Kaspersky Security Center 14 Windows
14
English

Contents

Device discovery

This section describes the types of device discovery available in Kaspersky Security Center and provides information using each type.

The Administration Server receives information about the structure of the network and devices on this network through regular polling. The information is recorded to the Administration Server database. Administration Server can use the following types of polling:

  • Windows network polling. The Administration Server can perform two kinds of Windows network poll: quick and full. During a quick poll, the Administration Server only retrieves information from the list of the NetBIOS names of devices in all network domains and workgroups. During a full poll, more information is requested from each client device, such as operating system name, IP address, DNS name, and NetBIOS name. By default, both quick poll and full poll are enabled. Windows network polling may fail to discover devices, for example, if the ports UDP 137, UDP 138, TCP 139 are closed on the router or by the firewall.
  • Active Directory polling. The Administration Server retrieves information about the Active Directory unit structure and about DNS names of the devices from Active Directory groups. By default, this type of polling is enabled. We recommend that you use Active Directory polling if you use Active Directory; otherwise, the Administration Server does not discover any devices. If you use Active Directory but some of the networked devices are not listed as members, these devices cannot be discovered by Active Directory polling.
  • IP range polling. The Administration Server polls the specified IP ranges using ICMP packets or the NBNS protocol and compiles a complete set of data on devices within those IP ranges. By default, this type of polling is disabled. It is not recommended to use this type of polling if you use Windows network polling and/or Active Directory polling.
  • Zeroconf polling. A distribution point that polls the IPv6 network by using zero-configuration networking (also referred to as Zeroconf). By default, this type of polling is disabled. You can use Zeroconf polling if the distribution point runs Linux.

If you set up and enabled device moving rules, the newly discovered devices are automatically included in the Managed devices group. If no moving rules have been enabled, the newly discovered devices are automatically included in the Unassigned devices group.

You can modify device discovery settings for each type. For example, you may want to modify the polling schedule or to set whether to poll the entire Active Directory forest or only a specific domain.

Before you start network polling, make sure that the SMB protocol is enabled. Otherwise, Kaspersky Security Center cannot discover devices in the polled network. To enable the SMB protocol, follow the instructions for your operating system.

In this section

Windows network polling

Active Directory polling

IP range polling

Zeroconf polling

See also:

Device discovery frequency

Scenario: Discovering networked devices

Main installation scenario
Page top
[Topic 3884]

Windows network polling

Expand all | Collapse all

About Windows network polling

During a quick poll, the Administration Server only retrieves information from the list of the NetBIOS names of devices in all network domains and workgroups. During a full poll, the following information is requested from each client device:

  • Operating system name
  • IP address
  • DNS name
  • NetBIOS name

Both quick polls and full polls require the following:

  • Ports UDP 137/138, TCP 139, UDP 445, TCP 445 must be available in the network.
  • The SMB protocol is enabled.
  • The Microsoft Computer Browser service must be used, and the primary browser computer must be enabled on the Administration Server.
  • The Microsoft Computer Browser service must be used, and the primary browser computer must be enabled on the client devices:
    • On at least one device, if the number of networked devices does not exceed 32.
    • On at least one device for each 32 networked devices.

The full poll can run only if the quick poll has run at least once.

Viewing and modifying the settings for Windows network polling

To modify the settings for the Windows network polling:

  1. In the console tree, in the Device discovery folder, select the Domains subfolder.

    You can proceed from the Unassigned devices folder to the Device discovery folder by clicking the Poll now button.

    In the workspace of the Domains subfolder, the list of the devices is displayed.

  2. Click Poll now.

    The domain properties window opens. If you want, modify the settings of Windows network polling:

    • Enable Windows network polling

      This option is selected by default. If you do not want to perform Windows network poll (for example, if you think that Active Directory polling is enough), you can unselect this option.

    • Set quick polling schedule

      The default period is 15 minutes.

      During a quick poll, the Administration Server only retrieves information from the list of the NetBIOS names of devices in all network domains and workgroups.

      The data received at the next polling completely replaces the old data.

      The following polling schedule options are available:

      • Every N days

        The polling runs regularly, with the specified interval in days, starting from the specified date and time.

        By default, the polling runs every day, starting from the current system date and time.

      • Every N minutes

        The polling runs regularly, with the specified interval in minutes, starting from the specified time.

