0/18 NEW
46.137.128.0/18 NEW
46.137.0.0/17 NEW
46.137.0.0/17 NEW
EU (Ireland)
US East (Virginia)
185.48.120.0/22 NEW
185.48.120.0/22 NEW
178.236.0.0/20 NEW
176.34.64.0/18 NEW
176.34.64.0/18 NEW
176.34.159.192/26 NEW
176.34.128.0/17 NEW
176.34.128.0/17 NEW
176.32.104.0/21 NEW
Supported Operating Systems and Requirements for the
Agent Browser
Operating Systems
The Autotask Endpoint Management (AEM) Agent can be installed on a wide range of operating systems that
are outlined below.
Operating System / Device
Version
Windows
• Windows XP SP2 (Home, Professional, Professional x64, Tablet PC, Media
Center, Starter editions)
• Windows Vista 32/64-bit (Starter, Home Basic & Premium, Business, Enterprise, Ultimate editions)
• Windows Server 2003 & R2 32/64-bit (Web, Standard, Enterprise, Datacenter, Small Business, Home Server editions)
• Windows 7 (32/64-bit)
• Windows 8/8.1 (32/64-bit)
• Windows 2008 & R2 32/64-bit (Standard, Enterprise, Datacenter, Web,
Small Business)
• Windows Server 2012 (64-bit) & Windows Server 2012 R2
Apple Macintosh
• Intel based Mac OS X 10.6.x and later
Linux*
• Fedora 19, 20, 21
• Debian 7, 8
• CentOS 6, 7
• Ubuntu 12, 13, 14, 15
Smartphones and Tablets
• iOS 7 and later
• Android 2.3.3 and later
*The Agent may work with any Debian-based distribution but support is only provided for the ones listed.
Detailed Windows requirements
AEM runs as a .Net service and needs Windows Installer 3.1 and .Net Framework 2.0 to install and run.
Windows Installer 3.1 is part of the standard MS Windows Update and should be present on all devices. If it is
not, it can be downloaded from Microsoft.
If Microsoft .Net 2.0 is not installed on the device, the Agent installer will automatically download and install it.
It can also be downloaded manually from Microsoft. For further information on .Net Framework versions, refer
to .NET Framework Versions and Dependencies.
.NET Framework on Windows 8 or Windows Server 2012
In order to install AEM, you'll need to enable .NET Framework 3.5.1 (it includes .NET 2.0 and 3.0). You can
enable it by following the paths below.
l
Windows 8
Go to Control Panel > Programs & Features > Turn Windows features on or off.
This can also be enabled via the following command line:
dism.exe /online /enable-feature /featurename:NetFX3
l
Windows Server 2012
Go to Server Manager > Roles and Features > Add Roles > Features.
This can also be enabled via the following command lines:
dism.exe /online /enable-feature /featurename:NetFX3ServerFeatures
dism.exe /online /enable-feature /featurename:NetFX3
Infrastructure and Security
Autotask Endpoint Management (AEM) enables IT support organizations to monitor and manage multiple
remote computers over any network, bringing visibility and control to the service provider. The solution has
been built for organizations supporting IT over public networks, so careful consideration has been given to the
infrastructure and security of the product.
Platform Infrastructure
AEM operates on multiple resilient, high-availability, scaling platforms hosted within Amazon Web Services
(AWS). These Platforms exist and span a number of different AWS Regions to provide increased performance for customers around the globe. At present the core platforms are hosted in the EU-WEST-1 (Ireland), US-WEST-2 (Oregon), US-EAST-1 (Virginia) and AP-SOUTHEAST-2 (Sydney) regions, with additional
servers in AP-SOUTHEAST-1.
All communication that needs to travel between AWS Regions is performed via secure SSH Tunnels or
HTTPS connections.
To help to achieve the required levels of resilience and scalability, AEM servers are separated into three customer facing services. The services are separated as follows:
l
l
l
AEM Server Manager (CSM) - The web management portal
Control Channel (CC) – A permanent connection established with all connected devices to facilitate
low latency event and command communication
Web Service (WS) – A stateless Web Service for Agent to Platform communication
Availability Zones
Within each AWS Region there exist two or more Availability Zones. These zones are distinct locations within
a region that are engineered to be isolated from failures in each other, while still providing high performance,
low latency inter-AZ connectivity. By hosting across multiple Availability Zones, AEM is able to ensure that a
failure in a single Data Center does not affect the availability of a platform.
Load Balancing
All of the core platform services (CSM, CC, WS) exist as multiple servers within AWS and are themselves
only accessible through dedicated Load Balancers. For the CSM, this load balancing is provided via the use of
the Amazon Elastic Load Balancer service, whilst the CC and WS servers use dedicated Load Balancing
instances. By spreading these load balancers across multiple availability zones and using DNS Round-Robin,
we are able to ensure high availability, scalability and performance of the platform. Servers can be commissioned and decommissioned as required with no impact to the service itself.
Server Instances
AEM uses Ubuntu for the base operating system of the server instances, hosted within AWS Elastic Compute Cloud (EC2). The version used has been specifically prepared and hardened for use in AWS by Canonical Ltd, the provider of the Ubuntu platform. Server instances are launched from prebuilt and tested machine
images to ensure 100% consistency. These machine images are backed up to the AWS Simple Storage Service (S3) which has 99.999999999% (11 9’s) durability. Servers are stateless in that they do not store any persistent data allowing them to be replaced on demand, negating the need for individual server backups, and
ensuring that the failure of a server does not result in a loss of customer data.
File Storage
All components uploaded to the AEM platform are uploaded to buckets within S3. This ensures durability of
data, and also provides a highly available mechanism to securely serve these files back to devices across the
globe as required. By using S3 we ensure that components can be instantly provisioned to any number of
devices over a high bandwidth connection, not tied to a static number of background instances.
Firewalls
AWS EC2 instances are, by default, closed for ingress via the use of configurable security groups. By default,
AEM core servers are only accessible via dedicated Load Balancer or SSH Tunnel instances, which exist in
separate security groups. This means that access to these instances is either via 443 for HTTPS or secure
TCP traffic from Load Balancers, or via SSH Tunnel on port 22 through a dedicated SSH Instance. Any servers which do not require external connections are therefore locked down and accessible only on port 22 via
first connecting to a controlled SSH Instance.
This “Security Group” concept extends to Amazon's Relational Database Service (RDS), and means that the
Databases that back the platforms are not externally accessible, and instead only open to connections from
specific Security Groups.
Auto Scaling
In times of high load, AEM servers can auto scale, adding additional server resource automatically to areas of
the system that are most heavily utilized. Additional servers can be automatically brought online and added to
the load balancer as required. Conversely, auto scaling can remove excess processing in times of minimal
load. Additional server instances are can be provisioned in under 60 seconds, and ensure a consistent level of
service for users despite platform load.
Database
AEM is underpinned by a high availability, relational database service (RDS) for MySQL, which is distributed
across two availability zones in a Master-Slave arrangement. In the unlikely event of a database failure, AEM
will automatically fail over to the slaved database in the other availability zone within a matter of minutes.
RDS automatically patches the database software and backs up the database, storing the backups for a userdefined retention period and enabling point-in-time recovery.
Data Protection
We work hard to ensure the security and protection of any data stored on the AEM platform. For sensitive
information, in addition to access controls and platform penetration testing, this also includes encryption using
the AES/CBC/PKCS5Padding Cipher before it is transferred to the AEM Database.
Customers should also be aware that data is never stored outside of the platform region that they select when
signing up for the service. For customers on our EU platforms this means all data is stored in Ireland, for customers on US Platforms this currently means all data is stored in Virginia or Oregon, and for customers in
APAC this means all data is stored in Sydney. Where new platforms are added in the future, the location of
the corresponding data center will be announced to allow customers to make appropriate decisions when
reviewing concerns such as the Data Protection Directive.
Platform Monitoring
AEM uses a number of services in order to provide effective monitoring of platform health and metrics. In addition to the instance monitoring services provided by AWS CloudWatch, core platform services are monitored
for health and throughput via both custom metrics pushed to CloudWatch, the NewRelic Application and
Server Monitoring Service, and Graphite in combination with custom metric gathering code deployed to each
server.
NewRelic and our own custom metrics provide us with near real time feedback on platform load, allowing the
system to scale on demand when required and alerting us to potential problems or service outages. 24/7
response is ensured through the use of PagerDuty and a robust and well practiced escalation procedure within
AEM.
By monitoring the platforms in this fashion, and coupled with the log aggregation services currently being
deployed across the estate, AEM is moving towards being able identify, pinpoint and resolve potential customer issues before they become apparent to the end user, with both predefined intelligence and exception
based alerting.
Platform Status
Current platform status, health and issues are pro-actively reported to end users via a comprehensive Status
Page at http://www.autotaskstatus.net/. Not only does this give users a way of being alerted to potential platform issues and notification of upcoming planned maintenance, but it also provides a complete history of
issues that have affected the platform, giving new and existing customers insights into platform stability and
response times.
Platform Stability
AEM performs regular stability testing on the platform, using automated tools to terminate core servers and
ensure the platform is able to both continue functioning, and gracefully recover the affected services without
the need for manual intervention.
Through this kind of testing we can ensure that not only has the platform itself been effectively engineered to
ensure resilience and high availability, but that in the event of an unexpected issue, all the core staff within
AEM are able to execute a well-practiced response.
Global Relay Servers
Despite platforms themselves being located in specific regions, all inter-Agent connectivity takes advantage
of a network of Tunnel Servers, with the Agents intelligently selecting their closest and healthiest server
through which to establish a connection.
Customers who do not wish to utilize this network can select a specific server to use, with IP Addresses of
those, and the other endpoints. For further information, refer to "Whitelisting Requirements for IP Addresses
and URLs" on page 12.
AEM AWS Architecture
Figure - AEM Platform Infrastructure – This is a high level diagram and may not represent the full set of services and servers.
Product Security
AEM Server Manager Security
Encryption
AES-256, 256 Bit keys. The connection supports TLS 1.0/1.1/1.2
Passwords
Strong passwords required – Min 8 characters.
Password
Expiry
Optional password expiration every 30/60/90 days.
Authentication RADIUS server integration can be enabled together with single sign on and one time passwords, or SecurID tokens.
Accounting
Session activity logged to system level log files and audit trail database.
When logging into the AEM Server Manager Website, customers can choose to enable a Two-Factor
Authentication mechanism based around the use of Time-Based One-Time Passwords (TOTP - http://tools.ietf.org/html/rfc6238). This allows any user with a smartphone the ability to use that device as a second step in
the authentication process, requiring them to provide a Username, Password, and token generated on their
phone to log into the website.
By enabling TOTP across all users in their account, customers can ensure that a compromised password
doesn’t lead to a third party being able to access the CSM.
AEM Agent Security
Encryption (Agent to server)
TLS 1.0
Encryption (Agent to Connection Broker)
3DES in CBC mode.
Protocol
HTTPS / TCP 443
Stateful Packet Inspection
It is strongly recommended that any Stateful Packet Inspection be turned off for access to any
centrastage.net address, and that all attempts possible are made to guarantee that TCP connections to the
cc.centrastage.net addresses are not terminated in cases of inactivity (These connections may be inactive for
up to 180 seconds at a time if no client activity is detected).
Platform Infrastructure Security
AEM runs on a hardened Ubuntu Linux platform, with all instances launched from a patched and maintained
Elastic Block Storage (EBS) image, based on an original provided by Canonical Ltd. All instances exist for a
maximum of one release cycle before being terminated and replaced by a newly instantiated server. This
ensures consistency across all servers in the AEM platform, and provides a base level of Security without the
need to worry about missing critical patches or configuration for each server.
AWS Console Access
Each AEM Platform is hosted within a separate AWS Account, with no shared access. Administration of the
services provided by AWS (EC2, RDS, S3, etc.) is performed through the use of both the AWS Console and
the AWS API Services for programmatic access.
Only essential staff within AEM has access to these services, with access configured on a per platform basis
through the use of AWS Identity and Access Management. All logins to the console are required to have a
secure password of at least 12 characters and high complexity in addition to the use of TOTPs. Programmatic
access to the AWS API is controlled through Secure Keys and Secrets issued via the IAM interface.
Each user, and by extension each Secure Access Key, has their rights and permissions tailored to their role or
intended usage. This ensures that should a single access key be compromised, its access is restricted to specific areas of functionality, it cannot be used to “mint” more access keys, and it can be easily revoked and
replaced.
Instance Access
There exists a single instance within the Pinotage platform which is externally accessible over a port other
than 443. This instance is the SSH Instance, and can be accessed via a secure SSH connection on port 22,
authenticated only through the use of one of a small number of Private Keys. This ensures that access to the
platforms can be tightly controlled and logged. Access to further AWS Instances is then available through this
dedicated SSH instance, via the use of additional Private Keys.
Since the database is not externally accessible, it too must be accessed through this dedicated SSH
instance, via the use of a secure SSH Tunnel.
Penetration Testing
The AEM platform undergoes periodic Penetration Testing via external approved companies. In addition to
this, the platform is also regularly tested for vulnerabilities via the use of automated tools such as Tenable
Nessus.
Not only is the platform itself probed for vulnerabilities, but the Web Interface and Web Services are regularly
tested. This testing focuses on ensuring that not only are accounts secure from unauthorized access, but that
the Web Interface is hardened against XSS or CSRF attacks, username enumeration, file upload vulnerabilities, and more.
Instance Monitoring
Where previously all instances were periodically logging to S3, with the SSH Instance logs regularly
reviewed, AEM is now moving to a centralized log aggregation system called Loggly. This system ensures
that all system and application logs can be monitored and reviewed in real time, providing instant alerting of
issues or unauthorized access attempts to a system. This centralization not only provides increased security,
but also visibility of potential application issues before they become a problem.
ISO27001/ISO9001
As a result of the above processes, and a commitment to best practice moving forwards, AEM has been awarded ISO27001 accreditation for Information Security and ISO9001 accreditation for Quality Management. This
provides an assurance that we follow a structured process of continuous, customer focused, improvement
when addressing issues with and improving processes and systems.
Hosting Security
A brief outline of AWS Security and Compliance information is provided below but for a full overview please
visit https://aws.amazon.com/security/.
Physical Security
AWS data centers are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of
two times to access data center floors.
All visitors and contractors are required to present identification and are signed in and continually escorted by
authorized staff.
Our hosting center only provides data center access and information to employees and contractors who have
a legitimate business need for such privileges. When an employee no longer has a business need for these
privileges, his or her access is immediately revoked, even if they continue to be an employee of the hosting
center. All physical access to data centers by employees is logged and audited routinely.
Control Environment
Our hosting center manages a comprehensive control environment that includes the necessary policies, processes and control activities for the delivery of each of the AEM service offerings.
The collective control environment encompasses the people, processes, and technology necessary to maintain an environment that supports the effectiveness of specific controls and the control frameworks for which
the hosting center is certified and/or compliant.
Our hosting service is compliant with various certifications and third-party attestations. These include:
l
l
l
l
SAS70 Type II. This report includes detailed controls the hosting service operates along with an independent auditor opinion about the effective operation of those controls.
PCI DSS Level 1. The hosting service has been independently validated to comply with the PCI Data
Security Standard as a shared host service provider.
ISO 27001. The hosting service has achieved ISO 27001 certification of the Information Security Management System (ISMS) covering infrastructure, data centers, and services.
FISMA. The hosting service enables government agency customers to achieve and sustain compliance with the Federal Information Security Management Act (FISMA). The hosting service has been
awarded an approval to operate at the FISMA-Low level. It has also completed the control implementation and successfully passed the independent security testing and evaluation required to operate
at the FISMA-Moderate level.
Environmental Safeguards
The hosted data centers are state of the art, utilizing innovative architectural and engineering approaches.
Fire Detection and Suppression
Automatic fire detection and suppression equipment has been installed to reduce risk. The fire detection system utilizes smoke detection sensors in all data center environments, mechanical and electrical infrastructure
spaces, chiller rooms and generator equipment rooms. These areas are protected by either wet-pipe, doubleinterlocked pre-action, or gaseous sprinkler systems.
Power
The data center electrical power systems are designed to be fully redundant and maintainable without impact
to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide
back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centers
use generators to provide back-up power for the entire facility.
Climate and Temperature
Climate control is required to maintain a constant operating temperature for servers and other hardware, which
prevents overheating and reduces the possibility of service outages. Data centers are conditioned to maintain
atmospheric conditions at optimal levels. Personnel and systems monitor and control temperature and humidity at appropriate levels.
Set Up Autotask Endpoint Management
Administrator
In this section, we document the steps that you should complete before you add any data (profiles and
devices) to your AEM account.
Step 1 - Review the AEM Infrastructure and Requirements
Before you begin with the configuration of your Endpoint Management site, you should make sure that you are
hosted on the right platform, whitelist a number of IP addresses and URLs, and learn about supported operating systems and requirements for the Agent browser. Refer to "Infrastructure and Requirements" on page 9.
Step 2 - Your User Account
Security is important, especially if you are the person who created your company's AEM account. We recommend that you review your own user account before you permit others to access AEM. Refer to "Your User
Account" on page 33.
Step 3 - Licensing and Billing
Billing is based on the number of Agents you have licensed. The next step should be to review "Licensing and
Billing" on page 36.
Step 4 - Branding
Optionally, you can add your own logo to your Web Portal, and change the default colors to your company colors. To learn more about this, refer to "Branding" on page 40.
Step 5 - Roles
By default, the Account Admin role is assigned to the user who registers the AEM account and it is the only
role available to assign to new users until other roles are created. Most likely, not everybody in your company
should have full access to everything in AEM. In this step, you will configure additional roles to assign to
users. Refer to "Roles" on page 43.
Step 6 - Users
Now you are ready to create user accounts for other people in your organization. Refer to "Users" on page 48.
Step 7 - Account Settings
You have a lot of control about the global settings for your site. At a minimum, you need to review the Account
> Settings page to see what is possible. Refer to "Account Settings" on page 67.
