Searching and exporting data

This section contains information about data search methods and about exporting data.

Finding devices

Kaspersky Security Center allows you to find devices on the basis of specified criteria. Search results can be saved to a text file.

The search feature allows you to find the following devices:

• Client devices in administration groups of an Administration Server and its secondary Servers.
• Unassigned devices managed by an Administration Server and its secondary Servers.

To find client devices included in an administration group:

1. In the console tree, select an administration group folder.
2. Select Search from the context menu of the administration group folder.
3. On the tabs of the Search window, specify the criteria for the search of devices, and click the Find now button.

Devices that meet the specified search criteria are now displayed in a table in the lower part of the Search window.

To find unassigned devices:

1. In the console tree, select the Unassigned devices folder.
2. Select Search from the context menu of the Unassigned devices folder.
3. On the tabs of the Search window, specify the criteria for the search of devices, and click the Find now button.

Devices that meet the specified search criteria are now displayed in a table in the lower part of the Search window.

To find devices regardless of whether they are included in an administration group:

1. In the console tree, select the Administration Server node.
2. In the context menu of the node, select Search.
3. On the tabs of the Search window, specify the criteria for the search of devices, and click the Find now button.

Devices that meet the specified search criteria are now displayed in a table in the lower part of the Search window.

In the Search window you can also search for administration groups and secondary Administration Servers using a drop-down list in the top right corner of the window. Search functionality for administration groups and secondary Administration Servers is not available if you opened the Search window from the Unassigned devices folder.

To find devices, you can use regular expressions in the fields of the Search window.

Full text search in the Search window is available:

• On the Network tab, in the Description field
• On the Hardware tab, in the Device, Vendor, and Description fields

Device search settings

Expand all | Collapse all

Below are descriptions of the settings used for searching managed devices. Search results are displayed in the lower part of the window.

Network

On the Network tab, you can specify the criteria that will be used to search for devices according to their network data:

• Device name or IP address

  Windows network name (NetBIOS name) of the device or IPv4 address.

• Windows domain

  Displays all devices included in the specified Windows domain.

• Administration group

  Displays devices included in the specified administration group.

• Description

  Text in the device properties window: In the Description field of the General section.

  To describe text in the Description field, you can use the following characters:

  • Within a word:
    • *. Replaces any string with any number of characters.

    Example:

    To describe words such as Server or Server's, you can enter Server*.

    • ?. Replaces any single character.

    Example:

    To describe words such as Window or Windows, you can enter Windo?.

    Asterisk (*) or question mark (?) cannot be used as the first character in the query.

  • To find several words:
    • Space. Displays all the devices whose descriptions contain any of the listed words.

    Example:

    To find a phrase that contains Secondary or Virtual words, you can include Secondary Virtual line in your query.

    • +. When a plus sign precedes a word, all search results will contain this word.

    Example:

    To find a phrase that contains both Secondary and Virtual, enter the +Secondary+Virtual query.

    • -. When a minus sign precedes a word, no search results will contain this word.

    Example:

    To find a phrase that contains Secondary and does not contain Virtual, enter the +Secondary-Virtual query.

    • "<some text>". Text enclosed in quotation marks must be present in the text.

    Example:

    To find a phrase that contains Secondary Server word combination, you can enter "Secondary Server" in the query.

• IP range

  If this option is enabled, you can enter the initial and final IP addresses of the IP range in which the relevant devices must be included.

  By default, this option is disabled.

• Managed by a different Administration Server

  Select one of the following values:

  • Yes. Only the client devices managed by other Administration Servers are considered.
  • No. Only the client devices managed by the same Administration Server are considered.
  • No value is selected. The criterion will not be applied.

Tags

On the Tags tab, you can configure a device search based on key words (tags) that were previously added to the descriptions of managed devices:

• Apply if at least one specified tag matches

  If this option is enabled, the search results will show devices with descriptions that contain at least one of the selected tags.

  If this option is disabled, the search results will only show devices with descriptions that contain all the selected tags.

  By default, this option is disabled.

• Tag must be included

  If this option is selected, the search results will display the devices whose descriptions contain the selected tag. To find devices, you can use the asterisk, which stands for any string with any number of characters.

  By default, this option is selected.