        By default, the polling runs every five minutes, starting from the current system time.

      • By days of week

        The polling runs regularly, on the specified days of week, and at the specified time.

        By default, the polling runs every Friday at 6:00:00 PM.

      • Every month on specified days of selected weeks

        The polling runs regularly, on the specified days of each month, and at the specified time.

        By default, no days of month are selected; the default start time is 6:00:00 PM.

      • Run missed tasks

        If the Administration Server is switched off or unavailable during the time for which the poll is scheduled, the Administration Server can either start the poll immediately after it is switched on, or wait for the next time for which the poll scheduled.

        If this option is enabled, the Administration Server starts polling immediately after it is switched on.

        If this option is disabled, the Administration Server waits for the next time for which the polling is scheduled.

        By default, this option is enabled.

    • Set full polling schedule

      The default period is one hour. The data received at the next polling completely replaces the old data.

      The following polling schedule options are available:

      • Every N days

        The polling runs regularly, with the specified interval in days, starting from the specified date and time.

        By default, the polling runs every day, starting from the current system date and time.

      • Every N minutes

        The polling runs regularly, with the specified interval in minutes, starting from the specified time.

        By default, the polling runs every five minutes, starting from the current system time.

      • By days of week

        The polling runs regularly, on the specified days of week, and at the specified time.

        By default, the polling runs every Friday at 6:00:00 PM.

      • Every month on specified days of selected weeks

        The polling runs regularly, on the specified days of each month, and at the specified time.

        By default, no days of month are selected; the default start time is 6:00:00 PM.

      • Run missed tasks

        If the Administration Server is switched off or unavailable during the time for which the poll is scheduled, the Administration Server can either start the poll immediately after it is switched on, or wait for the next time for which the poll scheduled.

        If this option is enabled, the Administration Server starts polling immediately after it is switched on.

        If this option is disabled, the Administration Server waits for the next time for which the polling is scheduled.

        By default, this option is enabled.

If you want to perform the poll immediately, click Poll now. Both types of polls will start.

On the virtual Administration Server you can view and edit the polling settings of the Windows network in the properties window of the distribution point, in the Device discovery section.

See also:

Working with Windows domains. Viewing and changing the domain settings

Scenario: Discovering networked devices
Page top
[Topic 3885]

Active Directory polling

Expand all | Collapse all

Use Active Directory polling if you use Active Directory; otherwise, it is recommended to use other poll types. If you use Active Directory but some of the networked devices are not listed as members, these devices cannot be discovered by Active Directory polling.

Before you start network polling, make sure that the SMB protocol is enabled. Otherwise, Kaspersky Security Center cannot discover devices in the polled network. To enable the SMB protocol, follow the instructions for your operating system.

Viewing and modifying the settings for Active Directory polling

To view and modify the settings for polling Active Directory groups:

  1. In the console tree, in the Device discovery folder, select the Active Directory subfolder.

    Alternatively, you can proceed from the Unassigned devices folder to the Device discovery folder by clicking the Poll now button.

  2. Click Configure polling.

    The Active Directory properties window opens. If you want, modify the settings of Active Directory group polling:

    • Enable Active Directory polling

      This option is selected by default. However, if you do not use Active Directory, the poll does not retrieve any results. In this case, you can unselect this option.

    • Set polling schedule

      The default period is one hour. The data received at the next polling completely replaces the old data.

      The following polling schedule options are available:

      • Every N days

        The polling runs regularly, with the specified interval in days, starting from the specified date and time.

        By default, the polling runs every day, starting from the current system date and time.

      • Every N minutes

        The polling runs regularly, with the specified interval in minutes, starting from the specified time.

        By default, the polling runs every five minutes, starting from the current system time.

      • By days of week

        The polling runs regularly, on the specified days of week, and at the specified time.

        By default, the polling runs every Friday at 6:00:00 PM.

      • Every month on specified days of selected weeks

        The polling runs regularly, on the specified days of each month, and at the specified time.

        By default, no days of month are selected; the default start time is 6:00:00 PM.

      • Run missed tasks

        If the Administration Server is switched off or unavailable during the time for which the poll is scheduled, the Administration Server can either start the poll immediately after it is switched on, or wait for the next time for which the poll scheduled.

        If this option is enabled, the Administration Server starts polling immediately after it is switched on.