Step 8 - Configure Integrations
If you are also a customer of Autotask PSA and would like to integrate it with AEM, you must configure the
integration. Refer to this topic to learn the required steps in both PSA and AEM: "Integrate with Autotask
PSA" on page 95.
To learn about other integrations, refer to "Configuring Third Party Integrations" on page 91.
Your User Account
All users with permission to navigate to Account > Details
Account > Details
Users with permission to access the Account > Details tab can view, or view and manage their own user
account.
These permissions are determined by roles. Refer to "Roles" on page 43.
How to...
Edit your user details
If your role permissions include the ability to manage your user account, you can change the values in the following fields:
Name
Description
Account/Company
This is the name of your organization as set up when you registered. Note that anyone with
permission to manage Account > Details will be able to edit this name.
Username
The string you use to log into AEM. Once created, it cannot be edited.
First name, Last
name
Your first and last name.
Emails
Your email address.
Billing Email
The email address of the user to whom you want us to send your invoices.
VAT Number
Enter the VAT Number or Tax ID of your company here.
Address Line 1 /
Address Line 2
Enter your street address.
City/Town
Enter the name of the city or town.
County/State
Enter a county or state.
Postal Code
Enter your zip code or postal code.
Country
Enter the official name of your country.
Telephone
Enter your phone number, including your extension, if applicable.
Time Zone
Select the correct time zone for your location. Times and dates will be recorded and displayed using this time zone. The time zone selected will determine when scheduled jobs
and patch management policies will run.
Enable or disable two-factor authentication
Two-factor Authentication (2FA) can be required at the system level, or enabled by an individual user for themselves. If 2FA is required, all users will be forced to enable 2FA for their respective logins. The process is the
same either way.
Refer to "Two-Factor Authentication" on page 60.
Change your password
If you have Manage permissions, you can proactively change your password on the Account > Details tab.
Refer to "Change your own password" on page 57.
Change the language of the AEM interface
You can change the display language of Autotask Endpoint Management to one of the following languages:
l
German
l
Spanish
l
Hungarian
l
French
l
Italian
l
Portuguese
l
Swedish
When you select the desired language from the Language drop-down, the screen will be refreshed and displayed in the selected language.
Change your default role
AEM users can be associated with more than one role, but when you log in, your default role will be used.
To change your default role, click the Default role drop-down and select a different role.
Licensing and Billing
Role that includes access to Account > Packages
Account > Packages
On the Account > Packages page, you can review the details of your Autotask Endpoint Management (AEM)
account and access the Billing Portal to pay your invoices.
You will see the following information:
Field
Description
Package Details
Account
Name
This is the name of the company Autotask is billing
for Endpoint Management.
Account UID
The unique ID of your Endpoint Management site.
Package
Indicates whether you are billed annually or
monthly.
Managed
Devices
(Request
Subscription
Increase)
The number of managed devices used of your
device limit. For more information, see "Increase
your device limit" on page 39.
Click the Request Subscription Increase link to
increase the number of devices. A member of our
Sales team will contact you shortly.
OnDemand
Devices
The number of OnDemand devices used. For more
information, see "Increase your device limit" on
page 39.
Extensions
Additional product features that are enabled for
your account, such as Branding or Patch Policies.
Billing Portal
View and
Pay Your
Invoices
Click this link to open the Autotask billing portal.
Refer to "View and pay your invoices" on page 37.
CentraStage Invoices (Deprecated)
CentraStage
Invoices
Old invoices will still be available to view in the
existing billing portal. New invoices and your
account balance at the point of transition will be
available in the Autotask Billing Portal and can be
paid there.
Terms and
Conditions
Clicking the link will open the Autotask Master Services Agreement.
You can find the VAT number for your account and the billing email on the Account > Details tab.
How to...
View and pay your invoices
1. Log into the Web Portal.
2. Navigate to Accounts > Packages.
3. In the Billing Portal section, click View and Pay Your Invoices.
The Autotask Billing Portal will open.
4. Review your account information to make sure it is correct. You can update billing details on the
Account > Details tab. Refer to "Edit your user details" on page 33.
Changes may take up to 72 hours to apply.
5. If you have not yet configured a payment method, click Set Payment Method.
The Payment Configuration window will open.
6. Enter the required information and click Save Settings.
7. Optionally, you can check Enroll in Autopay in the Autotask Billing Portal window. When Autopay
is selected, your invoice will automatically be paid in full on the due date, using the credit card information you entered in the previous step.
Invoices are listed below the account and payment information. The invoice status can be Awaiting
(that is, unpaid) or Paid.
8. To view an invoice, click View PDF.
9. To pay your invoice, click Pay Now.
10. In the Confirmation window, click Submit Payment. The status of the invoice is updated to Paid.
Invoices issued prior to June 29, 2015 can still be viewed but cannot be paid here.
If you have additional questions about the invoicing process or an invoice, please contact the Autotask
Accounts Receivable team.
Increase your device limit
All accounts in AEM have a device limit. This limit is generally the number you set up when you sign up for an
account. You can check the number of used and available Managed and OnDemand licenses by logging into
the Web Portal and navigating to Account > Packages.
When your account reaches its device limit, the AEM Web Portal will alert you with a banner at the top of the
Web Portal.
AEM has a 10% buffer to ensure that you don't lose connectivity to your devices when your account has
reached its limit, but any new devices added above that buffer will not connect to the AEM platform.
To increase your device limit:
1. Click the Request Subscription Increase link.
2. A member of our Sales team will contact you shortly.
Branding
Role that includes access to Account > Branding
Account > Branding
RebrandingBranding is an extension to the Autotask Endpoint Management application. Downloading the
extension lets you apply your company brand to the Web Portal, the Agent browser and reports.
Users with role permissions that include access to the Account > Branding tab can customize the color
scheme of the Web Portal and a number of Agent settings.
How to...
Add custom branding to your account
1. Navigate to Account > Branding.
2. To edit the logos or color scheme of the Web Portal, click Edit on the CSM Branding header.
3. Modify the following settings:
Setting
Description
Custom CSM
Logo
This is the logo that is displayed in the top left corner of the Web Portal. To keep the
aspect ratio of your logo, you should not exceed a size of 260 pixels wide by 35 pixels
high.
Setting
Description
Custom
Report Logo
This is the logo that is displayed at the top of Endpoint Management reports. To keep the
aspect ratio of your logo, you should not exceed a size of 758 pixels wide by 130 pixels
high.
CSM Header
colour
Select the color of the page header in Hex value.
CSM Menu
colour 1
Select the color of the top navigation menu background in Hex value.
CSM Menu
colour 2
Select the color of the top navigation tabs in Hex value.
4. To keep your changes, click Update.
To restore the factory defaults, click Restore Defaults.
To cancel without saving any changes, click Cancel.
5. To edit the logos used for the Agent and some labels in the Agent browser, click Edit on the CAG
Branding header.
6. Modify the following settings:
Setting
Description
Company Name
Appears under the About section in the Agent browser (either right-click on the
Agent > About or open the Agent browser > Help > About.)
Product Name
This is the label for the Agent browser icon in the system tray.
Primary Text
Specify the text that will be displayed on the Managed Agent login screen. The current text is shown to the right.
OnDemand Text
Specify the text that will be displayed on the OnDemand Agent login screen. The
current text is shown to the right.
Company URL
Specify the URL that will be used by the Agent.
Company Support
URL
Specify the Company Support URL that will be used by the Agent.
Primary Logo
Select the primary logo for the Agent browser (176x176, PNG file).
Icons
Select the icons that will be used to represent the status of the device in the system
tray. Icons must be 16 x 16 pixels in ICO format only. If you use the Mac Agent, ICO
files with the dimensions of 48 x 48 are required.
7. To keep your changes, click Save.
To restore the factory defaults, click Restore Defaults.
To cancel without saving any changes, click Cancel.
8. Once your changes have been saved, click on Push Changes so that they can be applied.
Remove the RebrandingBranding extension
To remove the rebranding extension, simply delete it from the Extensions category in your Component
Library.
Roles
Administrator
Account > Roles
Roles allow you to specify and limit the access users have when logged into the Autotask Endpoint Management (AEM) Agent Browser and Web Portal. Users can have more than one role, and change them as
needed without having to log out. Roles can be added, edited or deleted only in the AEM Web Portal.
Changing roles is possible both in the Agent Browser and the Web Portal.
To be able to add, edit or delete a role in the Web Portal, you need to have Account Admin access. For
further information, refer to "Users" on page 48.
By default, the Account Admin role is assigned to the user who registers the AEM account and it is the only
role available to assign to new users until other roles are created. The Account Admin role is a built-in role that
cannot be modified or edited in any way. Users who have this role assigned have full and unlimited access to
all AEM functionality, and can see and connect to all devices in the AEM account.
How to...
Add a role
1. In the Web Portal, click on the Account tab.
2. Click Roles.
3. Click Add Role.
4. If you would like to copy an already existing role to use it as a template, you can choose it from the
Based On drop-down list on the next page. Otherwise, select New Role.
5. Give the role a name and a description.
6. Select the options applicable to the new role on the Role Details page. Expand each field.
Field
Definition
Device visibility
Controls which devices the role has access to. Turn on the options to include
specific profiles or groups.
Permissions
Turn on permissions for each area of the Web Portal (such as system, profiles, components, etc.), then check Disabled, View or Manage for each separate view.
Agent Browser Tools
The Agent Browser Tools control the access to each of the functions available within the AEM Agent. Disabling any of the functions will result in the feature appearing as inactive to the user on the Agent Browser.
Membership
Defines which users belong to this role.
7. Click Apply and Save Changes to finish creating the role.
This video tutorial demonstrates how to create a role for technical support engineers allowing them to
use only the remote takeover functionality in the Agent Browser and access to the Web Portal.
Edit a role
2. Click Roles.
3. Click on the name of the role you wish to edit.
4. Edit the Role Details.
5. Click Apply and Save Changes.
Delete a role
2. Click Roles.
3. Hover over the name of the role you wish to delete.
4. Click Delete this role.
5. Confirm role deletion. If the role you are deleting is linked to any existing jobs or policy targets, it will
need to be replaced with another of the available roles.
While you can replace the role used in existing jobs or policy targets, be aware that it is possible to delete the only role associated with a user.
6. Click Delete.
Change your role
Users who have more than one role assigned can change their role on the fly in both the AEM Agent and the
web browser.
Agent
1. On the local device where AEM is installed, right-click on the AEM Agent icon in the system tray and
click Open.
2. Log in with your username and password.
3. Click on the first menu option in the top left corner.
4. Hover over Roles and select the required role from the list.
5. You will be logged out of the Agent automatically.
6. Log back in to be able to use the selected role.
Web Portal
1. In the top right corner, click on your current role to see a list of available roles.
2. Select the required role.
3. The page will automatically refresh and the selected role will be applied.
Users
All users with permission to navigate to Account > Users
Account > Users
Users in Autotask Endpoint Management (AEM) are individuals set up with a user account. You add and manage users and review the user activity log on the Account > Users tab.
On this tab, you can toggle between two views:
l
l
The Users view displays a list of all users that have been set up in your AEM system. Here, you add
and manage users.
The Activity view is a log of all user activity performed in both the Web Portal and Agent Browser. You
can view, filter, search and export the log or parts of it. Refer to User Activity.
By default, the Users view is displayed.
Manage Users
When the Users view is displayed, you can
Review your list of users
The user list will show up to 100 records on a page. The following columns are displayed:
Name
Description
Selection
check box
Click the check box in the header row to select all rows, or click one or more rows to perform an
action.
Username
Clicking the Username hyperlink will open the User Details window in Edit mode. Refer to "Edit a
user" on page 49.
Name
Fist and last name of the user.
Roles
Lists all roles that are associated with this user.
Name
Description
Security
Level
Determines which components can be accessed by users with this role. Select a number between
2 (Low) and 5 (Super). Refer to Components and ComStore.
Account
Admin
A toggle that will instantly add or remove the Account Admin role for the user. Refer to "Roles" on
page 43.
Search for a specific user
1. In the Search field, enter part of a Username or Name.
As you type, the search results are narrowed to match your search string.
2. To display the full list, delete the search criteria.
Add a user
1. Click Add User.
2. Fill in all the fields.
Field
What to Enter
Username
Enter a unique username, such as [email protected].
Note that the username must be unique not only on your platform but across all
platforms. Best practice is to use an email address.
Password
In order to create a strong password, it has to be at least 8 characters long,
with at least one uppercase and one lowercase letter, at least one digit and at
least one of the following special characters:* @ # $ ! £ %
Email
Enter the user's email address.
First name, Last name
Enter the user's first and last name.
Security Level
Determines which components can be accessed by users with this role. Select
a number between 2 (Low) and 5 (Super). Refer to Components and
ComStore.
Roles
Select the user's default role by clicking on the radio button. The default role
will automatically be assigned to them when they log in to the Web Portal.
You may assign a user more than one role by selecting the check box next to
another role. This will allow them to switch between roles in the Agent's menu
options or within the Web Portal using the role drop-down menu next to their
username. For more information on managing roles and how to add new ones,
refer to "Roles" on page 43.
3. Click Create to create the user, or click Cancel.
Edit a user
1. Click on the Username of the user you wish to edit. The User Details page will open.
2. Edit the User Details. For field descriptions, refer to "Add a user" on page 49.
3. To assign a new password, you can simply enter one into the Password field, or click the Generate
random link. The new password is not automatically sent, so you should copy the password and email
it to the user.
4. To inactivate the user, uncheck the Enabled check box.
5. Click Update to save the changes.
Disable or enable a user
You have two options to disable or enable a user. Follow the steps of the first method below:
1. Click on the Account tab.
2. Click Users.
3. Select the user(s) in question and click the Toggle disable/enable user icon from the Action bar.
4. Confirm whether you want to disable / enable the user(s).
5. In case you have just disabled the user, note the disabled icon displayed next to the user's name.
You may also disable or enable a user by following these steps:
2. Click Users.
3. Click on the name of the user you wish to edit.
4. Uncheck or select Enabled in the User Details window.
5. Click Update.
Delete a user
It is possible to delete a user in AEM, however, it is best practice to disable rather than delete a user
to keep the integrity of data. Once a user is deleted, all their associations will be deleted and the activity record will show that their actions had been carried out by a deleted user.
In order to delete a user, follow these steps:
2. Click Users.
3. Select the user(s) in question and click the Delete user icon from the Action bar.
4. Confirm whether you want to delete the user(s).
Manage Passwords
Autotask Endpoint Management (AEM) allows for managing your own and other users' passwords in a few
easy steps.
Strong Password Requirements
Make sure to create a strong password that meets the below requirements:
l
At least 8 characters long
l
Contains at least one uppercase and one lowercase letter
l
Contains at least one digit
l
Contains at least one of the following special characters: * @ # $ ! £ %
The text in the password entry box will be displayed in red if it does not meet the strong password
requirements. Once the password meets all the requirements, its color will change to black.
How to...
Reset your password in the Web Portal
Any user
AEM login page
If you have forgotten your password, you can reset it by following these steps:
1. Open the AEM login page.
2. Click I forgot my details.
3. Enter your username and email address to begin the password reset process.
4. Click Reset Password.
5. A password reset link will be generated and emailed to your email address. Click the link in the email.
The password reset link automatically expires in one hour after receiving it.
6. Create a new password and click on Change Password. Make sure that your new password meets
the strong password requirements - refer to "Strong Password Requirements" on page 53.
7. Once the password has been changed successfully, log in to your account with your new password.
Reset your password in the Agent Browser
Any user
AEM Agent Browser
If you have forgotten your password, you can reset it by following these steps:
1. Open the AEM Agent Browser.
2. Click Forgotten your password?.
3. Enter your username, if you remember it, and email address to begin the password reset process. If
you can't remember your username, enter your email address and click Send me my details.
4. If you entered your username in step 3, skip steps 5-7 and go to step 8.
5. If you didn't enter a username in step 3, you will receive an email with a list of usernames that are associated with this email address.
6. Click Log in here, and on the new window, enter one of the usernames.
7. Click I forgot my details again.
8. A password reset link will be generated and emailed to your email address. Click on the link in the
email.
The password reset link automatically expires in one hour after receiving it.
9. Create a new password and click on Change Password. Make sure that your new password meets
the strong password requirements - refer to "Strong Password Requirements" on page 53.
10. Once the password has been changed successfully, log in to the Agent Browser with your new password.
Change your own password
Any user with the permission to manage the Account > Details section.
Account > Details > Security Settings
The correct permission to access the Account > Details section can be set up in Account > Roles. For further information, refer to "Roles" on page 43.
In case you remember your current password but would like to change it:
2. Click on the Details tab.
3. Scroll down to Security Settings and click Change Password.
4. Type in your current password.
5. Type in your new password twice. Make sure that your new password meets the strong password
requirements - refer to "Strong Password Requirements" on page 53.
6. Click Change.
Change another user's password
Administrator
Account > Users > User Details
In case you need to change another user's password:
2. Click on the Users tab.
3. Click on the username you wish to edit.
4. On the User Details page, type in the new password in the Password field. Make sure that your new
password meets the strong password requirements - refer to "Strong Password Requirements" on
page 53. You may also generate a random password.
5. Click Update.
6. Confirm the password change in the pop-up window by clicking on OK or click Cancel to discard the
change.
Make sure to provide the user with the new password.
About Two-Factor Authentication
To enable two-factor authentication for yourself, permission to access Account > Detail page. To
enable two-factor authentication for you organization, Account Admin permission is required.
Two-factor authentication (2FA) is a security process in which a second level of authentication is added to the
account login credentials. Both factors of authentication must be used and must be correct in order to establish the person's identity beyond doubt. The two factors may include:
l
Something that the user possesses, such as a token, a card, a key, etc.
l
Something that the user knows, such as a username, password, PIN, etc.
l
Something that is inseparable from the user, such as a fingerprint, iris, voice, etc.