• Tag must be excluded

  If this option is selected, the search results will display the devices whose descriptions do not contain the selected tag. To find devices, you can use the asterisk, which stands for any string with any number of characters.

Active Directory

On the Active Directory tab, you can specify that devices should be searched for in the Active Directory organizational unit (OU) or group. You can also include devices from all child OUs of the specified Active Directory OU in the selection. To select devices, define the following settings:

• Device is in an Active Directory organizational unit

  If this option is enabled, the selection includes devices from the Active Directory unit specified in the entry field.

  By default, this option is disabled.

• Include child organizational units

  If this option is enabled, the selection includes devices from all child organizational units of the specified Active Directory organizational unit.

  By default, this option is disabled.

• This device is a member of an Active Directory group

  If this option is enabled, the selection includes devices from the Active Directory group specified in the entry field.

  By default, this option is disabled.

Network activity

On the Network activity tab, you can specify the criteria that will be used to search for devices according to their network activity:

• This device is a distribution point

  In the drop-down list, you can set up the criterion for including devices in the selection when performing search:

  • Yes. The selection includes devices that act as distribution points.
  • No. Devices that act as distribution points are not included in the selection.
  • No value is selected. The criterion will not be applied.
• Do not disconnect from the Administration Server

  In the drop-down list, you can set up the criterion for including devices in the selection when performing search:

  • Enabled. The selection will include devices on which the Do not disconnect from the Administration Server check box is selected.
  • Disabled. The selection will include devices on which the Do not disconnect from the Administration Server check box is cleared.
  • No value is selected. The criterion will not be applied.
• Connection profile switched

  In the drop-down list, you can set up the criterion for including devices in the selection when performing search:

  • Yes. The selection will include devices that connected to the Administration Server after the connection profile was switched.
  • No. The selection will not include devices that connected to the Administration Server after the connection profile was switched.
  • No value is selected. The criterion will not be applied.
• Last connected to Administration Server

  You can use this check box to set a search criterion for devices according to the time they last connected to the Administration Server.

  If this check box is selected, in the entry fields you can specify the time interval (date and time) during which the last connection was established between Network Agent installed on the client device and the Administration Server. The selection will include devices that fall within the specified interval.

  If this check box is cleared, the criterion will not be applied.

  By default, this check box is cleared.

• New devices detected by network poll

  Searches for new devices that have been detected by network polling over the last few days.

  If this option is enabled, the selection only includes new devices that have been detected by device discovery over the number of days specified in the Detection period (days) field.

  If this option is disabled, the selection includes all devices that have been detected by device discovery.

  By default, this option is disabled.

• Device is visible

  In the drop-down list, you can set up the criterion for including devices in the selection when performing search:

  • Yes. The application includes in the selection devices that are currently visible in the network.
  • No. The application includes in the selection devices that are currently invisible in the network.
  • No value is selected. The criterion will not be applied.

Application

On the Application tab, you can specify the criteria that will be used to search for devices according to the selected managed application:

• Application name

  In the drop-down list, you can set a criterion for including devices in a selection when search is performed by the name of a Kaspersky application.

  The list provides only the names of applications with management plug-ins installed on the administrator's workstation.

  If no application is selected, the criterion will not be applied.

• Application version

  In the entry field, you can set a criterion for including devices in a selection when search is performed by the version number of a Kaspersky application.

  If no version number is specified, the criterion will not be applied.

• Critical update name

  In the entry field, you can set a criterion for including devices in a selection when search is performed by application name or by update package number.

  If the field is left blank, the criterion will not be applied.

• Modules last updated

  You can use this option to set a criterion for searching devices by time of the last update of modules of applications installed on those devices.

  If this check box is selected, in the entry fields you can specify the time interval (date and time) during which the last update of modules of applications installed on those devices was performed.

  If this check box is cleared, the criterion will not be applied.

  By default, this check box is cleared.

• Device is managed through Kaspersky Security Center 13.1

  In the drop-down list, you can include in the selection the devices managed through Kaspersky Security Center:

  • Yes. The application includes in the selection devices managed through Kaspersky Security Center.
  • No. The application includes devices in the selection if they are not managed through Kaspersky Security Center.
  • No value is selected. The criterion will not be applied.
• Security application is installed

  In the drop-down list, you can include in the selection all devices with the security application installed:

  • Yes. The application includes in the selection all devices with the security application installed.
  • No. The application includes in the selection all devices with no security application installed.
  • No value is selected. The criterion will not be applied.

