North America
Check Comodo Client Security(CCS), Endpoint Manager Communication Client are present in your endpoint
Ratings
Release Time
01/18/2021
Downloads
907 times
Update Time
03/26/2025
Views
1658 times
Share-it:
Categories
Offboarding
Published on:
4 years ago
This is the Custom Monitoring Script which is used to check whether the CCS and Endpoint Manager is present and Uninstall.
Run the script as custom monitoring
https://wiki.comodo.com/frontend/web/topic/how-to-use-custom-script-procedure-monitoring
You need to Run the Script auto-remediation alert on Run below procedure:(refer the below image)
Refer the below wiki link for Auto remediation alert Configurations:
https://wiki.comodo.com/frontend/web/topic/how-to-configure-alerts
Note:
Please Do not Use the Script as Normal Procedure
The below-mentioned script is Auto Remediation Procedure its Only for the above Custom monitoring script.
Before running the custom monitoring you need to import below-mentioned auto-remediation procedure in normal proceed
This script could be used as an custom monitoring procedure for the below auto-remediation script.
Procedure's Instructions
231
1
#########################Configuration#Section##########################################################################2
# if Comodo Client - Security is present uninstall3
UninstallCCS = "no"4
# do you want to install a specific software ?5
installspecificsoftware = "no"6
# if you want to verify if a specific software is present please provide the software name7
softwarename = "software name"8
# if Comodo Comunication Client is present uninstall9
UninstallCCC = "no"10
########################################################################################################################11
import os12
import ctypes13
import re14
import time15
import socket16
try:17
import winreg as _winreg18
except ImportError:19
try:20
import _winreg21
except ImportError:22
pass23
import shutil24
import ssl25
try:26
import urllib.request as urllib227
except ImportError:28
try:29
import urllib230
except ImportError:31
pass32
import getpass33
import sys34
import datetime35
36
i=037
j=038
allowtorun=039
min = '5' 40
datenow = datetime.datetime.now()41
datestamp = datenow + datetime.timedelta(minutes = int(min) -1)42
43
def GetWindowsEdition(Key_name):44
val = ""45
try:46
reg = _winreg.ConnectRegistry(None, _winreg.HKEY_LOCAL_MACHINE)47
ok = _winreg.OpenKey(reg, Key_name, 0, _winreg.KEY_WOW64_32KEY | _winreg.KEY_READ)48
val = _winreg.QueryValueEx(ok, "ProductName")[0]49
_winreg.CloseKey(ok)50
return val51
except Exception as exception:52
val = "Windows Registry Exception: " + str(exception)53
return val54
55
WindowsVersion = GetWindowsEdition('SOFTWARE\Microsoft\Windows NT\CurrentVersion')56
57
class disable_file_system_redirection:58
if not ("XP" in WindowsVersion or "2008" in WindowsVersion):59
try:60
_disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection61
_revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection62
def __enter__(self):63
self.old_value = ctypes.c_long()64
self.success = self._disable(ctypes.byref(self.old_value))65
def __exit__(self, type, value, traceback):66
if self.success:67
self._revert(self.old_value)68
except:69
pass70
71
# Create 'TimeStampStatus' file and write current time72
def WriteTimeStampToTheTimeStampFile(datetowrite):73
Path_for_time_stamp_file = r""74
Os_Path = r"{0}\Program Files (x86)".format(os.environ['systemdrive'])75
if os.path.exists(Os_Path):76
Path_for_time_stamp_file = r"{0}\Program Files (x86)\ITarian\Endpoint Manager\rmmlogs\TimeStampStatus.txt".format(os.environ['systemdrive'])77
else:78
Path_for_time_stamp_file = r"{0}\Program Files\ITarian\Endpoint Manager\rmmlogs\TimeStampStatus.txt".format(os.environ['systemdrive'])79
open(Path_for_time_stamp_file, "w+").write(str(datetowrite.strftime("%y-%m-%d %H:%M:%S")))80
81
# read 'TimeStampStatus' file82
def readTimeStampStatus():83
Path_for_time_stamp_file = r""84
Os_Path = r"{0}\Program Files (x86)".format(os.environ['systemdrive'])85
if os.path.exists(Os_Path):86
Path_for_time_stamp_file = r"{0}\Program Files (x86)\ITarian\Endpoint Manager\rmmlogs\TimeStampStatus.txt".format(os.environ['systemdrive'])87
else:88
Path_for_time_stamp_file = r"{0}\Program Files\ITarian\Endpoint Manager\rmmlogs\TimeStampStatus.txt".format(os.environ['systemdrive'])89
vartime = open(Path_for_time_stamp_file, "r")90
time = vartime.read()91
return time92
93
def verifyfileexist():94
Path_for_time_stamp_file = ""95
Os_Path = r"{0}\Program Files (x86)".format(os.environ['systemdrive'])96
if os.path.exists(Os_Path):97