Requirements
In Autotask Endpoint Management (AEM), 2FA requires login credentials (username and password) and a
one-time password (OTP) issued by an OTP token application.
l
l
l
To enable two-factor authentication for yourself, you must have at least View permission for the
Account > Details tab
A 2FA-token-generating application such as Google Authenticator (Android & iOS), Authy (Android &
iOS) or HDE OTP (iOS) must be installed on your smartphone or tablet
You should have a valid telephone number set up that can receive SMS messages. The number will be
used for recovery purposes or when disabling 2FA on a single user account when logging in
We strongly recommend that you assign account admin permissions to more than one user. This is to
ensure recovery, should there be an issue authenticating during the initial configuration or if the authenticating device encounters a problem.
Enable 2FA for yourself
1. Click on Account.
3. Scroll down to the Security Settings section and click Enable Two Factor Authentication.
4. The Enable Two-Factor Authentication window will open. Scan the QR code with your 2FA-tokengenerating application.
In case you do not have access to an authenticator, you can also have the token emailed to
you by checking the check box at the bottom of the Enable Two-Factor Authentication window. Note that this setting is remembered and will be applied each time you attempt to log in to
AEM.
5. Enter the token generated by your app or received via email into the box in the Enable Two-Factor
Authentication window in the Web Portal.
6. Click Save.
7. You will receive a message confirming that the TOTP (Time-Based One-Time Password) token has
been saved successfully.
8. Click OK.
9. To confirm if the 2FA has been set up correctly, log out of the Web Portal and log back in. Once you
have typed in your credentials, you will see a page asking for the one-time password (OTP) token that
your app will generate or that you will receive via email if you set it up that way. Type in the token and
click Log In.
10. Note that when accessing the Agent Browser, you will also need to enter an OTP token.
Disable 2FA for yourself
You can disable two-factor authentication for yourself in two ways: either when already logged in or while logging in to the Web Portal. See the two methods outlined below.
You are already logged in to the Web Portal:
3. Scroll down to the Security Settings section and click Disable Two Factor Authentication.
4. A message will appear confirming that the TOTP token has been disabled.
In case the Account Administrator had requested two-factor authentication for all users, the option to disable
two-factor authentication for individual users will be inactive.
In order to progress, the Account Administrator will need to switch off 2FA for the whole account first by following the steps outlined in "Disable 2FA for all users" on page 65.
You are about to log in to the Web Portal:
You have the option to disable 2FA when logging in to the Web Portal. This requires that a valid telephone number, that is able to receive SMS messages, is set up for your user account as outlined in the "Requirements"
on page 60 section.
1. Open the AEM login page.
2. Enter your username and password.
3. Click on Log In.
4. Click on Disable TOTP.
5. If you had not set up any phone number in your user account previously, you will not be able to receive
the disable code. Please contact Customer Support for further assistance.
6. In case you have a phone number on file, a disable code will be sent to that number. Once you have
received the code, enter it on the Web Portal and click Disable Two Factor Auth.
7. Access to the account will be granted once a valid disable code has been entered.
The disable code is only valid for 10 minutes and another code will not be sent within that time
frame.
Enable 2FA for all users
Administrator
In order to be able to turn on two-factor authentication for all users, the Account Admin user needs to
enable it for themselves first. Refer to "Enable 2FA for yourself" on page 60.
Two-factor authentication can be enforced as a mandatory requirement for all users in the account. To enable
this, you will need to have Account Admin access in AEM.
2. Click on Settings.
3. Scroll down to the Access Control section and switch on the Require Two Factor Authentication
option.
4. Once this has been enabled, all users will be forced to enable 2FA for their respective logins. Refer to
"Enable 2FA for yourself" on page 60.
Disable 2FA for all users
Administrator
3. Scroll down to the Access Control section and switch off the Require Two Factor Authentication
option.
Account Settings
Any user with the permission to manage Account Settings.
Account > Settings
If you are the person who is responsible for implementing Autotask Endpoint Management (AEM) in your company, this guide will help you get your AEM site up and running. There are a few fundamental account settings
that you need to be aware of in order to get the most out of the functionality AEM offers.
The correct permission to access Account Settings can be set up in Account > Roles. For further information, refer to "Roles" on page 43.
The settings described below apply to your entire AEM site, however, they may be modified through
Profile Settings if applicable.
CSM Password Policy
The password policy requirements defined here will apply to all users in both the Web Portal and the Agent
Browser. Click Edit to update your settings.
Requirement
Value
Definition
Expire Password
Never
30 days
60 days
90 days
Specify the number of days after which users are required to
change their login password. Select Never if you do not require
users to change their password.
Unique Password
Never
2-6
Specify the number of passwords to be used before users can
apply a previously used password again. Select Never if you
would like to prevent users from being able to apply any previously used password.
AEM requires the use of strong passwords that need to meet all of these criteria:
l
At least 8 characters long
l
Contains at least one uppercase and one lowercase letter
l
Contains at least one digit
l
Contains at least one of the following special characters: * @ # $ ! £ %
For information on how to change passwords, refer to "Manage Passwords" on page 53.
Access Control
This area allows you to control access to your AEM site. Turn the options on or off as required or click Edit to
update the Restricted IP List.
Field
Definition
Require Two Factor Authentication
Allows the Account Admin user to force all users to activate 2FA for
themselves.
Note: The Account Admin user needs to enable 2FA for themselves
first in order to be able to enable it for all other users.
For more information on how to enable 2FA for a single user, refer to
"Two-Factor Authentication" on page 60.
Require New Device Approval
If this option is enabled, any new device added to the site will need to
be approved by the Account Admin user first. Only once they are
approved, will it be possible to manage them through AEM. By
default, the option is disabled. For more information, refer to "New
Device Approval" on page 77.
CSM IP Address Restriction
Allows you to restrict access to the Web Portal for specific
IP addresses. Once this option is turned on, your current IP address
will automatically be added to the Restricted IP List. You can add
more than one IP address to the list.
Agent IP Address Restriction
Allows you to restrict access to the Agent Browser for specific
IP addresses. Once this option is turned on, your current IP address
will automatically be added to the Restricted IP List. You can add
more than one IP address to the list.
Restricted IP List
If you have enabled the CSM IP Address Restriction and/or Agent
IP Address Restriction options, enter one or more IP addresses to
the Restricted IP List to ensure that the Web Portal and/or Agent
Browser are only accessible through these IP addresses.
Note: Your current IP address will automatically be added to this list
once you turn on the CSM IP Address Restriction or Agent IP Address Restriction option.
If you would like to update the IP addresses or add new ones, click on
Edit, make the changes and click Update.
Power Rating
You can specify the cost and power rating of your devices for the entire account. These numbers will provide
the basis for your managed endpoints' energy usage calculation that you can view on the Managed profiles'
summary page. For more information, refer to Profile Summary.
If the fields are left blank, the default wattage and cost per kWh will be applied.
The default wattage of 350W and the default cost can be changed by clicking on Edit.
The numbers set here can be overridden in Profile Settings and/or on the Device Summary page.
Field
Value
Desktop
Define the power rating of desktops. This can be overridden in Profile Settings and on the
Device Summary page.
Field
Value
Server
Define the power rating of servers. This can be overridden in Profile Settings and on the
Laptop
Define the power rating of laptops. This can be overridden in Profile Settings and on the
Other
Define the power rating of any other devices. This can be overridden in Profile Settings
and on the Device Summary page.
Cost per kWh
Define the cost per kWh. This can be overridden in Profile Settings.
The formula to calculate the managed endpoints' energy usage calculation is as follows:
(UptimeInMinutes * Wattage) / 60 / 1000 * Price
End-User Ticket Assignee
Select a user with Account Admin permissions as the default person to assign tickets to. If No default
account is selected, the end-user tickets will be assigned to the user who registered the account.
The end-user ticket assignee set here can be overridden by an end-user ticket assignee set at profile
level. Refer to Profile Settings.
Variables
You can specify variables that can be used when writing custom scripts or components. The variables can be
defined with a specific value that the Agent will use when executing the script. How you refer to the variables
in your script will be defined by the scripting language you apply (e.g. in batch scripts, you can refer to a variable in the format of %VariableName%). For more information, refer to Input Variables.
Account variables used in scripts or components will be passed to jobs but will be overridden by profile variables of the same name. You can specify your profile variables in Profile Settings.
1. Click on Click here to add a variable.
2. Give it a meaningful Name. Make sure there is no space in the variable's name.
3. Specify the variable's Value.
4. Check Mask my input if you would like to hide the variable's value.
5. Click Add.
6. Repeat steps 1-5 to add more variables.
Custom Labels
You can configure 5 custom field labels at account level that will be applied to the custom fields available on
the Device Summary page. These fields can be populated with information that is not picked up in the device
audit so that it can be filtered and searched upon to provide additional targeting for jobs and policies. You can
enter the custom field information manually on the Device Summary page or it can be populated by the
AEM Agent on Windows devices. For further information, refer to "Custom Fields" on page 80.
The custom field labels defined here can be overridden at profile level. Refer to Profile Settings.
To configure the custom field labels, do the following:
1. Hover over one of the custom fields and click on the pencil icon to edit it.
2. Rename the field under System Override.
3. Click on the green tick
to save the changes.
Custom Agent Settings
Custom Agent settings allow you to define how Agents communicate with the platform and perform network
scans.
Field
Definition
Use Connection Brokers
AEM uses connection brokers to reduce outbound network traffic within
a subnet. If you have a number of devices connected to the platform,
connection brokers will handle pings and keep-alive-requests to tell the
platform if the devices are online or not.
By default, this option is set to ON. Switching this option off will prevent
any Agent in the account from becoming a connection broker. For more
information refer to "Connection Brokers" on page 84.
Note: The setting applied here overrides any setting made at profile
level, however, it is possible to manually modify this selection in Profile
Settings afterwards.
Use alternative settings for Agent
Select this to be able to configure further custom Agent settings.
Field
Definition
Control Channel Address
By default, this field should be left blank. In case a specific Control Channel Address is needed for your site, please contact your
AEM Implementation Manager.
Control Channel Port
By default, this field should be left blank. In case a specific Control Channel Port is needed for your site, please contact your
Web Service Address
By default, this field should be left blank. In case a specific Web Service
Address is needed for your site, please contact your
Tunnel Server Address
A tunnel server acts as an interface between devices for remote
takeover sessions. Specify an IP / domain and a port to be used for the
relayed connection by default (e.g. 123.45.6.789:443). Refer to "Connecting Agents through the Tunnel Server Grid" on page 14.
NetAssets Subnet Limit
Limits the size of the scan an Agent performs in a single subnet. By
default, the limit is set to 65.534 which is also the maximum number of
IP addresses that an Agent is able to scan in a subnet. Set the value to 0
to disable network scanning for the entire account.
Note: It is not possible to disable network scanning at profile level. For
further information, refer to Disable network scanning of SNMP devices.
NetAssets Scan Limit
The limit of devices that the Agent can scan on the subnet of the device.
By default it is set to 254. The minimum value is 0, the maximum value is
1024.
For more information about discovered devices, refer to Manage Network Devices and Printers using SNMP.
Agent Deployment Credentials
To be able to deploy an Agent across a LAN, you'll need to have a username and password for the device(s)
you're going to install the Agent on. It is possible to cache these credentials so that you don't have to enter
them each time for each device. All credentials entered here will be tried during Agent deployments for any profile.
You can add Agent Deployment Credentials at profile level as well. They will be used in addition to
those specified here. For further information, refer to Profile Settings.
1. Click on Edit.
2. In the Username field, enter the domain (if in use) and the username in the following format:
Domain\Username.
3. Enter the Password.
4. To add further usernames and passwords, click on Add credentials.
5. Click Save Changes.
SNMP Credentials
If you would like to manage SNMP-enabled devices in AEM, you can cache their SNMP credentials so that
you don't have to enter these whenever adding new managed network devices. For further information about
how to add managed network devices, refer to Manage Network Devices and Printers using SNMP.
You can add SNMP Credentials at profile level as well. They will be used in addition to those specified
here. For further information, refer to Profile Settings.
1. Click on Edit to be able to add SNMP credentials.
2. Choose the correct Version: v1/v2c or v3.
3. Fill in the details (see below).
4. To add more credentials, click on Add SNMP Credentials and repeat steps 2-3.
5. Click Save Changes.
SNMP v1/v2c needs a name and community string, while v3 requires more complex security. If
you’re not sure what settings you need to enter here in order to connect to your network device over
SNMP, refer to the device documentation or provider for more details.
v1/v2c
Field
What to Enter
Name
Enter the name of your device.
Community
The community string works as a password. If the field is left blank, the default read-only community string "public" is applied. If your device has a customized community string, enter it here.
V3
Field
What to Enter
Name
Enter the name of your device.
V3 User
Enter the V3 username.
Authentication
Select one of the authentication protocols:
• None
• MD5
• SHA1
V3 Password
Enter the V3 password.
Field
What to Enter
Encryption
Select one of the encryption standards:
• None
• DES
• AES128
• AES192
• AES256
• TripleDES
V3 Encryption Key
Enter the V3 encryption key.
Context
Enter the SNMP context ID.
Splashtop Settings
If you cannot see this section, that is because you haven't downloaded the Splashtop extension for your site,
yet. Go to ComStore and search for the extension Splashtop Remote Screen Sharing. Click on Buy to be
able to set it up for your account.
Once the extension has been downloaded, the Splashtop Settings section will be displayed. You can enable
Splashtop functionality or disable it altogether by turning on the option Enable automatic installation of
Splashtop Streamer. Once this is enabled, you can opt to automatically install it on all applicable machines
without any administrative prompting. The inclusion and exclusion fields are present for configuring this feature.
For further information about the settings, refer to "Splashtop Remote Screen Share Integration" on page 189.
Agent Update Settings
By switching the Automatic Agent Updates option ON/OFF, you can specify if you want Agent updates to
be rolled out automatically in your site. Disabling automatic updates allows you to delay the roll-out of new
Agents to your devices for up to 2 weeks, and selectively roll out the update to individual profiles in the meantime. After 2 weeks, the Agent update will be rolled out automatically.
Emergency updates override individual settings and get rolled out automatically.
For further information, refer to "Agent Updates" on page 89.
Mail Settings
You can specify a From Name and a Reply-To Address for the email notifications you send out to your end
users. Once these have been configured, the notification emails will come from the name specified and the
replies will be delivered to the reply-to address.
1. Click on Edit.
2. In the From Name field, enter a name that you would like to appear in the from field of the emails sent
out, for example IT Support.
3. In the Reply-To Address, enter an email address to which you want your recipient(s) to reply.
4. Click Update.
Mail Recipients
By clicking on Add, you can specify one or more email recipients and define what type of email notifications
they should receive.
The user who registered the account is added as a mail recipient by default.
Mail recipients of a particular profile can be specified in Profile Settings.
1. Click Add.
2. Fill in the required fields.
Field
What to Enter
Recipient
Name
Enter the recipient's name.
Recipient
Address
Enter the recipient's email address.
Type
Select the preferred email format for this recipient: HTML, Text or Both.
Receives
Select the types of notifications this recipient will receive: Alerts, Reports, New Devices.
3. Click Add.
Update Profile Variables
You can update one or more of your Managed profiles' existing variables or add new variables by uploading a
.CSV file. In order for the update to be successful, the variable name and variable value fields are mandatory
to fill in. To learn more about profile variables, refer to Profile Settings.
OnDemand profiles cannot be updated with variables.
1. Click on Download Template.
2. Open the .CSV file you downloaded and fill in the details:
Field
What to Enter
Profile UID
The Profile UID (Unique Identifier) is hard-coded and cannot be changed or
updated.
Profile Name
The name of your profile. The name cannot be updated through the .CSV file,
however, it can be changed in Profile Settings.
Field
What to Enter
Profile Description
The description of your profile. The description cannot be updated through the
.CSV file, however, it can be changed in Profile Settings.
Variable Name*
Enter the name of the variable. It can be a new variable or an already existing
one.
Variable Value*
Enter the value of the variable. It can be a new value or an already existing
one.
Variable is Hidden
If you would like to mask the variable value, enter 1. If you would not like to
mask the variable value, enter 0.
Note: When adding a new variable and leaving this field blank, the variable
value will not be masked.
*Mandatory field.
3. Save the file in .CSV format.
4. Click on Choose file and select the file you have just saved.
5. Click Update.
6. The following message will appear in a yellow info bar at the top of the page: Profile variables imported
successfully.
7. The variables will appear in Profile Settings > Variables.
Apple Push Certificate
If you cannot see this section, that is because you haven't downloaded the Mobile Device Management extension for your site, yet. To find out how to do that and how to upload an Apple Push Certificate, refer to Mobile
Device Management (MDM) and Deploy an iOS Agent.
Reset Columns Display
If you have changed the column display at various places in your AEM site, this option will allow you to restore
the default column display for your entire account.
1. Click Restore Defaults.
2. Confirm your request by clicking OK in the pop-up window.
Restoring the default column display will apply to your user account only. It will not change other
users' settings. Other users will need to restore the default column display for their own user account
in Account > Settings or on individual pages where they had previously changed the column display.
Windows Security Centre Audit
If you cannot see this section, that is because you haven't downloaded and configured the Kaspersky Endpoint Security (KES) extension for your site, yet. Once KES is configured, this section will be displayed and
you can configure the following:
Field
Definition
Windows Defender
Enable or disable Windows Defender for workstations. By default, it is set to ON.
Windows Firewall
Enable or disable Windows Firewall for workstations and servers. By default, it is set to ON.
If any of the above is turned off, the Windows Security Center summary will not be shown under
Device Summary > System > Security.
To find out how to disable KES at profile level, refer to Profile Settings.
For more information about KES, refer to "Kaspersky Endpoint Security Integration" on page 136.
New Device Approval
Administrator
Account > Settings > Access Control > Require new device approval
Profiles > Approve Devices
Device approval or sandboxing improves account security by giving the Account Admin user control over any
new Agents connecting to their account. This functionality is disabled by default in "Account Settings" on
page 67.
How to...
Enable new device approval
1. Navigate to Account > Settings.
2. Locate Access Control.
3. Switch Require new device approval to ON.
Once this option has been enabled, any new device connecting to your account will be sandboxed, that is,
they will require Account Administrator approval before they can participate in your account activity.