Operating system

On the Operating system tab, you can set up the following criteria to find devices by their operating system (OS) type:

• Operating system version

  If the check box is selected, you can select an operating system from the list. Devices with the specified operating systems installed are included in the search results.

• Operating system bit size

  In the drop-down list, you can select the architecture for the operating system, which will determine how the moving rule is applied to the device (Unknown, x86, AMD64, or IA64). By default, no option is selected in the list so that the operating system's architecture is not defined.

• Operating system service pack version

  In this field, you can specify the package version of the operating system (in the X.Y format), which will determine how the moving rule is applied to the device. By default, no version value is specified.

• Operating system build

  This setting is applicable to Windows operating systems only.

  The build number of the operating system. You can specify whether the selected operating system must have an equal, earlier, or later build number. You can also configure searching for all build numbers except the specified one.

• Operating system release ID

  This setting is applicable to Windows operating systems only.

  The release identifier (ID) of the operating system. You can specify whether the selected operating system must have an equal, earlier, or later release ID. You can also configure searching for all release ID numbers except the specified one.

Device status

On the Device status tab, you can specify criteria for searching devices based on the device status from the managed application:

• Device status

  Drop-down list in which you can select one of the device statuses: OK, Critical, or Warning.

• Real-time protection status

  Drop-down list, in which you can select the real-time protection status. Devices with the specified real-time protection status are included in the selection.

• Device status description

  In this field, you can select the check boxes next to conditions that, if met, assign one of the following statuses to the device: OK, Critical, or Warning.

• Device status defined by application

  Drop-down list, in which you can select the real-time protection status. Devices with the specified real-time protection status are included in the selection.

Protection components

On the Protection components tab, you can set up the criteria to search for client devices by their protection status.

• Databases released

  If this option is selected, you can search for client devices by anti-virus database release date. In the entry fields you can set the time interval, on the basis of which the search is performed.

  By default, this option is disabled.

• Last scanned

  If this check option is enabled, you can search for client devices by time of the last virus scan. In the entry fields you can specify the time period within which the last virus scan was performed.

  By default, this option is disabled.

• Total number of threats detected

  If this option is enabled, you can search for client devices by number of viruses detected. In the entry fields you can set the lower and upper threshold values for the number of viruses found.

  By default, this option is disabled.

Applications registry

On the Applications registry tab, you can configure the search for devices according to applications installed on them:

• Application name

  Drop-down list in which you can select an application. Devices on which the specified application is installed, are included in the selection.

• Application version

  Entry field in which you can specify the version of selected application.

• Vendor

  Drop-down list in which you can select the manufacturer of an application installed on the device.

• Application status

  A drop-down list in which you can select the status of an application (Installed, Not installed). Devices on which the specified application is installed or not installed, depending on the selected status, will be included in the selection.

• Find by update

  If this option is enabled, search will be performed using the details of updates for applications installed on the relevant devices. After you select the check box, the Application name, Application version, and Application status fields change to Update name, Update version, and Status respectively.

  By default, this option is disabled.

• Incompatible security application name

  Drop-down list in which you can select third-party security applications. During the search, devices on which the specified application is installed, are included in the selection.

• Application tag

  In the drop-down list, you can select the application tag. All devices that have installed applications with the selected tag in the description are included in the device selection.

Hierarchy of Administration Servers

On the Hierarchy of Administration Servers tab, check the Include data from secondary Administration Servers (down to level) box if you want the information stored on secondary Administration Servers to be considered while searching for devices, and in the entry field, you can specify the nesting level of secondary Administration Server from which information is considered while searching for devices. By default, this check box is cleared.

Virtual machines

On the Virtual machines tab, you can configure the search for devices according to whether these are virtual machines or part of virtual desktop infrastructure (VDI):

• This is a virtual machine

  In the drop-down list, you can select the following options:

  • Not important.
  • No. Find devices that are not virtual machines.
  • Yes. Find devices that are virtual machines.
• Virtual machine type

  In the drop-down list, you can select the virtual machine manufacturer.

