Home products
1-10 computers

Business products
Workstations & Servers protection

Workstation protection

File server protection

Mail system protection

Perimeter protection

Administration Kit

Kaspersky Administration Kit 8.0

Kaspersky Administration Kit 6.0 MP1/MP2

Operating principles

Implementing in network

Complex-components uninstalling

Troubleshooting

All articles

Kaspersky Administration Kit 5.0 MP3 (builds 5.0.1104 - 5.0.1152)

Support lifecycle of applications for remote management

Kaspersky Hosted Security Services

Fighting malicious programs
How to disinfect...

Training and Certification
Take an educational course and become a certified anti-virus security specialist

Self Service
More help online

Support contacts and conditions
Information about support services and rules

You are visiting our Support Website and we thank you in advance for your participation in this poll and your feedbacks.

Please vote honestly, we will analyze the results and will do our best to improve our service as soon as possible.

Read the same in:

Home / Business products / Administration Kit / Kaspersky Administration Kit 6.0 MP1/MP2 / Operating principles

Kaspersky Administration Kit 6.0 MP1/MP2

Operating principles [39]

More Sections

Network scan
ID Article: 956	Other languages:	41	2008 Oct 14 14:12	Printable version

Concerning to Kaspersky Administration Kit 6.0 MP1

Kaspersky Administration Kit can search computers in corporate networks which use TCP/IP protocols and information about the computers automatically. The query types are the following:

Windows network-scan

The following data sources are used to scan network:

Browser Service for Microsoft Windows Networks (to get the list of the switched on computers)

Network domain controllers (to get the list of computers registered in the domain controllers)

ICMP-echo delivery and reverse DNS service (to get computer name (NetBIOS or DNS) from the IP-address)

Once the scan is over the information is registered in the Administration Server database. Information about client computers is updated based on the received data. The following information is updated:

Computer Netbios name

Computer DNS name

If computer is visible in network

Computer IP-address

Date of the computer latest information update

Date when the computer was last visible in the network

Computer MAC-address

Network can be scanned by either quick or full scan type. Both scan types are performed irrespective of each other.

Quick scan is used only by Browser Service and domain controllers and has 2 stages:

1. Domain list and list of computers in each domain (when addressing domain controllers) are received. These lists are written to the database.

2. List of workgroups and domains, as well as lists of computers from the Network Browser are received. These lists are also written to the database, but date/time when the computer was last visible in the network is updated too.

The scan type is performed quickly.

The recommended period to run quick scan is every 10-15 minutes.

If the Administration Server is running under Microsoft Windows Server 2008 and the service of Administration Server is launched under Local System Account, in this case quick scan of the Microsoft network does not function.

During full scan the Server receives computer names and information from the domain controllers. Full network scan uses for its work results of quick network scan. This scan type is performed slowly and the recommended period to launch this scan is once in several hours.

During full scan (or IP-addresses scan) the time of the host last visibility in the network is updated too (if the host responded to ICMP-echo). The attribute responsible for the host visibility in the network is cleared every hour (the interval does not change): these attributes are cleared for hosts who were last visible more than 60 minutes back (by default). The parameter value can be set on the Settings tab of the Administration Server properties – Host visibility time-out, min.

Useful links:

What does color of a client computer icon mean?

With the visibility box cleared, the icon of a client computer becomes not bright.

Active Directory scan

Active Directory can also be scanned in order to get the Organization Units structure with the computers included to this structure.

To set/disable the period to scan Windows-network, right-click to Administration Server > go to Properties > the Network Scan tab > Windows Network section.

Note: you cannot disable full scan for all network. You can either set maximum full scan period– 65535 minutes (about 45 days), or disable full scan of selected groups/domains the following way:

1. choose domain view for the Network node

2. select the necessary domain/group and open its properties on the Clients tab

3. clear the Allow full scanning of computers of this group checkbox

Active Directory scan period can be disabled/set in the Active Directory section.

IP-subnetwork scan

To scan IP-subnets, ICMP-packages are sent to scan IP-networks to get list of computers

During the first installation of the Administration Server (or when upgrading from the previous version) only the subnets in which the Server is located can be detected. If you will have to scan other IP-subnets later, then the administrator will have to add these IP-subnets manually (in the Network console node > the View IP-subnetworks link > Add IP-subnetwork link)

Scope scan can result in excessive ARP packets. It is actual when the number of addresses in the sub-network (node of the console tree is considered) exceeds the number of computers in the same sub-network. To rectify the problem set the sub-network scope congruous to the number of computers in it.

To disable or configure period of the IP-network scan, right-click Administration Server > Properties > Scan network tab > IP-subnets section (see the figure).

To launch network scan on demand of the administrator, right-click Administration Server > Properties > Network scan tab > Scan now button. The scan will be performed with the set parameters.