The sandboxed devices will not be able to:
l
Run jobs
l
Apply policies
l
Download components
They will be able to :
l
Submit audit data
l
Submit performance data
l
Allow remote takeover functionality
Devices awaiting approval will be added to the Managed device count and billed as such.
Approve or remove devices
When a new device gets added to your account and the Require new device approval option is enabled in
"Account Settings" on page 67, the new device will be flagged in the Web Portal the following ways:
l
An Approve Devices button will become visible on the Profiles page.
The Approve Devices button will not be visible unless a new device is waiting approval, even
if the Require new device approval option is enabled.
l
Devices awaiting approval will appear highlighted in blue in their profiles and a message with a link to
the sandboxed device(s) will notify you that they are waiting for your approval.
To approve a device or remove it from your account, do the following:
1. Click on either the Approve Devices button on the Profiles page, or the link to the sandboxed devices
in a profile.
2. You will be directed to the Devices Awaiting Approval (sandbox) page which will look like this:
3. Click the checkbox next to the device(s) you wish to approve or delete.
4. Click the Approve device(s)
button to approve the device(s) or the Delete device(s)
remove the device(s) from your account.
button to
Approved devices will now be allowed to fully communicate with the platform.
Removed devices will be deleted from the account.
Custom Fields
Administrator
Profiles > click on a Profile > Devices > click on a Device > Summary
Custom fields in Autotask Endpoint Management (AEM) are used for displaying device information that is not
picked up during the device audit. Each device record can have up to 5 custom fields. You can enter the custom field information manually on the Device Summary page or it can be populated by the AEM Agent on Windows devices. Once a custom field is populated with information, the data can be filtered and searched to
provide additional targeting criteria for jobs and policies.
Note that custom field information can be populated by the AEM Agent on Windows devices only. It
will fail on any other operating system.
For information about how to set up custom field labels, refer to "Account Settings" on page 67 and Profile Settings.
How to...
Add custom field information manually
In order to manually enter information into the custom fields, do the following:
1. Go to Profiles and click on one of your profiles.
2. Click on the Devices tab and click on one of the device records.
3. On the Device Summary page, click the Edit hyperlink next to the device description.
4. Add the required information into the custom fields. In our example, we entered information into Custom field 1.
5. Click Save.
For more information, refer to Device Summary.
Populate custom field information automatically
Having custom field information displayed on the device summary page does not have to be a manual process
exclusively. On Windows devices, custom fields can also be populated by the AEM Agent. By adding entries
to the device registry, the Agent will send the data back to the platform and the custom fields will get populated automatically. This makes for an extremely powerful and useful tool, especially when coupled with the
scripting and component mechanisms within AEM. For information on scripting, refer to Scripting.
You can use either of the two ways described below to add registry entries to your devices.
Use the command line
1. Open the Command Prompt window.
2. To add a registry entry via the command line, use the following syntax:
REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\CentraStage /v CustomField /t REG_SZ /d
"ValueForFieldHere" /f
3. Make the necessary changes in the command line:
Field
What to Enter
CustomField
This will be the string value name once added to the registry. Enter one of the following names:
• Custom1
• Custom2
• Custom3
• Custom4
• Custom5
ValueForFieldHere
This will be the string value data once added to the registry. Enter the information
you would like to display on the device summary page.
4. Click Enter.
Use RegEdit
1. Open the Registry Editor.
2. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\CentraStage.
3. Right-click in the right-hand window and select New > String Value.
4. Rename the New Value. Enter one of the following names:
l
Custom1
l
Custom2
l
Custom3
l
Custom4
l
Custom5
5. Double-click on the value to edit the string.
6. Enter the Value data. This is the information that will be displayed on the device summary page.
7. Click OK.
Once the Agent connects to the platform, it will send back the data added to the registry and the information
will be displayed on the device summary page in each custom field accordingly.
Connection Brokers
Any User
Account > Settings > Custom Agent Settings
Profiles > Profile > Settings > Custom Agent Settings
About connection brokers
Autotask Endpoint Management (AEM) uses connection brokers to reduce outbound network traffic within a
subnet. This can be useful especially for low bandwidth environments where you have a number of devices
connected to the AEM platform.
Connection brokers handle pings and keep alive requests to tell the platform if the devices within the subnet
are online or not. By default, the option to use connection brokers is enabled for every account, however, this
can be disabled in "Account Settings" on page 67 and Profile Settings.
How to...
Enable / disable connection brokers
The option to use connection brokers is enabled for every AEM account by default, however, you can manually disable it for the entire account or at profile level.
The ability to disable connection brokers can be useful when diagnosing single device problems or to overcome local network configuration issues where communication between Agents with a connection broker may
be more difficult than allowing them to reach the platform directly.
To disable or enable the use of connection brokers, do the following:
1. Go to Account > Settings > Custom Agent Settings or Profiles > select a profile > Settings >
Custom Agent Settings.
2. Switch the option Use Connection Brokers on or off accordingly. It will then allow or prevent any
Agent from becoming a connection broker in the entire account or at profile level.
When switching the option off at account level, it will override any selection made at profile level.
However, once you have configured the connection broker option in "Account Settings" on page 67,
you can modify it manually at profile level.
Nominate a device as connection broker
The AEM Agent polls the platform every 90 seconds with keep-alive-messages. If the option to use
connection brokers is enabled at account and/or profile level, and there is more than one Agent on a LAN connecting to the AEM platform, one of those Agents will automatically be designated as a connection broker. It
will then deal with all the pings and keep-alive-messages from the other devices in the subnet, which keeps
the outbound traffic to a minimum. To learn how an Agent obtains a node score ranking to become a connection broker automatically, refer to "Node Scores" on page 87.
You also have the ability to manually select a device within your network to act as a connection broker. This
will give the device a node score of 20 by default.
Nominate a device as a connection broker that is likely to have the highest uptime within your network, such as a server.
In order to force an Agent to become a connection broker, do the following:
1. Locate the AEM Agent on the local device and right-click on it.
2. Click Settings.
3. Click the Preferences tab.
4. Select the option Force this device to become a Connection Broker (CB).
5. Click OK.
This will set the device to have a node score of 20, thus ensuring that the device is a connection broker. For
further information, refer to "Node Scores" on page 87.
If you have more than one device that has been set up as a connection broker inadvertently, the
device that contacts the platform first will become the connection broker.
Find the connection broker
The connection broker for each profile is not shown on the Profile Summary screen, however, you can find it
through one of the ways outlined below.
Through the Agent
1. Open the AEM Agent on a local device.
2. Under the Summary tab, locate the CS Connection section to see the IP address of the connection
broker through which this device is connected to the platform.
3. In case this device is the connection broker, the following entry will be displayed:
In the logfile
If a connection broker is being used, it will be reported in the AEM logfile in the following format:
CB:COMPUTERNAME, Score:3 at 192.168.139.1
For further information about the logfile, refer to How do I Find the AEM Log Files?.
Node Scores
Each device with an Autotask Endpoint Management (AEM) Agent installed will obtain a node score ranking
to determine whether it can be established as a Connection Broker.
The node score is calculated when a device runs an audit (once a day for Managed Agents and once every 7
days for OnDemand Agents). An Agent will only respond to a connection broker request if its node score is
equal to or greater than the node score of the requesting Agent. This ensures that the most robust device of
the network will become the connection broker for the subnet. For more information, refer to "Connection
Brokers" on page 84.
Agents are graded on a score of between 0 and 19, 0 being the least suitable and 19 the most suitable to be
used as a connection broker.
Devices with disabled node score functionality will show -1 for their node score.
The node score is calculated from the following areas:
l
Network connection type
l
Operating system type
l
Time elapsed since last system boot
The score will be generated through the following score process:
Agent Updates
Administrator
Account > Settings > Agent Update Settings
Autotask regularly rolls out Agent updates, which typically occurs when a new release comes out. However,
updates deemed critical by Autotask, such as security updates, may occasionally be rolled out between
releases.
Autotask Endpoint Management (AEM) Account Admin users have the ability to control when an Agent
update is pushed out to the devices with the exception of emergency updates that overwrite individual settings and are rolled out automatically.
Turn on / off Automatic Agent Updates
By default, the Automatic Agent Updates option is enabled in every account. When this option is turned off,
the Account Admin user can take control of Agent updates at system or profile level. The Automatic Agent
Updates option can be turned on / off in the Web Portal in "Account Settings" on page 67:
3. Scroll down to Agent Update Settings.
4. Switch on / off the Automatic Agent Updates.
Disabling automatic updates allows users to delay the roll-out of new Agents to their devices for up to
2 weeks, and selectively roll out the update to individual profiles.
Emergency updates will overwrite the user settings and be rolled out automatically.
Roll out updates
If the Automatic Agent Updates option is disabled in your account, you can control when the updates are
rolled out.
You will see a pink info bar stating that there is an outstanding Agent update available.
System level:
Profile level:
Once you click on apply it, the Agent(s) will be enabled to receive updates.
Updates can take up to 24 hours to take effect.
Configuring Third Party Integrations
Autotask Endpoint Management integrates with a number of third-party applications that require a degree of
setup and configuration.
Professional Services Automation Tools
For a comparison of the functionality of these integrations, refer to "Service Desk Integrations with Autotask
Endpoint Management" on page 93.
Autotask
Autotask PSA is our own IT Business Management Platform. The integration with Autotask Endpoint Management (AEM) supports the synchronization of AEM profiles and PSA companies, tickets, and devices (configuration items). Refer to "Integrate with Autotask PSA" on page 95.
ConnectWise
The ConnectWise integration allows you to join together your Autotask Endpoint Management (AEM) and ConnectWise accounts. This allows tickets created in AEM (either through automatic alerts, or created manually)
to be managed and processed in ConnectWise, and to be associated with the correct profiles (or "Companies"
in ConnectWise). Refer to "ConnectWise" on page 118.
Zendesk
The Autotask Endpoint Management (AEM) integration with Zendesk enables all tickets to be handled within
Zendesk. Refer to "Zendesk" on page 127.
Screen Sharing, Backup and Security
Datto
Datto is a hybrid cloud backup and recovery service. A Datto device on a local network will perform a snapshot of targeted systems and then back them up to storage in the cloud. Refer to "Datto Backup Integration"
on page 133.
Kaspersky
The Autotask Endpoint Management (AEM) integration with Kaspersky Endpoint Security (KES) solution
allows you to manage and administer your IT anti-virus solution from within the AEM Web Portal. Refer to
"Kaspersky Endpoint Security Integration" on page 136.
Splashtop
Splashtop is a leading screen share technology that provides a faster and smoother experience than the
default VNC. The streamer can be rolled out to all your connected devices, both Windows and Mac, either
automatically or on demand. Refer to "Splashtop Remote Screen Share Integration" on page 189.
Service Desk Integrations with Autotask Endpoint Management
AEM integrates with the following service desk applications:
l
Autotask PSA
l
ConnectWise
l
Viva Desk
l
Zendesk
Functionality Overview
Compare the functionality each integration offers:
Feature
Autotask
ConnectWise
Synchronization of existing AEM profiles and devices to the service desk
●
●
Synchronization of changes to profiles between AEM and service desk customers
●
●
Automatically open an AEM ticket within service desk
●
●
Synchronization of ticket priority and status
●
●
Tickets created by monitors sync to service desk
●
●
Round trip ticket synchronization
●
●
Replaces AEM ticketing system
●
Viva
Desk
Zendesk
●
●
●
●
●
Access device audit information from service desk
●
Connect to AEM Agent browser from service desk
●
Associate certain devices to service desk tickets
Sync Frequency
●
Minutes
●
Minutes
4
hours
Minutes
Direction of Synchronization
Each of the service desk integrations sync certain data with AEM. The sync direction is illustrated below:
Ticket Synchronization
Ticket synchronization can either be two way or one way, depending on which part of the ticket is being
synced.
Integrate with Autotask PSA
Administrator
Account > Integrations
This article describes the integration with Autotask PSA version 2015.2, which is currently being
rolled out. If you are not yet on 2015.2.
About the Autotask Integration
Autotask PSA is integrated with Autotask Endpoint Management (AEM) via a connector. The integration supports the synchronization of AEM and PSA companies (profiles), tickets, and devices (configuration items).
To configure the Autotask Connector, Administrator security level is required in PSA, and a role that
includes access to Account > Integrations is required in AEM.
How to...
Download the Autotask Connector
To download the Autotask Connector, do the following:
1. Log into the AEM Web Portal.
2. Click the ComStore tab.
3. Select Connectors. The Autotask Connector will be displayed.
4. Click on it, and in the pop-up window click Buy.
Configure the company / profile integration
When your download is completed, a new tab will appear under the Account tab, called Integrations.
1. Click the Integrations tab.
2. Click Run setup wizard.
The setup wizard opens to the Autotask credentials page.
3. Enter your Autotask PSA Username and Password.
4. Click Test connection...
If the credentials are valid, a green check mark will appear.
5. Check Filter accounts by Owner ID to synchronize only Autotask PSA companies to AEM for whom
the logged in user is the Account Manager. To synchronize all Autotask companies, leave the check
box blank.
6. Click Next.
7. Select the PSA company types you want to retrieve and synchronize with AEM profiles. Limit the
selection to company types you have set up profiles for.
8. Click Next.
9. Review the setup options you have selected so far.
10. Optionally, check Analyse profile and account mapping now. This will start the process of mapping existing AEM profiles to PSA company names. If a profile name is identical to a company name,
they will be mapped.
11. Click Save Setup. The wizard will then compare PSA company names to AEM profile names and
present a summary of possible matches. On the screenshot below, you can see that there are 200
matches, but one profile was not found in PSA, and 8 accounts/companies were not found in AEM.
By default, the missing profiles and accounts would be created automatically.
12. If you think the automatic mapping failed because the company and profile names were slightly different and you do not want to create any duplicates, click the Do not synch radio buttons and then
click Edit mapping rules...
This will launch the Edit mapping rules page that allows you to manually match profile names to company names.
13. Click Save to close this pop-up window, and then click Accept and Continue.
14. Click OK on the confirmation dialog box. The mapping rules will be applied. A number of progress dialog boxes will appear.
15. Finally, the current mapping rules will be displayed on the page.
16. If you would like to auto-create accounts for any new AEM profiles, toggle the switch to on.
17. Copy the Extension Callout URL to your clipboard and open Autotask to configure the remaining settings. You will need this URL when you configure the PSA end of this integration. Refer to "Configure
the connector in Autotask PSA" on page 109.
Configure ticket synchronization
The next step in the integration setup process is to configure ticket synchronization between AEM and PSA.
1. On the Autotask Integration page, click Setup next to Ticket synchronization.
2. On the Select Autotask queue page, select the ticket queue that will be used for tickets created in
PSA.
The selected queue must be active, or ticket synchronization will fail.
All tickets will initially use the selected queue, but you can set up workflow rules to automatically move tickets into different queues.
3. Click Next.
4. On the Associate ticket statuses page, click the drop-down and select the appropriate Autotask
status.
5. Click Next.
6. On the Associate ticket priorities page, you map CentraStage (AEM) priorities to Autotask ticket priorities. Click the drop-down and select the appropriate Autotask priority.
We recommend using the Autotask PSA priority "Low" for AEM priorities 4 and 5.
7. Click Next.
8. On the Select Work Type page, select a work type that is applied to all tickets generated in AEM. If
needed, the work type can be changed using workflow rules.
The selected work type must be active, or ticket synchronization will fail.
9. Click Save Settings.
Configure device synchronization
The third step in the integration setup process is to configure device synchronization between AEM and PSA.
Devices that are installed at an Autotask customer company are called configuration items, but all
configuration items are based on a product, and therefore devices must be mapped at the product
level.
1. On the Autotask Integration page, click Setup next to Device synchronization.
2. On the Device synch setup page, manually select an existing Autotask product, or allow AEM to create a matching Autotask product.
We recommend that you allow the connector to create a matching product if you do not see the
corresponding Autotask product. The new product will have a prefix of AEM_devicetype. This
will help to differentiate them from existing PSA products.
3. Click Next.
4. On the Select product allocation code page, you select the Product Code that will be used for all
devices synched from AEM to Autotask. The Product Code is a required field in Autotask used for
billing.
5. Click Next.
6. Review the product mappings and the product allocation code for device synchronization. When
everything is correct, check Synchronize my devices now and click Save Settings.
If you checked Synchronize my devices now, the synchronization is run immediately. The wizard
will close, and the integration page will be displayed. You can also click Synchronize my devices
now on the Integrations page.
7. If you have not already done so, copy the Extension Callout URL on the Autotask Integration page to
your clipboard and open Autotask PSA to configure the remaining settings.
Configure the connector in Autotask PSA
You must log into Autotask PSA with an Administrator security license with both "Remote Monitoring / Management Extensions" and "Application-Wide (Shared) Features" permissions.
Step 1: Create an Extension Callout
1. Navigate to Autotask menu > Admin > Extensions & Integrations > Other Extensions & Tools
> Extension Callout (Tickets).
2. Click New Extension Callout.
3. Complete the following fields:
Field
Description
Name
Enter a descriptive name for the callout, for example "AEM".
URL
Paste the Extension Callout URL you copied from the AEM Autotask Integration page into
this field. Refer to "Configure the company / profile integration" on page 96.
Field
Description
Username
Enter the username you use in AEM.
Password
Enter the password for this user.
Ticket UserDefined Field
Make sure that this field is blank.
HTTP Transport Method
Make sure the transport method is set to GET.
4. Keep the Do not generate e-mail notifications unless a failure is detected check box selected.
5. The Workflow Rules tab displays the name of all workflow rules that will trigger this callout. You will
create a workflow rule for this extension callout in Step 2. Ignore this tab for now.
6. Click Save & Close.
7. Complete Step 2.
Step 2: Add a Workflow Rule to trigger the Extension Callout
1. Navigate to Autotask menu > Admin > Features & Settings > Application-wide (shared)
Features > Workflow Rules.
2. On the Service Desk tab, click New.
3. Set up the new workflow rule as described below.
Field
Description
General
Name
Enter a descriptive name.