  This drop-down list is available if the Yes or Not important value is selected in the This is a virtual machine drop-down list.

• Part of Virtual Desktop Infrastructure

  In the drop-down list, you can select the following options:

  • Not important.
  • No. Find devices that are not part of Virtual Desktop Infrastructure.
  • Yes. Find devices that are part of the Virtual Desktop Infrastructure (VDI).

Hardware

On the Hardware tab, you can configure search for client devices according to their hardware:

• Device

  In the drop-down list, you can select a unit type. All devices with this unit are included in the search results.

  The field supports the full-text search.

• Vendor

  In the drop-down list, you can select the name of a unit manufacturer. All devices with this unit are included in the search results.

  The field supports the full-text search.

• Description

  Description of the device or hardware unit. Devices with the description specified in this field are included in the selection.

  A device's description in any format can be entered in the properties window of that device. The field supports the full-text search.

• Inventory number

  Equipment with the inventory number specified in this field will be included in the selection.

• CPU frequency, in MHz

  The frequency range of a CPU. Devices with CPUs that match the frequency range in these fields (inclusive) will be included in the selection.

• Virtual CPU cores

  Range of the number of virtual cores in a CPU. Devices with CPUs that match the range in these fields (inclusive) will be included in the selection.

• Hard drive volume, in GB

  Range of values for the size of the hard drive on the device. Devices with hard drives that match the range in these entry fields (inclusive) will be included in the selection.

• RAM size, in MB

  Range of values for the size of the device RAM. Devices with RAMs that match the range in these entry fields (inclusive) will be included in the selection.

Vulnerabilities and updates

On the Vulnerabilities and updates tab, you can set up the criterion to search for devices according to their Windows Update source:

• WUA is switched to Administration Server

  You can select one of the following search options from the drop-down list:

  • Yes. If this option is selected, the search results will include devices that receive updates through Windows Update from the Administration Server.
  • No. If this option is selected, the results will include devices that receive updates through Windows Update from another sources.

Users

On the Users tab, you can set up the criteria to search for devices according to the accounts of users who have logged in to the operating system.

• Last user who logged in to the system

  If this option is enabled, click the Browse button to specify a user account. The search results include devices on which the specified user performed the last login to the system.

• User who logged in to the system at least once

  If this option is enabled, click the Browse button to specify a user account. The search results include devices on which the specified user logged in to the system at least once.

Status-affecting problems in managed applications

On the Status-affecting problems in managed applications tab, you can set up search for devices according to descriptions of their statuses provided by the managed application:

• Device status description

  You can select check boxes for descriptions of statuses from the managed application; upon receipt of these statuses, the devices will be included in the selection. When you select a status listed for several applications, you have the option to select this status in all of the lists automatically.

Statuses of components in managed applications

On the Statuses of components in managed applications tab, you can set up the criteria to search for devices according to the statuses of components in managed applications:

• Data Leakage Prevention status

  Search for devices by the status of Data Leakage Prevention (No data from device, Stopped, Starting, Paused, Running, Failed).

• Collaboration servers protection status

  Search for devices by the status of server collaboration protection (No data from device, Stopped, Starting, Paused, Running, Failed).

• Anti-virus protection status of mail servers

  Search for devices by the status of Mail Server protection (No data from device, Stopped, Starting, Paused, Running, Failed).

• Endpoint Sensor status

  Search for devices by the status of the Endpoint Sensor component (No data from device, Stopped, Starting, Paused, Running, Failed).

Encryption

• Encryption

  Advanced Encryption Standard (AES) symmetrical block cipher algorithm. In the drop-down list, you can select the encryption key size (56-bit, 128-bit, 192-bit, or 256-bit).

  Available values: AES56, AES128, AES192, and AES256.

Cloud segments

On the Cloud segments tab, you can configure a search based on whether a device belongs to specific cloud segments:

• Device is in a cloud segment

  If this option is enabled, you can click the Browse button to specify the segment to search.

  If the Include child objects option is also enabled, the search is run on all child objects of the specified segment.

  Search results include only devices from the selected segment.