        If this option is disabled, the Administration Server waits for the next time for which the polling is scheduled.

        By default, this option is enabled.

    • Advanced

      You can select which Active Directory domains to poll:

      • Active Directory domain to which the Kaspersky Security Center belongs.
      • Domain forest to which the Kaspersky Security Center belongs.
      • Specified list of Active Directory domains.

        If you select this option, you can add domains to the polling scope:

        • Click the Add button.
        • In the corresponding fields, specify the address of the domain controller, the name and password of the account for accessing it.
        • Click OK to save changes.

        You can select the domain controller address on the list and click the Modify or Remove buttons to modify or remove it.

      • Click OK to save changes.

If you want to perform the poll immediately, click the Poll now button.

On the virtual Administration Server, you can view and edit the polling settings of Active Directory groups in the properties window of the distribution point, in the Device discovery section.

See also:

Scenario: Discovering networked devices
Page top
[Topic 3886]

IP range polling

Expand all | Collapse all

The Administration Server polls the specified IP ranges using ICMP packets or the NBNS protocol and compiles a complete set of data on devices within those IP ranges. By default, this type of polling is disabled. It is not recommended to use this type of polling if you use Windows network polling and/or Active Directory polling.

Before you start network polling, make sure that the SMB protocol is enabled. Otherwise, Kaspersky Security Center cannot discover devices in the polled network. To enable the SMB protocol, follow the instructions for your operating system.

Viewing and modifying the settings for IP range polling

To view and modify the settings for polling IP range groups:

  1. In the console tree, in the Device discovery folder, select the IP ranges subfolder.

    You can proceed from the Unassigned devices folder to the Device discovery folder by clicking Poll now.

  2. If you want, in the IP ranges subfolder click Add subnet to add an IP range for polling, and then click OK.
  3. Click Configure polling.

    The IP ranges properties window opens. If you want, you can modify the settings of IP range polling:

    • Enable IP range polling

      This option is not selected by default. It is not recommended to use this type of polling if you use Windows network polling and/or Active Directory polling.

    • Set polling schedule

      The default period is 420 minutes. The data received at the next polling completely replaces the old data.

      The following polling schedule options are available:

      • Every N days

        The polling runs regularly, with the specified interval in days, starting from the specified date and time.

        By default, the polling runs every day, starting from the current system date and time.

      • Every N minutes

        The polling runs regularly, with the specified interval in minutes, starting from the specified time.

        By default, the polling runs every five minutes, starting from the current system time.

      • By days of week

        The polling runs regularly, on the specified days of week, and at the specified time.

        By default, the polling runs every Friday at 6:00:00 PM.

      • Every month on specified days of selected weeks

        The polling runs regularly, on the specified days of each month, and at the specified time.

        By default, no days of month are selected; the default start time is 6:00:00 PM.

      • Run missed tasks

        If the Administration Server is switched off or unavailable during the time for which the poll is scheduled, the Administration Server can either start the poll immediately after it is switched on, or wait for the next time for which the poll scheduled.

        If this option is enabled, the Administration Server starts polling immediately after it is switched on.

        If this option is disabled, the Administration Server waits for the next time for which the polling is scheduled.

        By default, this option is enabled.

If you want to perform the poll immediately, click Poll now. This button is only available if you selected Enable IP range polling.

On the virtual Administration Server, you can view and edit the settings for IP range polling in the distribution point properties window, in the Device discovery section. Client devices discovered during the poll of IP ranges are displayed in the Domains folder of the virtual Administration Server.

See also:

Scenario: Discovering networked devices
Page top
[Topic 3887]

Zeroconf polling

This polling type is supported only for Linux-based distribution points.

A distribution point can poll networks that have devices with IPv6 addresses. In this case, IP ranges are not specified and the distribution point polls the whole network by using zero-configuration networking (referred to as Zeroconf). To start using Zeroconf, you must install the avahi-browse utility on the distribution point.

To enable Zeroconf polling:

  1. In the console tree, in the Device discovery folder, select the IP ranges subfolder.

    You can proceed from the Unassigned devices folder to the Device discovery folder by clicking Poll now.

  2. Click Configure polling.
  3. In the IP ranges properties window that opens, select Enable polling with Zeroconf technology.

After that, the distribution point starts to poll your network. In this case, the specified IP ranges are ignored.

Page top
[Topic 222066]