Description
Enter a description that indicates what the rule
accomplishes.
Active Check Box
Note that the Active check box is checked, and the
workflow rule will go into effect as soon as you save
it.
Field
Description
Events
When a/an Ticket is:
Select the first four check boxes: Created by
Anyone, Edited by Anyone, Note Added by Anyone,
Time Added by Anyone.
Conditions
No conditions are needed for this workflow rule.
Do not select anything.
Updates
Field
Description
No updates are needed for this workflow rule.
Do not select anything.
Actions
Then Execute Extension Callout:
Select the newly created Extension Callout from the
list.
Add Ticket to Primary Resource’s Work List
This check box does not apply to Extension Callouts. Leave unchecked.
Actions: Create To-Do(s)
No to-dos are needed for this workflow rule. Do no
complete any fields.
4. Click Save and Close.
The new workflow rule will now appear on the Workflow Rules tab of the Extension Callout.
Create LiveLinks to AEM Devices
To help streamline your Autotask Endpoint Management (AEM) workflow, you can create LiveLinks in
Autotask to allow users to connect to a device directly from your Autotask configuration items or tickets. For
more information, refer to "Autotask LiveLinks to AEM Devices" on page 114.
Autotask LiveLinks to AEM Devices
Requires Administer LiveLinks permission, assigned from the Security Policies tab in LiveLinks
Designer in Autotask
Autotask menu > Admin > Extensions & Integrations > Autotask Add-Ons > LiveLinks Designer or,
for non-Administrators, Home > View > LiveLinks Designer
About LiveLinks
LiveLinks are intelligent links from Autotask to external applications or websites, or customized links within
Autotask. LiveLinks can pass Autotask information to a target application or website.
To help streamline your Autotask Endpoint Management (AEM) workflow, you can create LiveLinks in
Autotask to allow users to connect to a device directly from your Autotask configuration items or tickets.
How to...
Set up LiveLinks
1. Log in to your Autotask account with Administer LiveLinks permission. This can be assigned from
the Security Policies tab in LiveLinks Designer.
2. Hover over the Autotask menu and click Admin.
3. Click Extensions & Integrations.
4. Expand the Autotask Add-Ons section and click on LiveLinks Designer. This will open a list of links
that are already in your Autotask account.
5. Click Explore the AXN LiveLinks Catalog.
6. Locate the LiveLink called AEM Remote Takeover from Configuration Item or AEM Remote
Takeover from Ticket. You can also use the search function on the left of the page.
7. Right-click on any of the LiveLinks and click Install LiveLink.
8. Read the terms and conditions and if you agree, select the check box I have read and accept the
Terms and Conditions.
9. Click Install.
10. Once the installation is complete, click OK in the confirmation window.
11. You will now be taken back to your list of installed LiveLinks. Locate the newly installed LiveLink, rightclick on it and click Edit LiveLink.
12. In the Base URL box, change Zinfandel to the platform your account resides on. For example, if your
account is on the Merlot platform, change https://zinfandel.centrastage.net/csm/device/startConnection/ to https://merlot.centrastage.net/csm/device/startConnection/. For more
information about the platforms, refer to "AEM Platforms" on page 10.
13. Make sure to activate the LiveLink by selecting the check box of Active on the top of the page.
14. Click Save & Publish.
15. Select which Security Levels, Departments and Resources you would like to publish the LiveLink to
by clicking on each tab.
16. Click Save & Close. The LiveLink will now be accessible from your tickets and / or configuration
items, respectively.
The LiveLink will allow you to initiate a connection from an Autotask ticket or configuration item that references an AEM monitored device.
ConnectWise
The ConnectWise connector allows to join together your Autotask Endpoint Management (AEM) and ConnectWise accounts. This allows tickets created in AEM (either through automatic alerts, or raised manually)
to be managed and processed in ConnectWise, and to be associated with the correct profiles (or "Companies"
in ConnectWise).
Requirements
To integrate ConnectWise with AEM, you will need the following:
l
A ConnectWise account
l
The ConnectWise component, available for download from the "Connectors" section of the ComStore.
l
A ConnectWise client which you need to download from http://connectwise-internet-client.software.informer.com/download/
Once downloaded, the ConnectWise component will create a new tab called Integrations in the Account section of the Web Portal.
How to...
Start the configuration
1. Download and install the ConnectWise client from the above URL.
2. Log in to your ConnectWise Account via the client you downloaded.
3. Click the Setup tab on the left side of the home page.
4. Click the Setup Tables tab.
Choose the category
1. Select the Category drop-down menu and choose General type.
2. Click Search.
3. From the search list select Integrator Login.
Create a new item for Integrator Login
1. On the top of the page, click the New Items tab to create new item.
2. You must populate the following fields to create an item:
l
Username – Enter the username you would like to use
l
Password – Enter the Password
l
Access Level – Select All records
l
Service Board – Select Integration
l
Callback URL – Enter https://connector.centrastage.net/connector/cw/callbackurl?recid=
l
Enable Available API(s) – Company API, Reporting API, Service ticket API.
Enter ConnectWise login details in your AEM account
To enter your ConnectWise Login details, do the following:
1. Log into the Web Portal.
2. Select the Account > Integrations tab.
3. Under the ConnectWise section click Edit.
You will need to provide the following details:
l
Site URL – Enter ConnectWise site address
l
Company ID – Type your company name (it can be any)
l
Company Login ID and Password – must be the one you used in ConnectWise on the
Integrator Login page
4. Click Save.
Please note the following:
l
l
If the callback URL produces an error (500 Internal Server Error) when invoked through HTTPS, use
HTTP instead
The site URL must not contain “www"
Configure Account Synchronization
To synchronize your AEM profiles, status configuration and priorities with ConnectWise:
1. Go to your AEM profile.
2. Select the Account tab.
3. Under the Integrations page, select ConnectWise.
4. Click Setup.
Configure Profile Associations
1. To associate AEM profiles and ConnectWise companies:
2. Click Add New Association or choose an existing one.
3. From the left drop-down box choose an AEM profile.
4. From the right drop-down box choose the appropriate ConnectWise company.
5. Click Next to continue.
You can delete an association by checking it and clicking Remove Association.
Configure Service Board
1. Select Integration.
Configure Existing Status Associations
To associate AEM and ConnectWise Ticket Statuses:
1. From the left box choose an AEM ticket status.
2. From the right box choose appropriate ConnectWise ticket status.
Configure Existing Priority Associations
To associate AEM and ConnectWise ticket priorities:
1. From the left box choose an AEM ticket priority.
2. From the right box choose appropriate ConnectWise ticket priority.
Finalize Setup
As soon as you see a “Thank you" page, the setup is finished and you can start working.
Click Close to continue.
Tickets will now be synchronized automatically when they are created in AEM.
Zendesk
Zendesk enables companies to provide great customer support, scale with self-service options, and differentiate with proactive engagement. The result is customer relationships that are more meaningful, personal, and productive — all at a lower cost.
Download the Zendesk component
1. Select ComStore.
2. Click on the Extensions section found on the left of the screen.
3. Select the Zendesk component.
4. Click on the extension, then select Buy.
5. Select Account > Settings.
6. Scroll to the bottom of the page to Zendesk integration.
7. Launch Zendesk and log into your account.
8. Select Admin (found bottom left of the page).
9. Under Apps, select Browse.
10. Select IT Management.
11. Click on the CentraStage app.
12. Select Install App.
13. Complete the details accordingly from the AEM Settings area.
14. Click Install.
15. Log out and back into AEM.
The Zendesk integration setup is now completed.
Associate an AEM device in Zendesk
1. Click on Views.
2. Select Your unsolved tickets.
3. Open the required ticket by selecting the ticket title.
4. On the right, select Apps if it's not already available .
5. Insert a device name into the Add a Device (it must be the same device name as in AEM).
6. Select the (+) icon to move the device into the Associated devices section.
7. Choose the relevant option under Submit as.
The ticket will now be saved and the AEM device is now associated in Zendesk.
Create a ticket in AEM for Zendesk
1. Make note of your Zendesk email address (formatted like [email protected]).
2. Browse to a monitor in AEM.
3. Edit the policy by clicking on the pencil icon, then browse to the Response details section.
4. Check Email the following recipients.
5. Enter your Zendesk account email address under Additional recipients.
6. Click Save.
7. Click Next twice.
8. Select Save to save the monitor.
9. Click Push Changes to apply the changes.
AEM will now synchronize with Zendesk, and any alerts raised will generate a ticket in Zendesk.
Datto Backup Integration
Datto is a hybrid cloud backup and recovery service. A Datto device on a local network will perform a snapshot of targeted systems and then back them up to storage in the cloud.
AEM backup management enables AEM to integrate with Datto NAS and and view information and statistics
about the backed up devices via the AEM Manage tab.
Prerequisites
You will need at least one Datto device and its associated API key. The API key is available from Admin
> Integrations in the Datto cloud. If this page is not accessible, please contact Datto directly to obtain your
key.
How to...
Download the Datto Integration and enter the API key
To enable the integration, you must download the Datto Integration component from the ComStore and enter
the API key in the system settings.
1. Click the ComStore tab.
2. Search for and select Datto Integration and click Buy to add it to your account.
3. Navigate to Account > Integrations and scroll to the Datto section.
4. Enter your Datto API key and click Save.
5. Turn on the Datto integration by sliding the Enabled button to ON.
The Datto integration is now enabled in AEM.
Associate a Datto device with a profile in AEM
The next step is to associate a Datto device with a profile in AEM. The Datto device must be installed on the
local area network associated with the profile.
1. Select a profile and click Manage.
2. Click the Backup Management radio button.
3. Choose a Datto device from the drop-down list to link to this profile. This will allow you to see backup
statistics and feedback.
4. Click Save.
5. Click OK on the pop-up window.
6. You have now successfully associated your Datto device with a profile in AEM. Profiles associated
with a Datto device will display the Datto icon
in the Profiles list.
7. The Backup Management page will now display your Datto device details and the protection status of
your devices protected by the Datto device.
For information on what is displayed on the Backup Management page, refer to Backup Management.
Create a monitor for endpoints backed up by Datto
You can create a monitoring policy in AEM to alert you if any Datto backup incidents occur. Backup alerts will
be delivered at the device level via the AEM Agent.
You can create the policy at either system or profile level. Refer to Create a Monitoring Policy.
The monitor will alert upon receiving an error feedback from the Datto app on the endpoint.
To manage the backup incident, you will need to access the Datto management screen on the Datto
device.
To learn how to see information and statistics about your Datto protected devices in AEM, refer to
Backup Management.
Kaspersky Endpoint Security Integration
You must be an Account Admin in AEM or have the ability to manage policies at system and profile
level.
Account > Integrations > Kaspersky Endpoint Security
To continue giving a complete package for Endpoint Management to our clients, we have teamed up with one
of the world’s leading anti-virus solution providers: Kaspersky Lab.
The Autotask Endpoint Management (AEM) integration with Kaspersky and their Kaspersky Endpoint Security (KES) solution allows you to manage and administer your anti-virus solution from within the AEM Web
Portal with the following features:
l
l
l
Deploy KES version 10 for Windows and KES version 8 for Mac
Administer Kaspersky licensing from within the AEM Web Portal, allowing you to keep track of license
keys, numbers and passwords
Pro-active monitoring of your KES to alert you if:
o
KES is not installed
o
KES is not active (stopped or disabled)
o
KES agent requires a reboot
o
Active threats are found
o
Configuration file deployment has failed
o
There is no valid KES license
o
The definition database is not updated for a number of days that you define
l
Manually enable / disable KES via the AEM Web Portal
l
Report on the current status of KES throughout the estate
Prerequisites
To set up the integration between AEM and KES:
l
l
User must be an Account Admin in AEM or have the ability to manage policies at system and profile
level
User must have a valid KES license key or license key file
We recommend that you use the .key file supplied by Kaspersky when setting up the integration.
Supported Operating Systems and incompatible products
Supported Windows operating systems
Microsoft Windows 8.1 Update Pro x86 / х64
Microsoft Windows 8.1 Update Enterprise x86 / х64
Microsoft Windows 8.1 Pro x86 / х64
Microsoft Windows 8.1 Enterprise x86 / х64
Microsoft Windows 8 Pro x86 / х64
Microsoft Windows 8 Enterprise x86 / х64
Microsoft Windows 7 Professional x86 / х64 SP1
Microsoft Windows 7 Enterprise / Ultimate x86 / х64 SP1
Microsoft Windows 7 Professional x86 / х64
Microsoft Windows 7 Enterprise / Ultimate x86 / х64
Microsoft Windows Vista x86 / х64 SP2
Microsoft Windows XP Professional x86 SP3
Supported MAC operating systems
Mac OS X 10.10 (Yosemite)
Mac OS X 10.9 (Mavericks)
Mac OS X 10.8 (Mountain Lion)
Mac OS X 10.7 (Lion)
Mac OS X 10.6 (Snow Leopard)
Mac OS X 10.5 (Leopard)
Mac OS X 10.4 (Tiger)
Mac OS X Server 10.6 (32/64-bit)
Mac OS X Server 10.7 (32/64-bit)
List of incompatible products
The following anti-virus products are incompatible with KES and can be removed when KES is installed, if the
corresponding install option is selected when creating the policy:
Acer LANScope Agent 2.2.25.84
Acer LANScope Agent 2.2.25.84 x64
Ad-Aware 9.6.0
Adaptive Security Analyzer 2.0
AEC TrustPort Antivirus 2.8.0.2237
AEC TrustPort Personal Firewall 4.0.0.1305
AhnLab V3 Internet Security 8.0
AhnLab V3 Internet Security 8.0 x64
AhnLab SpyZero 2007 and SmartUpdate
AhnLab V3 Internet Security 7.0 Platinum Enterprise
AhnLab V3 Internet Security 7.0 Platinum Enterprise x64
Aluria Security Center
Alyac Antivirus
Alyac Antivirus x64
ALYac 2.1
Avira AntiVir PersonalEdition Classic 7 - 8
Avira AntiVir Personal - Free Antivirus
360 Anti Virus
ArcaVir Antivir/Internet Security 09.03.3201.9
ArcaVir Antivir/Internet Security 09.03.3201.9 x64
Ashampoo AntiSpyware 2 v 2.05
Ashampoo AntiVirus
Ashampoo Anti-Malware 1.11
Ashampoo Firewall 1.20
Ashampoo FireWall PRO 1.14
AtGuard 3.2
Authentium Command Anti-Malware v 5.0.5
Authentium Safe Central 3.0.2.3236.3236