• Device discovered by using the API

  In the drop-down list, you can select whether a device is detected by API tools:

  • AWS. The device is discovered by using the AWS API, that is, the device is definitely in the AWS cloud environment.
  • Azure. The device is discovered by using the Azure API, that is, the device is definitely in the Azure cloud environment.
  • Google Cloud. The device is discovered by using the Google API, that is, the device is definitely in the Google Cloud environment.
  • No. The device cannot be detected by using the AWS, Azure, or Google API, that is, it is either outside the cloud environment or it is in the cloud environment but it cannot be detected by using an API.
  • No value. This condition does not apply.

Application components

This section contains the list of components of those applications that have corresponding management plug-ins installed in Administration Console.

In the Application components section, you can specify criteria for including devices in a selection according to the statuses and version numbers of the components that refer to the application that you select:

• Status

  Search for devices according to the component status sent by an application to the Administration Server. You can select one of the following statuses: No data from device, Stopped, Starting, Paused, Running, Malfunction, or Not installed. If the selected component of the application installed on a managed device has the specified status, the device is included in the device selection.

  Statuses sent by applications:

  • Starting—The component is currently in the process of initialization.
  • Running—The component is enabled and working properly.
  • Paused—The component is suspended, for example, after the user has paused protection in the managed application.
  • Malfunction—An error has occurred during the component operation.
  • Stopped—The component is disabled and not working at the moment.
  • Not installed—The user did not select the component for installation when configuring custom installation of the application.

  Unlike other statuses, the No data from device status is not sent by applications. This option shows that the applications have no information about the selected component status. For example, this can happen when the selected component does not belong to any of the applications installed on the device, or when the device is turned off.

• Version

  Search for devices according to the version number of the component that you select in the list. You can type a version number, for example 3.4.1.0, and then specify whether the selected component must have an equal, earlier, or later version. You can also configure searching for all versions except the specified one.

Using masks in string variables

Using masks for string variables is allowed. When creating masks, you can use the following regular expressions:

• Wildcard character (*)—Any string of 0 or more characters.
• Question mark (?)—Any single character.
• [<range>]—Any single character from a specified range or set.

  For example: [0–9]—Any digit. [abcdef]—Any of the characters a, b, c, d, e, or f.

Using regular expressions in the search field

You can use the following regular expressions in the search field to search for specific words and characters:

• *. Replaces any sequence of characters. To search for such words as Server, Servers, or Server room, enter the Server* expression in the search field.
• ?. Replaces any single character. To search for such words as Word or Ward, enter the W?rd expression in the search field.

  Text in the search field cannot begin with a question mark (?).

• [<range>]. Replaces any single character from a specified range or set. To search for any numeral, enter the [0-9] expression in the search field. To search for one of the characters—a, b, c, d, e, or f—enter the [abcdef] expression in the search field.

Use the following regular expressions in the search field to run a full-text search:

• Space. The result is all devices whose descriptions contain any of the listed words. For example, to search for a phrase that contains the word "Secondary" or "Virtual" (or both these words), enter the Secondary Virtual expression in the search field.
• Plus sign (+), AND, or &&. When a plus sign precedes a word, all search results will contain this word. For example, to search for a phrase that contains both the word "Secondary" and the word "Virtual", you can enter any of the following expressions in the search field: +Secondary+Virtual, Secondary AND Virtual, Secondary && Virtual.
• OR or ||. When placed between two words, it indicates that one word or the other can be found in the text. To search for a phrase that contains either the word "Secondary" or the word "Virtual", you can enter any of the following expressions in the search field: Secondary OR Virtual, Secondary || Virtual.
• Minus sign (-). When a minus sign precedes a word, no search results will contain this word. To search for a phrase that must contain such word as Secondary and must not contain such word as Virtual, you must enter the +Secondary-Virtual expression in the search field.
• "<some text>". Text enclosed in quotation marks must be present in the text. To search for a phrase that contains such word combination as Secondary Server, you must enter the "Secondary Server" expression in the search field.

Full-text search is available in the following filtering blocks:

• In the event list filtering block, by the Event and Description columns.
• In the user account filtering block, by the Name column.
• In the applications registry filtering block, by the Name column, if the Show in list section has no grouping selected as the filtering criterion.

Exporting lists from dialog boxes

In dialog boxes of the application you can export lists of objects to text files.

Export of a list of objects is possible for dialog box sections that contain the Export to file button.