Path_for_time_stamp_file = r"{0}\Program Files (x86)\ITarian\Endpoint Manager\rmmlogs\TimeStampStatus.txt".format(os.environ['systemdrive'])98
else:99
Path_for_time_stamp_file = r"{0}\Program Files\ITarian\Endpoint Manager\rmmlogs\TimeStampStatus.txt".format(os.environ['systemdrive'])100
return Path_for_time_stamp_file101
102
def alert(arg):103
sys.stderr.write("%d%d%d" % (arg, arg, arg))104
105
def checkCCS():106
if os.path.exists(os.environ['systemdrive'] + '\Program Files\COMODO\COMODO Internet Security\cmdagent.exe'):107
return True108
return False109
110
def checkCCC():111
if os.path.exists(os.environ['systemdrive'] + '\Program Files\ITarian\Endpoint Manager\ITSMAgent.exe') or os.path.exists(os.environ['systemdrive'] + '\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe'):112
return True113
return False114
115
## detect all installed software through registry key 116
def DNDS(rtkey, pK, kA):117
ln = []118
lv = []119
try:120
oK = _winreg.OpenKey(rtkey, pK, 0, kA)121
i = 0122
while True:123
try:124
bkey = _winreg.EnumKey(oK, i)125
vkey = os.path.join(pK, bkey)126
oK1 = _winreg.OpenKey(rtkey, vkey, 0, kA)127
try:128
tls = []129
DN, bla = _winreg.QueryValueEx(oK1, 'DisplayName')130
DV, bla = _winreg.QueryValueEx(oK1, 'UninstallString')131
_winreg.CloseKey(oK1)132
ln.append(DN)133
lv.append(DV)134
except:135
pass136
i += 1137
except:138
break139
_winreg.CloseKey(oK)140
return zip(ln, lv)141
except:142
return zip(ln, lv)143
144
def GetSoftwareUsingRegistry():145
## detect whether the computer is 32 bit or 64 bit146
rK = _winreg.HKEY_LOCAL_MACHINE147
sK = r'SYSTEM\CurrentControlSet\Control\Session Manager\Environment'148
openedKey = _winreg.OpenKey(rK, sK, 0, _winreg.KEY_READ)149
arch, bla = _winreg.QueryValueEx(openedKey, 'PROCESSOR_ARCHITECTURE')150
arch = str(arch)151
_winreg.CloseKey(openedKey)152
## sorting all collected data from all the way, filtered duplicates and listed the final result!153
if arch == 'AMD64':154
fList = DNDS(_winreg.HKEY_LOCAL_MACHINE, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_WOW64_32KEY | _winreg.KEY_READ)155
fList.extend(DNDS(_winreg.HKEY_LOCAL_MACHINE, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_WOW64_64KEY | _winreg.KEY_READ))156
fList.extend(DNDS(_winreg.HKEY_CURRENT_USER, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_WOW64_32KEY | _winreg.KEY_READ))157
fList.extend(DNDS(_winreg.HKEY_CURRENT_USER, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_WOW64_64KEY | _winreg.KEY_READ))158
else:159
fList = DNDS(_winreg.HKEY_LOCAL_MACHINE, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_READ)160
fList.extend(DNDS(_winreg.HKEY_CURRENT_USER, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_READ))161
fList = set(fList)162
j = 1163
FinalResultAVG = ""164
for i in sorted(fList):165
a, b = i166
try:167
resultavg = '{:<100}'.format(a.encode('utf-8'))168
FinalResultAVG = FinalResultAVG + '\n' + resultavg169
except:170
FinalResultAVG = FinalResultAVG + '\n' + a171
j += 1172
return FinalResultAVG173
174
if not os.path.exists(verifyfileexist()):175
if allowtorun==0:176
if UninstallCCS is "yes":177
inst1=checkCCS()178
if inst1:179
allowtorun=1180
i=1181
print ("Comodo Client - Security is installed on the Endpoint\n")182
if allowtorun==0:183
if installspecificsoftware is "yes":184
Findinstallspecificsoftware = GetSoftwareUsingRegistry()185
if not softwarename in Findinstallspecificsoftware:186
allowtorun=1187
i=1188
print (softwarename + " is not installed on the Endpoint\n")189
if allowtorun==0:190
if UninstallCCC is "yes":191
inst2=checkCCC()192
if inst2:193
allowtorun=1194
i=1195
print ("Comodo Comunication Client is installed on the Endpoint\n")196
if i==1:197
WriteTimeStampToTheTimeStampFile(datestamp)198
alert(1)199
else:200
alert(0)201
else:202
statusdate = datetime.datetime.strptime(readTimeStampStatus(), '%y-%m-%d %H:%M:%S')203
if datenow < statusdate:204
alert(0)205
else:206
if allowtorun==0:207
if UninstallCCS is "yes":208
inst1=checkCCS()209
if inst1:210
allowtorun=1211
i=1212
print ("Comodo Client - Security is installed on the Endpoint\n")213
if allowtorun==0:214
if installspecificsoftware is "yes":215
Findinstallspecificsoftware = GetSoftwareUsingRegistry()216
if not softwarename in Findinstallspecificsoftware:217
allowtorun=1218
i=1219
print (softwarename + " is not installed on the Endpoint\n")220
if allowtorun==0:221
if UninstallCCC is "yes":222
inst2=checkCCC()223
if inst2:224
allowtorun=1225
i=1226
print ("Comodo Comunication Client is installed on the Endpoint\n")227
if i==1:228
WriteTimeStampToTheTimeStampFile(datestamp)229
alert(1)230
else:231
alert(0)CONTACT US
Call now! 
(972) 649-9012
(972) 649-9012
---