ALWIL Software Avast 4.0
ALWIL Software Avast 4.7
ALWIL Avast 5
avast! Free Antivirus / Pro Antivirus / Internet Security 7
avast! Free Antivirus / Pro Antivirus / Internet Security 8
avast! Free Antivirus / Internet Security 9
avast! Free Antivirus 6.0.1
Grisoft AVG 7.x
Grisoft AVG 6.x
Grisoft AVG 8.x
Grisoft AVG 8.5
Grisoft AVG 8.5 Free
Grisoft AVG 8.5 Free 64-bit
Grisoft AVG 8.5 64-bit
Grisoft AVG LinkScanner® 8.5
Grisoft AVG LinkScanner® 8.5 x64
Grisoft AVG 8.x x64
AVG 9.0
AVG 9.0 x64
AVG Free 9.0
AVG Free 9.0 x64
AVG 10.0.1136 Free Edition
AVG 2011
AVG 2011 x64
AVG 2012.0.1913 x64
AVG 2012.0.1913 x86
AVG 2012 Free 2012.0.1901 x64
AVG 2012 Free 2012.0.1901
AVG 2012 x64
AVG 2012 x86
AVG 2014 x64
AVG 2014 x86
AVG AntiVirus/Internet Security 2011
AVG Anti-Virus Business Edition x64
AVG Anti-Virus Business Edition 2012
AVG Anti-Virus 2013 13.0.2793 x64
AVG Anti-Virus 2013 13.0.2793 x86
AVG Anti-Virus FREE 2013 13.0.0.2654 x64
AVG Anti-Virus FREE 2013 13.0.0.2654 x86
AVG Identity Protection 8.5
AVG Internet Security Business Edition 3491 x64
AVG Internet Security Business Edition 3491 x86
Avira Premium Security Suite 2006
Avira WebProtector 2.02
Avira Free Antivirus 13.0.0.2693 / Avira Antivirus Premium 13.0.0.2693
Avira AntiVir Personal - Free Antivirus 10.0.0.567
Avira Free Antivirus 12.0.0.207
Avira AntiVir Professional 10.2.0.700
Avira AntiVir Personal - Free Antivirus 12.0.0.254 / Avira Professional Security 12.0.0.254
Avira AntiVir Personal - Free Antivirus 8.0 - 10.0 \ Avira Professional Security 12
Avira Antivirus Premium 2012 - 2013
Avira AntiVir Premium 10.2.0.148
Avira Internet Security 2012 - 2013
Avira AntiVir Professional 10
Avira AntiVir Professional / Professional Security 10.2
Avira AntiVir Server 10.0.0.1824
Avira AntiVir Server / Desktop / Professional Security 12.0.0.1236
Avira AntiVir PersonalEdition Premium 7.06
Avira Endpoint Security 2.6
Avira Free Antivirus / Antivirus Suite / Family Protection Suite / Internet Security Suite / Professional Security
14.0.3.350
Avira Professional Security 12.1.9.1577
Avira AntiVir Premium
Avira Premium Security Suite
Avira Premium Security Suite x64
Avira Professional Security 12.1.9.1580
Avira Professional Security 12.0.0.101 Turkish
Avira Professional Security 12.0.0.131 Brazil
Avira Professional Security 12.0.0.1506 German
Avira Professional Security 12.0.0.163 French
Avira Professional Security 12.0.0.186 Italian
Avira Professional Security 12.0.0.208 Spanish
Avira Professional Security 12.0.0.97 Dutch
Avira Professional Security / Avira Free Antivirus 14.0.2.286
Avira Professional Security / Avira Free Antivirus 14.0.5.464
Avira Server Security (generic)
Avira Management Console Agent \ Avira Professional Security Management agent (x64)
Avira Management Console Agent \ Avira Professional Security Management agent (x86)
AntiVir Windows Workstation 7.06.00.507
Kaspersky AntiViral Toolkit Pro
Kaspersky AntiViral Toolkit Pro (Silent uninstall)
Kaspersky Anti-Virus driver AVPG
Kaspersky Anti-Virus driver AVPG (9x)
Virus Removal Tool Driver
Virus Removal Tool Driver x64
BitDefender Antivirus 2008
BitDefender Free Edition
BitDefender Antivirus Plus 10.247
BitDefender Client Professional Plus 8.0.2
BitDefender Antivirus Plus 10
BitDefender Standard Edition 7.2 (Fr)
Bit Defender Professional Edition 7.2 (Fr)
BitDefender 8 Professional Plus
BitDefender 8 Professional (Fr)
BitDefender 8 Standard
BitDefender 8 Standard (Fr)
BitDefender 9 Professional Plus
BitDefender 9 Standard
BitDefender Business Client 11
BitDefender Business Client 11.0.20
BitDefender Business Client 11.0.22
BitDefender Business Client 3.5.1.0/3.5.2.153
BitDefender for FileServers 2.1.11
BitDefender Free Edition 2009 12.0.12.0
BitDefender Management Agent 3
BitDefender Management Agent 3.1.8
BitDefender Security for Windows Servers 3.5.17
BitDefender 2011 14.0.29 x64
BitDefender 2011 14.0.29 x86
Bitdefender 2012 15.0.36
BitDefender Antivirus Pro 2011
BitDefender Antivirus Plus 2013
BitDefender Antivirus Plus 2013 v.17.13
BitDefender Antivirus Plus 2013 v.17.13 x64
BitDefender Antivirus Plus 2013 x64
BitDefender Endpoint Security 4.1.27 x64
BitDefender Endpoint Security 4.1.27 x86
BitDefender Total Security 2008 11.0.14
BitDefender Internet Security 2009
BitDefender Internet Security 2011 14.0.28 x64
BitDefender Internet Security 2011 14.0.28 x86
Bitdefender Internet Security 2013 v.17.13
Bitdefender Internet Security 2013 v.17.13 x64
BitDefender Internet Security 2013 v. 16.16.0.1348
BitDefender Internet Security 2013 v. 16.16.0.1348 x64
Bitdefender Total Security 2013 v.17.13
Bitdefender Total Security 2013 v.17.13 x64
BitDefender Total Security 2013 v. 16.16.0.1348
BitDefender Total Security 2013 v. 16.16.0.1348 x64
BitDefender Internet Security
BitDefender Antivirus 2009 12.0.10
BitDefender 2009 12.0.11.5
BitDefender DeploymentTool Agent 3.5.2.242
BitDefender Internet Security 2009 12.0.8
BitDefender 2009 Internet Security 12.0.11.5
BitDefender Internet Security v10.108
BitDefender Total Security 2008
BitDefender 2009 Total Security 12.0.11.5
BitDefender 2010 Total Security 13.0.21
BullGuard
BullGuard AntiVirus
BullGuard AntiVirus x64
CA Anti-Virus Plus 7
CA AntiVirus 2008
CA Anti-Virus r8.1 / CA eTrustITM Agent r8.1
CA Anti-Virus r8.1 / CA eTrustITM Agent r8.1 x64
CA eTrust AntiVirus 7
CA eTrust AntiVirus 7.1.0192
eTrust AntiVirus 7.1.194
CA eTrust AntiVirus 7.1
CA eTrustITM 8.1
CA eTrustITM 8.1.637
CA eTrustITM 8.1.637 for Windows 2003
CA eTrustITM 8.1.637 for Windows 2003 (x64)
CA eTrustITM 8.1.00
CA eTrustITM Agent 8.0.403
CA eTrust ITM 8.1 and iGateWay 4.2.0.2
CA eTrust Pestpatrol 5.0
CA HIPS Managed Client 1.0
CA eTrust Suite Personal 2008
CA Licensing 1.57.1
CA Personal Firewall 9.1.0.26
CA Personal Firewall 2008
CA Total Defense R12 Client
CA Total Defense R12 Client x64
CA Total Defense R12 Client 12.0.831
CA Total Defense R12 Client 12.0.831 x64
CA Total Defense for Business v14
CA Total Defense for Business v14 x64
CA eTrust Antivirus 7.1.0194
CA eTrust InoculateIT 6.0
CA PC Security Suite 6.0 \ Private PC Security Suite 6.0
CA PC Security Suite 6.0.00
CheckPoint VPN client 75.10
Check Point VPN 75.20.0000 new
CheckPoint VPN client R75
Cipafilter Client Tools 0.952
Cisco Security Agent 6
ClamAV 1.0.26 / gredAV
ClamWin Antivirus
ClamWin Antivirus x64
ClamWin Free Antivirus
ClamWin Free Antivirus x64
Authentium Command AV 4.90.x / 4.92.x
Authentium Command AV 4.94.9
Command AntiVirus for Windows 4.94.5
Command AntiVirus for Windows Enterprise 4.94.5
Command AntiVirus for Windows 4
Command AntiVirus for Windows Enterprise 4.95.2
Command Anti-Malware for Enterprise 5.1.12
Comodo AntiSpam 2.6.0.0
Comodo AntiSpam 2.6.0.0 x64
COMODO AntiVirus 1.1
Comodo BOClean 4.25
COMODO Firewall Pro 1.0 - 3.x
Comodo Safe Surf 1.0.0.7
Comodo Safe Surf 1.0.0.7 x64
Comodo Internet Security / Comodo Antivirus / Comodo Firewall 6.0
Comodo Internet Security / Comodo Antivirus 6.1
Comodo AntiSpam 2.7.0.11
Comodo Internet Security 3
Comodo Internet Security 4.0.4167.742/4.0.10770.828
Comodo Internet Security 5.0
Comodo Internet Security 5.9
Password Manager XP 3
CyberDefender Early Detection Center 5
CyberDefender Link Patrol 6
DrVirus 3.0
DrWeb for Windows 4.30
DrWeb Antivirus for Windows 4.30
Dr.Web AntiVirus 4.33
Dr.Web AntiVirus / Security Space 5
Dr.Web AntiVirus 5.0.0
Dr.Web Security Space Pro 6.0 x86
Dr.Web Anti-Virus for Windows Pro 6.0
Dr.Web Security Space 6.0 (x86) 6.00.0.04080
Dr.Web Security Space 6.0 (x64) 6.00.0.04080
Dr.Web Security Space Pro 6.0 x64 build 4080
Dr.Web anti-virus for Windows Pro 6.0 x64
Dr.Web anti-virus for Windows 6.0 (x86) 6.00.0.04080
Dr.Web anti-virus for Windows 6.0 (x64) 6.00.0.04080
Dr.Web Enterprise Server 6.00
Dr.Web Enterprise Server 6.00 (x64)
Dr.Web anti-virus for Windows 7.0.1.03050
Dr.Web CommuniGate Plugin 4.33
Dr.Web AntiVirus for Windows Servers 4.33
Dr.Web Anti-virus for Windows 8.0.2.2040 x64
Dr.Web Enterprise Server 6.00.11200 x64
Dr.Web Enterprise Server 6.00.11300
Dr.Web anti-virus for Windows servers 6.00.2.03050 (x86)
Dr.Web Enterprise Agent
DrWeb Enterprise Client ver 5,6
DrWeb Enterprise Client ver 5,6 x64
Dr.Web Enterprise Server (x64). 6.01.09160
Dr.Web Security Space Pro 6.0 7.0.1.06050
Dr.Web Security Space 8.0.2.2040 x64
EarthLink Protection Center
PeoplePC Internet Security 1.5
PeoplePC Internet Security Pack / EarthLink Protection Center
EarthLink Protection Control Center
eScan Corporate 2.0.016.1
Emsisoft Anti-Malware 5.1
eScan Anti-Virus Edition 10.0.962.356 DB
eScan Anti-Virus for SMB 10.0.962.356 DB
eScan Corporate 10.0.962.356 DB
eScan Corporate for Windows 11.0.1139.998
eScan Anti-Virus (AV) for Windows 9.0
eScan Internet Security Suite 9.0 for Windows
eScan IIS for SMB 10.0.997.491 DB
eScan Virus Control (VC) Edition for Windows
ESET NOD32 Antivirus 4.0.314.0
ESET NOD32 Antivirus 4.0.314.0 x64
ESET Smart Security 4.0.314.0
ESET Smart Security 4.0.424.0 x64 Spanish
ESET Smart Security 4.0.314.0 x64
ESET NOD32 file on-access scanner
ESET NOD32 file on-access scanner (windows 7)
ESET Smart Security 3.0
ESET NOD32 Antivirus 3.0.669 EN
ESET NOD32 Antivirus 3.0.669 Turkey
ESET NOD32 Antivirus 3.0.684
ESET NOD32 Antivirus 3.0.684 x64
ESET NOD32 3.x & 4.x & 5.x generic script
ESET NOD32 3.x & 4.x & 5.x generic script (x64)
ESET Smart Security 4.0.417 x64
ESET NOD32 4.0.467,4.0.627
ESET NOD32 Antivirus 4.0.467 Rus
ESET NOD32 4.0.468 EN
ESET NOD32 Antivirus 4.0.474 Spanish
ESET NOD32 Antivirus 4.0.474 PL
ESET NOD32 4.2.71.2 fr
ESET NOD32 4.2.71.2 fr x64
ESET Antivirus 3.650 x64
ESET Antivirus 3.650 x64 German
ESET Antivirus 3.650 x64 Rus
ESET NOD32 Antivirus 3.0.684.0 RUS
ESET Antivirus 3.0.672.0 Spanish
ESET Endpoint Antivirus 5.0.2122.10
ESET Endpoint Antivirus 5.0.2126.3 x64 turkish
Eset Endpoint Antivirus 5.0.2126.0 x64
Eset Endpoint Antivirus 5.0.2126.11 Czech x64
Eset Endpoint Antivirus 5.0.2126.3 x64 IT
Eset Endpoint Antivirus 5.0.2126.0 x86
Eset Endpoint Antivirus 5.0.2126.11 Czech x86
Eset Endpoint Antivirus 5.0.2126.3 x86 IT
Eset Endpoint Antivirus 5.0.2225.1 x64 Turkish
Eset Endpoint Antivirus 5.0.2225.1 x86 Russian
Eset Endpoint Antivirus 5.0.2225.1 x86 Turkish
ESET Endpoint Antivirus 5.0.2228.1 Russian x86
Eset Endpoint Security 5.0.2214.7 x64 russian
Eset Endpoint Security 5.0.2122.14 x86 russian
ESET NOD32 Antivirus 4.0.314 Russian
ESET NOD32 Antivirus 4.0.314 x64 Spanish
ESET NOD32 Antivirus 4.0.424.0 RUS
ESET NOD32 Antivirus 3.0.672.0 RU
ESET NOD32 Antivirus 3.0.644.0 Traditional Chinese
ESET NOD32 Antivirus 3.0.669.0 French
ESET NOD32 Antivirus 3.0.672.0 FRA
ESET NOD32 Antivirus 4.2.67.10 Traditional Chinese (x64)
ESET NOD32 Antivirus 4.2.76.1 Ru
ESET NOD32 Antivirus 4.2.76.1 Rus
ESET NOD32 Antivirus 4.2.76.1 Czech x64
ESET NOD32 Antivirus 4.2.76.1 Czech x86
ESET NOD32 Antivirus 4.0.424.0 Spanish
ESET NOD32 Antivirus 4.0.424.0 x64 Spanish
Eset NOD32 Antivirus 5.2.9.12 x64 german
Eset NOD32 Antivirus 5.2.9.12 x64 spanish
Eset NOD32 Antivirus 5.2.9.12 x64 french
Eset NOD32 Antivirus 5.2.9.12 x86 spanish
Eset NOD32 Antivirus 5.2.9.12 x86 french
Eset NOD32 Antivirus 5.2.9.12 x86 IT
Eset NOD32 Antivirus 5.2.9.1 x64
Eset NOD32 Antivirus 5.2.9.1 x86
Eset NOD32 Antivirus 6.0.306.2 x64 russian
ESET NOD32 Antivirus Business Edition 3.0.650.0 Spanish
ESET NOD32 Antivirus Business Edition 4.0.424.0
Eset NOD32 Antivirus 3.0.669.0 china
ESET Antivirus 3.0.642.0 eng
ESET Antivirus 3.642 German
ESET Antivirus 3.650
ESET Antivirus 3.650 Rus
ESET NOD32 Antivirus Brazilian 3.0.672
ESET Antivirus 3.0.672.0 English
ESET NOD32 Antivirus 4.2.40.10 Brazil
ESET NOD32 Antivirus 4.2.40.10 FRA x64
ESET NOD32 Antivirus 4.2.40.10 x64 Brazil
ESET NOD32 Antivirus 4.2.40.10 x64 Spanish
ESET NOD32 Antivirus 4.2.40.10 Business Edition x86
ESET NOD32 Antivirus 4.2.67.10 x32 English
ESET NOD32 Antivirus 4.2.67.10 x64 English
Eset Nod32 Antivirus Business Edition 4.2.71.2 / 4.2.76.0 x64
Eset Nod32 Antivirus Business Edition 4.2.71.2 / 4.2.76.0 x32
ESET Remote Administrator Console 2.0.29
ESET Remote Administrator Console 3.0.105
ESET Remote Administrator Server 3.0.105
ESET Smart Security x64
ESET Smart Security x64 Ger
ESET Smart Security x64 Rus
ESET Smart Security 3.0.645 Spanish
ESET Smart Security
ESET Smart Security German
ESET Smart Security Rus
ESET Smart Security 3.0.672 English
ESET Smart Security 3.0.672.0 Spanish
ESET Smart Security 3.0.695 x64 Spanish
ESET Smart Security 4.0.437.0 PL
ESET Smart Security 4.2.40
ESET Smart Security 4.2.71 x64 Spanish
Eset Smart Security 4.2.71.2 x64 german
ESET Smart Security 4.0.424.0 Fr
Eset Smart Security 5.0.95.0 x64 turkish
Eset Smart Security 5.0.95 x64 german
Eset Smart Security 5.0.95 x86 german
Eset Smart Security 5.2.15.0 x64
Eset Smart Security 5.2.15.1 x64 spanish
Eset Smart Security 5.2.15.1 x64 french
Eset Smart Security 5.2.15.1 x64 russian
eTrust EZ Antivirus 6.1
eTrust EZ Firewall 6.1.7.0
CA eTrust Anti-Virus 7.1.0194
eTrust Anti-Spam 2005
eTrust EZ Antivirus 2005-2008
eTrust Personal Firewall 5.5.114
CA eTrust PestPatrol Anti-Spyware Corporate Edition
CA eTrust PestPatrol Anti-Spyware
eEye Digital Security Blink 4
Trust EZ Firewall 5.1.039
Filseclab Personal Firewall
Microsoft Forefront Client Security Antimalware Service 1.5.1941
Microsoft Forefront Client Security Antimalware Service 1.5.1981.0
FortiClient 3
FortiClient Endpoint Security 4
FortiClient 4.0.4.0061
FortiClient 4.0.4.0061 x64
F-Prot for Windows 3.14
F-Prot Antivirus 6
F-PROT Antivirus for Windows 6
F-PROT Antivirus for Windows 6.0.7.1
F-Secure Anti-Virus 2006
F-Secure Anti-Virus/Internet Security 2008
F-Secure Anti-Virus/Internet Security 2009
F-Secure Anti-Virus 5-6
F-Secure Anti-Virus for Workstations - Virus & Spy Protection 2009
F-Secure Anti-Virus for Workstations 9.0
F-Secure Anti-Virus for Workstations 9.0 + DeepGuard
F-Secure Client Security 7.11
F-Secure Anti-Virus / STREAM Antivirus 9.20 / F-Secure Antivirus for workstation 9.01
F-Secure Anti-Virus for Windows Servers 7.01
F-Secure Anti-Virus for Windows Servers 7.20
F-Secure Anti-Virus for Windows Servers 8.00 build 123
F-Secure antivirus for workstation 9.10
F-Secure antivirus for workstation 9.20
F-Secure Client Security - Virus & Spy Protection
F-Secure Client Security 9.00/2010/2011
F-Secure Internet Security 2012
F-PROT Antivirus 6.0.9.1
F-PROT Antivirus 6.0.9.1 x64
G DATA AntiVirus 19.0.0.53
G DATA AntiVirus 2010
G DATA AntiVirus Client
G DATA InternetSecurity 2008
G DATA AntiVirusKit 2005
G DATA Software AntiVirenKit 2006
G DATA AntiVirus Kit 2007
G DATA Internet Security 19.0.0.53
G DATA Total Care 19.0.0.53
G DATA TotalCare 2010
G DATA AntiVirus 1
G Data AntiVirus 2011
G DATA AntiVirus 2012
G DATA Total Protection 2013 x64
G DATA Total Protection 2013
VIPRE Antivirus
VIPRE Internet Security
G Data AntiVirus 2013 x64
G Data AntiVirus 2013
G Data Internet Security 2013 x64
G Data Internet Security 2013
HitmanPro.Alert 2.6.5.77 x64
HitmanPro.Alert 2.6.5.77 x86
Ikarus virus utilities 1.0.97
Zone Labs IMsecure 1.5.0.39
Integrity Flex 5
Iolo Antivirus 4.94.6
Iolo Personal Firewall 1.5.2
IObit Security 360
IObit Malware Fighter
Infowatch Crypto Storage
InfoWatch CryptoStorage (2.0.70)
InfoWatch CryptoStorage (2.1.36)
Infowatch Crypto Storage x64
Infowatch Crypto Storage x64 EN
Infowatch Crypto Storage EN
Jiangmin Antivirus KV2008
JiangMin Antivirus Software
JUST Internet Security x64
Just Internet Security
K7AntiVirus 7.0
K7TotalSecurity 9.5
K7TotalSecurity 10
K7 Anti-Virus Premium 12.0
Kaspersky Anti-Hacker 1.0-1.5
Kaspersky Anti-Hacker 1.0-1.5 (Silent uninstall)
Kaspersky Anti-Hacker 1.7-1.9
Kaspersky Anti-Hacker 1.7-1.9 (Silent uninstall)
KAVKIS 2009 (8.0)
Kaspersky Anti-Virus 4.x
Kaspersky Anti-Virus 4.x (Silent uninstall)
Kaspersky Anti-Virus Lite 4.5
Kaspersky Anti-Virus Lite 4.5 (Silent uninstall)
Kaspersky Anti-Virus Personal 5.0
Kaspersky Anti-Virus Personal Pro 5.0 (5.0.16 - 5.0.20)
Kaspersky Anti-Virus Personal Pro 5.0 (5.0.372 - 5.0.712)
Kaspersky Anti-Virus Personal Pro 5.0 (5.0.372 - 5.0.712) (Silent uninstall)
Kaspersky Anti-Virus Personal Pro 5.0 (5.0.16 - 5.0.20) (Silent uninstall)
Kaspersky Anti-Virus Personal 5.0 (Silent uninstall)
Kaspersky Anti-Virus for Windows Workstation 5.0 (5.0.145 - 5.0.225)
Kaspersky Anti-Virus for Windows Workstation 5.0 (5.0.145 - 5.0.225) (Silent uninstall)
Kaspersky Anti-Spam Personal 1.0
Kaspersky Anti-Spam Personal 1.1-1.2
Kaspersky Anti-Spam Personal 1.1-1.2 (Silent uninstall)
Kaspersky Anti-Spam Personal 1.0 (Silent uninstall)
Kaspersky Anti-Virus 5.0 for Windows File Servers
Kaspersky Anti-Virus 5.0 for Windows File Servers (Silent uninstall)
Kerio Personal Firewall 4.1.2
Kerio WinRoute Firewall 6.0
Kerio WinRoute Firewall 6.3
Kerio Personal Firewall 6.5.2 x64
Kerio Personal Firewall 6.7.6 x64
Sunbelt Kerio Personal Firewall 4.3
Kingsoft Internet Security 2006 +
Kingsoft Internet Security 2007
Kingsoft Internet Security 9
Kingsoft AntiSpyware 2006 +
Kingsoft AntiVirus
Kingsoft Internet Security
Kingsoft Internet Security 9 plus
Kingsoft Internet Security U SP1
KingsoftSecurityCare-ksaduba
Kingsoft System Defender 2.8.1.136
Kaspersky Anti-Virus driver KL1
Kaspersky Anti-Virus driver KLFLT
KLFLTDEV Upper Filter
Kaspersky Anti-Virus driver KLICK
Kaspersky Anti-Virus driver KLICK (9x)
Kaspersky Anti-Virus driver KLIF
Kaspersky Anti-Virus driver KLIF detected by registry
Kaspersky Anti-Virus driver KLIN
Kaspersky Anti-Virus driver KLIN (9x)
Kaspersky Anti-Virus driver KLMC
Kaspersky Anti-Virus driver KLMC (9x)
Kaspersky Anti-Virus driver KLOP
Kaspersky Anti-Virus driver KLOP (9x)
Kaspersky Anti-Virus driver KLPF
Kaspersky Anti-Virus driver KLPF (9x)
Kaspersky Anti-Virus driver KLPID
Kaspersky Anti-Virus driver KLPID (9x)
Kaspersky Crypto Storage EN
Kaspersky Crypto Storage RU
Kaspersky Crypto Storage x64 EN
Kaspersky Crypto Storage x64 RU
Kaspersky Password Manager
Lamantine Sticky Password
LANDesk Antivirus 8
Lavasoft Personal Firewall x32
Lavasoft Personal Firewall x64
Lavasoft Personal Firewall 1.0
Lightspeed Systems Security Agent 6.0
Lightspeed Systems Security Agent 6.2.0
Lightspeed Security Agent 7
Lightspeed Security Agent 7.01.02
Lightspeed Security Agent (x64) 8.00.01
Lightspeed Security Agent 8.02.01 x64
Loaris Trojan Remover 1.2
Look'n'stop Firewall sp3
Look'n'stop Firewall sp3 x64
Look 'n' Stop Firewall 2.06
AdAware 7-8
Lavasoft Anti-Virus Helix
America Online Antivirus (Powered by McAfee)
McAfee Anti-Spyware Enterprise Module
McAfee AntiSpyware Enterprise 8.5
McAfee Desktop Firewall 8.0 / 8.5
McAfee Firewall 4
McAfee Firewall Protection Service 5.2.0.603
McAfee Personal Firewall Plus 7
McAfee Firewall Protection Service 8.2.120
McAfee SiteAdvisor 2.x
McAfee Virus and Spyware Protection Service
McAfee Virus and Spyware Protection Service 5.2.2.121
McAfee Virus and Spyware Protection Service 5.2.2.104
McAfee SpamKiller
McAfee VirusScan 7.0
McAfee VirusScan Online
McAfee VirusScan
McAfee VirusScan Home Edition
McAfee VirusScan Professional Bonus Pack
McAfee VirusScan 4.5.1
McAfee VirusScan Enterprise 7.0
McAfee VirusScan Enterprise 7.0 German
McAfee VirusScan Enterprise 7.1 French
McAfee VirusScan Enterprise 8.0 italian
McAfee VirusScan Enterprise 8.0 Spanish
McAfee VirusScan Enterprise 8.5.0i
McAfee VirusScan 4.5.1 Simplified Chinese
McAfee VirusScan 4.5.1 Traditional Chinese
McAfee VirusScan 4.5.1 Dutch
McAfee VirusScan 4.5.1 French
McAfee VirusScan 4.5.1 German
McAfee VirusScan 4.5.1 Italian
McAfee VirusScan 4.5.1 Korean
McAfee VirusScan 4.5.1 Polish
McAfee VirusScan 4.5.1 Portuguese
McAfee VirusScan 4.5.1 Spanish
McAfee VirusScan 4.5.1 Swedish
McAfee VirusScan Enterprise 8.0i French
McAfee Virus Scan Enterprise 8.0.0 Patch 10
McAfee Agent 4.0
McAfee Agent 4.0.0.1496
McAfee Agent (generic)
McAfee Alert Manager 4.7.1
McAfee Antivirus Software
McAfee Host Intrusion Prevention 7.00.0700
McAfee Host Intrusion Prevention 8.00.0202 x64
McAfee Host Intrusion Prevention 8.00.0202 x86
McAfee VirusScan Core
McAfee Anti-Virus File System Filter Driver
McAfee Security Center 10.0.587
McAfee Site Advisor 3.0.163
McAfee SiteAdvisor
McAfee SiteAdvisor Enterprise Plus 3.0.0.476
McAfee McAfee Security Scan Plus 3.0.250.5
McAfee Total Protection 10.5.178
McAfee Total Protection 11.0.623 build 12.0.129.0
McAfee Total Protection Service 4.9.2.358
McAfee VirusScan Enterprise 7.1.0
McAfee VirusScan Enterprise 8.7.0i
Microsoft Forefront Client Security Antimalware Service 1.5
Microsoft Forefront Client Security State Assessment Service 1.0
Microsoft Forefront Server Security 10.0
Microsoft Security Client 2.1.1116.0
Microsoft Security Essentials (all versions)
MS Security Essentials / Forefront EP 2-4 / MS System Center EP
MS Security Essentials / Forefront EP 2-4 x64 / MS System Center EP x64
Microsoft Security Essentials Prerelease 4.2.223
Microsoft Security Essentials 4.3.216 x64
Microsoft Security Essentials x64 (all versions)
Microsoft AntiSpyware
NANO AntiVirus
Symantec Norton AntiVirus 2008
Norton AntiVirus Corporate Edition 7.6.0.0000
NAVER Anti-virus 1.0.0.24
Symantec Norton AntiVirus 2004 Professional
Symantec Norton AntiVirus 2005
Norton AntiVirus 2007
Nifty Security24
Norton Internet Security Professional 2004
Symantec Norton Internet Security 2005/2006 (8.0.0.64)
Norton Internet Security 2005
Symantec Norton Internet Security 2007
Norton Internet Security 2008
Norton Internet Security / Norton Antivirus 2009-2013 / Norton 360 v.20.1.0.24
Norton Internet Security 8.0.0.64
Eset NOD32 for Windows 2.xx
Eset NOD32 for Windows 2.x
ESET NOD32 Antivirus rus 3.0.669.0
Norman Virus Control 5.8
Norman Virus Control 5.9
Norman Endpoint Protection Stand Alone 8.10.0300 x86
Norman Endpoint Protection 8.10.0300 x64
Norman Personal Firewall 1.42
Norman Security Suite 7.10.1
Norman Security Suite 8.0
Norman Security Suite 9.00.0100
Norman Endpoint Protection 9.0 x32
Norman Endpoint Protection 9.0 x64
Norman Endpoint Protection 7.20
Norman Virus Control 2008 5.99
Nortel Networks Contivity VPN Client 5.01
Nortel Networks Contivity VPN Client 4.86
Norton AntiVirus 2002 Professional Edition
Norton AntiVirus 2003 Professional Edition
Symantec Norton 360 ver. 1.0.0.184
Norton AntiVirus 5.02 for Windows NT Workstation
Norton AntiVirus Corporate Edition 7.0
Symantec AntiVirus 10.2.0.276
Symantec AntiVirus 10.1.6.6000 for x64
Symantec AntiVirus 10.1.5000.5 for x64
Symantec AntiVirus 10.0.1000
Symantec Norton 360 v5.0.0.125
Symantec Norton 360 v6.0.0.54 Beta
Norton 360 6.0.0.145 x64
Norton 360 6.0.0.145
Norton 360 6.0.1.2 x64
Norton 360 6.0.1.2
Norton AntiVirus Corporate Edition 7.5
Symantec AntiVirus Corporate Edition 8
Symantec AntiVirus Corporate Edition 9.0.0
Norton Confidential 1.0.0
Norton Confidential 1.5.1.8
nProtect Antivirus/Antispyware 2007
nProtect Personal 5
Online Armor 4.0
Orange AntiVirus Firewall
Orange Launch pad 1.62.366.0
Orbit Downloader
Agnitum Outpost Firewall 1.0
Agnitum Outpost Firewall 1.0 SDK
Agnitum Outpost Firewall Pro 2.1
Agnitum Outpost Firewall 2.5
Agnitum Outpost Firewall 2.x
Agnitum Outpost Firewall Pro 6.0
Agnitum Outpost Firewall Pro 6.0 x64
Agnitum Outpost Network Security Client 3.5
Agnitum Outpost Antivirus Pro 6
Agnitum Outpost Antivirus Pro 6 x64
Agnitum Outpost Security Suite Pro 6.0
Agnitum Outpost Security Suite Pro 6.0 x64
Panda AntiVirus 2004
Panda Antivirus 2007/2008 3.01.00
Panda Platinum Internet Security
Panda AntiVirus 2006-2008
Panda Internet Security 2007-2008
Panda Security for File Servers 8
Panda WebAdmin AntiVirus
Panda AdminSecure 2007-2010
Panda Antivirus Pro 2009 - 2014
Panda Antivirus Pro 2009 - 2014 x64
Panda Antivirus
Panda Cloud Antivirus 2.0.1
Panda Client Shield 4.01.10 / Panda Security for Desktops 4.03.10.0000
Panda Endpoint Agent 6.20.00.0000
Panda Endpoint Protection 5.50.00.0000 x64
Panda Global Protection 2012 v5.01.00
Panda Global Protection 2009/2010
Panda Internet Security 2009 - 2014 / Panda IS 2012 for Netbooks
Panda Security for Desktops 4.50
Panda Security for Desktops 4.50.22
Panda Security for File Servers 8.50
PC Tools AntiVirus
PC Tools Firewall Plus 3.0 for Windows
PC Tools Firewall Plus 5.0
PC Tools Internet Security 2008
Spam Monitor 3.0
PC Tools Spyware Doctor 8.0 - 9.0 \ PC Tools Internet Security 8.0
PC-cillin AntiVirus 2002
PC-cillin AntiVirus 2003
PeoplePC Internet Security Pack
Prevx 3.0
PrivateFirewall 6-7
Quick Heal AnitVirus 2008
Quick Heal Total Security 2008
RAV AntiVirus
Rising AntiVirus
Rising Personal Firewall 20
Rising Internet Security
Authentium Safe Central 4.0.0.168
360 Safety Guard / 360 Antivirus / 360 Safe Defender
SafeGuard PrivateCrypto 2.31.1
SafeNet ProtectDrive 9.4.2
StarForce SafenSec
StarForce SafenSec Pro
Securitoo AntiVirus Firewall 7.x
SiWinAcc.sys Driver
Sophos AutoUpdate 2.x
Sophos Anti-Virus version 4.6.10
Sophos Antivirus 4.x
Sophos Antivirus 6.x/5.x
Sophos Anti-Virus 7.x
Sophos AutoUpdate 3.1.1.18
Sophos Compliance Agent 3.9.41.0 x64
Sophos Compliance Agent 3.9.41.0 x86
Sophos Endpoint Security and Control 9.X - 10.x \ Sophos Anti-Virus 10.0.10
Sophos Endpoint Security and Control / Sophos Anti-Virus 10.3.1
Sophos Endpoint Security and Control / Sophos Anti-Virus 10.3.x
Sophos Enterprise Console 3.0.0
Sophos Enterprise Console 4.5.0
Sophos Client Firewall 2.9.4
Sophos Management Server 5.1 x86
Sophos NAC Application Server 3.5.305.0
Sophos NAC Application Server 3.5.305.0 x64
Sophos Patch Agent 1.0.307.0 x64
Sophos Patch Agent 1.0.307.0 x86
Sophos Safeguard 5.50.0
Virus Security x64
Virus Security x86
Agnitum Spam Terrier
Agnitum Spam Terrier x64
Spybot - Search & Destroy 1.3 & 1.4
Spybot - Search & Destroy 1.6.2
Sygate Personal Firewall 5
AhnLab SpyZero 2006
Steganos Internet Anonym Pro 7
Sunbelt iHate Spam for Outlook 5.3.4347.0
Sunbelt Personal Firewall 4.5
Sunbelt personal Firewall 4.6.1861
Sunbelt VIPRE Antivirus and Antispyware 3.2.1881.2
Sunbelt VIPRE 3.0
VIPRE Antivirus 4.0.3248
VIPRE Antivirus 4.0.3907 / VIPRE GFI Business Agent 5.0
Sunbelt iHateSpam for Microsoft Outlook 5
Subelt iHate Spam 4.0.632
Subelt iHate Spam Outlook Edition
VIPRE Antivirus 4.0.3275
SUPERAntiSpyware Free Edition 4.26.0.1002
Sygate Personal Firewall 5.0
Sygate Personal Firewall 5.5
Symantec AntiVirus 10.2.1000.1 for 64-bit
Symantec AntiVirus 10.2.298.0 x64
Symantec AntiVirus 10.2.4000.4 x64
Symantec Client Firewall 8.7.4.79 & Symantec AntiVirus 10.1.4.4000
Symantec Antivirus 10.0.1000.1
Symantec Antivirus 10.1.7000.7 x64
Symantec Antivirus 10.1.7000.7 x86
Symantec AntiVirus 10.0.2000.2 german
Symantec Client Security 10.1.5000.5
Symantec.cloud - Cloud Agent
Symantec.cloud - Endpoint Protection - Server 12.1.1101.401
Symantec.cloud - Endpoint Protection x64
Symantec.cloud - Endpoint Protection x86
Symantec Endpoint Protection x64 11.0.4000.2295
Symantec Endpoint Protection 11.0.2000.1567
Symantec Endpoint Protection 11.0.4010
Symantec Endpoint Protection 11.0.5002.333 x64
Symantec Endpoint Protection 11.0.3
Symantec Endpoint Protection 11.0.3 x64
Symantec Endpoint Protection 12.0.122.192 Brazil
Symantec Endpoint Protection 12.0.122.192 x64 Brazil
Symantec Endpoint Protection 12.1.1000.157 Brazil
Symantec Endpoint Protection 12.1.1000.157 Brazil x64
Symantec Endpoint Protection 12.1.1000.157 RU / FR
Symantec Endpoint Protection 12.1.1000.157 x64 FR
Symantec Endpoint Protection 12.1.1000.157.105 x64 russian
Symantec Endpoint Protection 12.1.1000.157.105 x86 russian
Symantec Endpoint Protection 12.1.1000.157 x64 german
Symantec Endpoint Protection 12.1.1000.157 x64 IT
Symantec Endpoint Protection 12.1.1000.157 (x86) DE
Symantec Endpoint Protection 12.1.1000.157 x86 italy
Symantec Endpoint Protection 12.1.1101.401 x64 spanish
Symantec Endpoint Protection 12.1.1101.401 x86 spanish
Symantec Endpoint Protection 12.1.1101.401 Eng
Symantec Endpoint Protection 12.1.1101.401 Rus
Symantec Endpoint Protection 12.1.1101.401 x64 portugese
Symantec Endpoint Protection 12.1.1101.401 x64 chinese traditional
Symantec Endpoint Protection 12.1.1101.401 x64 chinese simplified
Symantec Endpoint Protection 12.1.1101.401 x64 Eng
Symantec Endpoint Protection 12.1.1101.401 x64 french
Symantec Endpoint Protection 12.1.1101.401 x64 italian
Symantec Endpoint Protection 12.1.1101.401 x64 Rus
Symantec Endpoint Protection 12.1.1101.401 x86 portugese
Symantec Endpoint Protection 12.1.1101.401 x86 chinese traditional
Symantec Endpoint Protection 12.1.1101.401 x86 chinese simplified
Symantec Endpoint Protection 12.1.1101.401 x86 french
Symantec Endpoint Protection 12.1.1101.401 x86 italian
Symantec Endpoint Protection 12.1.2015.2015 x64 russian
Symantec Endpoint Protection 12.1.2015.2015 x86 russian
Symantec Endpoint Protection 12.1.4013.4013 x64 ru
Symantec Endpoint Protection 12.1.4013.4013 (x86)
Symantec Endpoint Protection 12.1.4013.4013 x86 ru
Symantec Endpoint Protection 12.1.4112.4156 x64 English
Symantec Endpoint Protection 12.1.5337.5000 x64 english
Symantec Endpoint Protection 12.1.5337.5000 x86 english
Symantec Endpoint Protection 12.1.671.4971 Spanish
Symantec Endpoint Protection 12.1.671.4971 Spanish x64
Symantec Endpoint Protection 12.1.671.4971 x64 FR
Symantec Endpoint Protection 12.1.671.4971.105
Symantec Endpoint Protection 12.1.671.4971.105 x64
Symantec Endpoint Protection 12.1.671.4971 x64 chinese
Symantec Endpoint Protection 12.1.671.4971 x86 chinese
Symantec Endpoint Protection 12.1.671.4971 (x86) IT
Symantec Endpoint Protection 12.1.671.4971 FR
Symantec Endpoint Protection Manager 12.1.3001.165
Symantec Endpoint Protection Manager 12.1.4013.4013
Symantec Network Access Control v11.0.6100.645
Symantec Network Access Control v11.0.7200.1147
Symantec Network Access Control v12.1.1101.401 x64
Symantec Network Access Control v12.1.1101.401 x86
Symantec Protection Agent 5.1
Symantec Client Security 10.1.9000.9 x64
Symantec Client Security 9.0
Symantec Endpoint Protection 11.0.780.1008 and 11.0.1000.1375
Symantec Endpoint Protection 11.0.20 x64
Symantec LiveUpdate
Tiny Firewall Pro 6.0
Tiny Personal Firewall 6.5.92
Trend Micro Client/Server Security Agent 3.7.1055
Trend Micro OfficeScan Client 8 / 10
Client Trend SBSA 3.0 SP1
Trend Micro Security Server
Trend Micro Titanium Antivirus Plus x64
Trend Micro Titanium Antivirus Plus x86
Trend Micro Titanium Internet Security x64
Trend Micro Titanium Internet Security x86
Trend Micro Titanium Maximum Security x64
Trend Micro Titanium Maximum Security x86
Trend Micro Anti-Spyware 3.0/3.5
Trend Micro Anti-Spyware for SMB / Enterpise 3.x
Trend Micro PC-cillin Internet Security 2006 (14)
Trend Micro OfficeScan Client 5.0 - 10.0
Trend Micro OfficeScan Server 10.5.1083
Trend Micro ServerProtect 5.80
Trend Micro ServerProtect 5.80 x64
Trend Micro ServerProtect 5.58
Trend Micro Titanium 3.0 x86
Trend Micro Titanium Maximum Security 2012
Trend Micro Titanium Maximum Security 2012 v5.00
Trend Micro Titanium 3.0 x64
Trend Micro PC-cillin AntiSpam Pilot
Trend Micro Worry-Free Business Security Agent 7.0 x64
Trend Micro PC-cillin Internet Security 2008
Trend Micro Internet Security 2009 (Pro)
Trend Micro Internet Security 2009 (Pro) x64
Trend Micro Internet Security 2010
Trend Micro Internet Security 2010 x64
Trustport Antivirus 2013/Internet Security 2013/Total Protection 13.0.6.5088
Installer for User Profile Hive Cleanup Service 1.6.36
AhnLab V3 VirusBlock 2006
AhnLab V3 VirusBlock Internet Security 2007 7.0.0.274
AhnLab V3 VirusBlock Internet Security 2007 Platinum
V3 Lite
V3 Lite x64
VirusBlokAda AntiVirus 3.11
Virus Block ADA 32 3.12.10.1
Vexira Antivirus Professional 5.3
Vexira/VirusBuster Antivirus Professional 6.2
Vexira Antivirus Professional 7.3
Vexira Antivirus Professional 7.3 x64
Vexira Antivirus prof for x64 and all vista
Vexira Antivirus prof for x64
Vexira Antivirus CMS 7
Vexira Antivirus for Windows Servers 5.3
Vexira Antivirus for Windows Servers 7
Vexira Antivirus for Windows Servers 7 x64
TEGAM International ViGUARD
ViPNet Office Firewall
ViPNet Personal Firewall
VIPRE Antivirus 7.0.6.2
VIPRE Internet Security 7.0.6.2
VirusBuster Personal 5.2
VirusBuster Professional 5.2
ViRobot Desktop 5.5
ViRobot Desktop 5.5 ISMS
ViRobot Desktop 5.0
ViRobot ISMS Client 3.5
ViRobot Windows Server 3.5
Virus Security v9 - 10
Virus Buster Internet Security 6.0
VirusBuster for x32
VirusBuster for x64
Virus Chaser 5.0a
Virus Dr.(v10)
Rising Antivirus 2007/ Virus Killer
Virus Security ZERO
SOURCE NEXT Virus Security ZERO
Wave software driver
Webroot AntiSpyware Client 3.5
Webroot AntiSpyware Client 3.5.1.5088
Webroot AntiSpyware Client 3.5.1.5118
Webroot Desktop Firewall 5.8.0.25
Webroot Internet Security Essentials 6.0 / Webroot AntiVirus and AntiSpyware
Webroot SecureAnyehwere 8.0.1.20
Webroot Software 7.0
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Windows Live OneCare 2.0.2500.14
Kaspersky Anti-Virus for Windows Workstations 5.0 (5.0.527 - 5.0.712)
Kaspersky Anti-Virus for Windows Workstations 5.0 (5.0.527 - 5.0.712) (Silent uninstall)
ZoneAlarm Security Suite
ZoneAlarm Firewall
ZoneAlarm Anti-Virus
ZoneAlarm with Antivirus
ZoneAlarm Firewall Pro
ZoneAlarm Anti-spyware
ZoneAlarm Wireless Security
Zillya! Antivirus 1.1.2343.0
Zillya! Internet Security 1.1
Zondex Guard 5.4.2
ZoneAlarm Firewall 10.1.079.000
ZoneAlarm Free Antivirus + Firewall 10.2.064.000
How to...
Download the Kaspersky extension
1. Log into your AEM account and click on the ComStore tab.
2. Search for the Kaspersky Endpoint Security extension.
Do not confuse this with the component called “Kaspersky 2011 Internet Security monitor”.
3. Open it and click Buy to download it.
As soon as you download KES for your account, a new section will be added to your Account Settings
and Profile Settings. Refer to "Windows Security Centre Audit" on page 76 and Kaspersky Endpoint
Security. At the same time, the anti-virus summary will slightly change at both Profile and System
level. Refer to Profile Summary and System Dashboard.
Add the license key
1. Navigate to Account > Integrations.
You will now have a new section in the Integrations page called Kaspersky Endpoint Security.
2. Click Add License. The Add new License Key window will open.
Complete the following fields:
Field
Description
Name
Enter a name for the license key.
Description
Enter a description.
Field
Description
Security Type
Use the radio button to select how you will enter the key.
• Select Upload Key File to upload the key file provided by Kaspersky.
• Select Key to manually enter the key in the field below.
To minimize potential errors, we recommend that you upload the .key file
supplied by Kaspersky.
Key
If you selected Key, use this field to copy in the key.
Expiry Date
Enter the expiration date of your key.
Number of Endpoints
Enter the number of endpoints.
AEM does not currently get expiry and endpoint information from Kaspersky. Please provide
accurate information, or the integration will stop working without warning.
3. Click Add.
Your license information will appear on the Integrations page. You can add as many licenses as you
have available by repeating steps 1-2.
Add Agent configuration files
In this step, you will provide the information from the local Kaspersky agent configuration (scan settings,
whitelisting, exclusions, etc.) to AEM. You can either add your own configuration file or use the Default Mac
Configuration File and Default Windows Configuration File.
If you choose to use any of the default configuration files, you still need to download a copy and
upload it to your account using the Add new configuration file button.
1. To start with any of the default configuration files, click the green Download arrow on the right to save
it to your computer. Then click Add new configuration file.
To use your own configuration file, click Add new configuration file.
2. Complete the following fields:
Field
Description
Operating
System
Select the operating system of the endpoint device the Kaspersky agent will be monitoring.
Name
Enter a name for the configuration file
Description
Enter a description for the configuration file.
Field
Description
Configuration
File Password
Ensure that the password you input here is the same as the password in the configuration
file. The password entered in the AEM Web Portal is used to make the connection to KES.
If this password does not match the one in KES, the connection will not be possible.
Please note:
a. To apply a configuration file to KES, it must be password protected (on
installation, KES will have set up a default password).
b. The password from the configuration file must match the password you
enter above. The password from the configuration file is encrypted, thus
AEM cannot check if the one you enter in the Web Portal matches the actual
password from the configuration file. The Account Admin has to ensure that
these are identical.
c. If the password from the configuration file, does not match the one you
enter in the Web Portal, the configuration file will be applied, however, all
next actions with Kaspersky will not be possible (Configuration file application, Uninstall of KES, Apply license to KES).
Configuration
File
To upload either your own configuration file or any of the default configuration files downloaded in step 1, click the green Upload arrow.
3. Once you have filled in all the fields and uploaded your configuration file, click Save.
4. You can add as many configuration files as you wish.
5. To edit the uploaded configuration files, click the pencil icon. Make the changes in the Edit Configuration File window and click Save.
You have now successfully completed the setup of the Kaspersky Endpoint Security Integration. Follow the
steps below to deploy the Kaspersky agent to your endpoints, and enable the monitoring of the Kaspersky
Endpoint Security solution.
Deploy the KES agent and enable Pro-Active Monitoring
Now that you have set up the integration with your license files(s) and configuration file(s), you can use the
power of AEM to push out the Kaspersky Endpoint Security agent (version 10 for Windows and version 8 for
Mac). Set up a Security Management Policy to push out KES to your devices and to raise alerts and tickets
as per the criteria you set in the monitor details. You can create the policy at either system or profile level. For
further information, refer to Create a Security Management Policy.
Uninstall KES from devices
To be able to uninstall KES from your endpoints, you must ensure the Kaspersky Endpoint Security extension
is enabled and set up for your account and your endpoints are targeted with the Security Management Policy.
To uninstall KES from these devices:
1. Login to your AEM account and navigate to the system or profile policy which targets the devices you
want to uninstall KES from.
2. Remove the required devices from the list of target devices.
3. Click Save and click Push changes.
If Allow Force Reboot is checked, the device will automatically reboot after the KES uninstall is completed.
To learn how to see information and statistics about your devices with the KES agent installed, refer
to Backup Management.
Status indicators
The status of your endpoints is transmitted to the Web Portal at the device level and on the Profile Summary
page.
The following indicators will appear.
Icon
Description
No issues found
Active threats are found
KES is not up to date
Note: After the first installation of KES, the alert for this status will be postponed until 24 hours after
install OR 30 minutes after first reboot.
KES requires reboot
Deployment of the configuration file has failed
KES is disabled
KES is not installed
In the Web Portal, profiles with an active KES policy will display the Kaspersky logo:
Splashtop Remote Screen Share Integration
Traditionally, Autotask Endpoint Management (AEM) has used RDP and VNC as its main remote screen viewers. Autotask now offers an integration with Splashtop that uses the latest remote screen share technology:
l
l
l
Windows and Macintosh support - Splashtop enables remote desktop support in both Windows and
OS X.
Retina display support - The use of Splashtop gives remote takeover ability to retina display Macs, as
well as the ability to take over OS X devices unattended.
Secure connection - All ports are routed through our secure tunnel servers when the connection is initiated from an AEM Agent.
If you have an account with Splashtop, it is possible to enter the credentials of your account with the
streamer where you can log in with your Splashtop details. In this instance, you will be using
Splashtop’s infrastructure and it will not be tunneled through our secure connection, and is not supported by AEM.
Minimum requirements
Windows
l
XP Pro and later versions
While it operates in Windows server environments, there can be issues when switching from different
user accounts. Splashtop hopes to resolve this limitation soon. In the meantime, we suggest the use
of RDP for remote sessions to Windows server environments.
More information on this issue can be found on Splashtop’s support page.
Mac OS X
l
l
10.6 + Snow Leopard and later versions
1.6 GHz or faster dual-core CPU (use of a less powerful CPU may cause higher CPU usage when connected)
l
1 GB of RAM
l
Support for 2560 (or less) screen resolution for Windows
l
Support for 2560 (or less) screen resolution for Mac
l
Audio setting within the 32 kHz to 96 kHz range
l
Optimized for NVIDIA graphics cards. For further information, refer to What NVIDIA optimization does
Splashtop support?
How to...
Enable Splashtop
In order to enable Splashtop in your account, you need to enable the extension to do this.
l
Go to ComStore.
l
Click Extensions.
l
Choose Splashtop Remote Screen Sharing.
l
Click on Buy.
Install the Streamer
Splashtop deployment works by utilizing a server and a viewer application, or in Splashtop terms, a streamer
for the remote side and a client for the viewing side.
The Splashtop installer, i.e. the streamer makes it possible to remotely view a device. You can choose to automatically push out the streamer to devices on a per profile basis, all devices, or only those devices that you
select by clicking on the Splashtop icon in the Agent browser.
To install the Agent automatically to all devices in the account or in a profile:
1. Navigate to Account > Settings.
2. Scroll down to Splashtop Settings and turn on Enable automatic installation of Splashtop
Streamer.
Once enabled, it will select the default setting of Auto install Splashtop for all profiles and proceed to
download and install the appropriate streamer on each device the first time they come online after the service
on that device has restarted. This means, if the device is online at the point of enabling the auto install option,
the Agent service must be restarted either manually or by rebooting the device for the streamer to be installed.
Alternatively, there is an option to enable the streamer for specific profiles.
1. Change the auto install setting to Selected Profiles.
2. Choose the profiles you want to enable Splashtop for.
If you do not enable the Splashtop streamer to be deployed in this method, clicking the Splashtop
Agent icon when connected to a device in the Agent browser will install the streamer on the device. It
may take a few moments for it to install when connecting for the first time.
Install the Client
Installation of the client is automatic on each device upon the first time a connection of this type is initiated.
Update the Client and Streamer
The client and streamer will automatically be updated in the same way Agents are updated when updates
become available.
Establish a remote takeover session
Web Portal
1. Find the device you wish to connect to.
2. At the end of the row of data about the device, you will see the connect, RDP, VNC and Splashtop
icons.
3. Click on the Splashtop icon to initiate a connection to the device.
Agent Browser
Much in the same way as you find the Splashtop icon in the Web Portal, you will now see a new Splashtop
icon in the Agent browser. To initiate the remote takeover using Splashtop:
1. Login to the Agent browser.
2. Find the device in the way you normally would (use search, locate by IP, hostname etc.).
3. Connect to device so the device shows in the connected devices area.
4. Once connected, locate the Splashtop icon and click connect. You will now be connected to the device
via Splashtop.
Remote session controls
Once the Splashtop window is open, you can access the following control icons by clicking the down arrow:
Icon
Description
Disconnect. Ends the remote takeover session and disconnects you from the endpoint.
CTRL-ALT-DEL. This will send the key press combination of CTRL-ALT-DEL to the remote
device.
Sharp mode/Smooth mode toggle. Sharp mode gives clearer display quality. Smooth mode
gives faster streaming performance, but consumes more CPU power on your computer.
Scaled/Original size screen toggle. This will toggle between a scaled resolution of the
remote screen in your window and the actual resolution of the remote display.
Icon
Description
Full screen toggle. Switch between a windowed or full screen view of the remote desktop.
Switch display (or monitors). Provides switching to (and from) your secondary monitor if your
computer has more than one display or monitor attached.
Index: .Net Framework – IP address ranges
Index
custom agent settings 67
custom fields 67, 80
.
custom labels 67
.Net Framework 21
D
2
Datto 133
2FA 60, 67
device approval 67, 77
A
device limit 36
access control 67
disable 2FA 60
account settings 67
disable TOTP 60
account setup 67
disable two factor authentication 60
agent
I
about 6
I forgot my password 53
agent browser 6
infrastructure 23
agent updates 67, 89
overview 9
Amazon 12
integrations 91
Autotask PSA 95
Autotask PSA 95
B
configuring 91
billing portal 36
ConnectWise 118
branding 40
Datto 133
C
change password 33, 53
command prompt 80
Concord 10
configuration 31
connection broker 84, 87
Kaspersky 136
service desk 93
Splashtop 189
Zendesk 127
introduction to AEM 4-5
IP address ranges 12
ConnectWise 118
©2015 Autotask Corporation l Page 195 of 197
Index: Kaspersky – ticket assignee
K
reg edit 80
regedit 80
Kaspersky 136
L
region 10
license 36
registry editor 80
LiveLink 95, 114
remote connection 114
LiveLinks Designer 114
remote takeover 114
M
requirements
overview 9
mail recipients 67
mail settings 67
reset columns display 67
manage password 53
reset password 53
Merlot 10
roles 43
S
Mono 21
N
sandboxing 77
security 23
node score 84, 87
O
service desk 93
setup 31
OTP token 60
P
SNMP credentials 67
Splashtop 189
package 36
strong password requirements 53
password 53, 67
subnet 84
password policy 67
supported operating systems 21
Pinotage 10
Syrah 10
platform 10
system requirements 21
power rating 67
T
profile variables 67
R
rebranding 40
TFA 60
ticket assignee 67
Index: two-factor authentication – Zinfandel
two-factor authentication 33, 60, 67
U
ULS 10
unified login server 10
user account 33
users 48
V
variables 67
W
web portal, about 6
whitelisting 12
windows registry 80
Z
Zendesk 127
Zinfandel 10

Setting Up Autotask Endpoint Management

Transcription

Similar documents

Antivirus - Marshall University

ESET NOD32 Antivirus 4

ESET NOD32 Antivirus 8

ESET NOD32 Antivirus 9

Cisco.com AEM Integration and Migration

Program Agenda and Vendor Guide

ESET NOD32 Antivirus 4

Anti-Virus Comparative File Detection Test of - AV

ESET NOD32 Antivirus 4 Business Edition For Mac OS X