Kaspersky Security Center 13.1

In this section, you can adjust the general profile settings for Exchange ActiveSync mobile devices:

Name
Profile name.
Allow non-provisionable devices
If this option is enabled, devices that cannot access all the Exchange ActiveSync policy settings are allowed to connect to Mobile Device Server. By using the connection, you can manage Exchange ActiveSync mobile devices. For example, you can set passwords, configure sending emails, or view information about the devices, such as the device ID or the policy status.

If this option is disabled, you cannot connect to the Mobile Device Server and manage Exchange ActiveSync mobile devices.

By default, this option is enabled. You can disable this option if you are not going to manage Exchange ActiveSync mobile devices and receive information about them.
Updating frequency (hours)
If this option is enabled, the application refreshes information about the Exchange ActiveSync policy with the frequency specified in the entry field.

If the option is disabled, information about the Exchange ActiveSync policy is not refreshed.

By default, this option is enabled, and the refreshing interval is one hour.

Page top

Device selection window

Choose a selection from the Device selection list. The list contains the default selections and the selections created by the user.

You can view the details of device selections in the workspace of the Device selections section.

Page top

Define the name of the new object window

In the window, specify the name of the newly created object. A name cannot be more than 100 characters long and cannot include any special characters ("*<>?\:|).

Page top

Application categories section

Full data transmission (for Network Agents Service Pack 2 and earlier)

In this section, you can configure the distribution of information about application categories on client devices.

If this option is selected, all data from an application category will be transmitted to client devices after that category is modified. This data transmission option is used with Network Agent Service Pack 2 and earlier versions.

Transmission of modified data only (for Network Agents Service Pack 2 and later)

If this option is selected, when an application category is modified, only modified data will be transmitted to client devices, not all data from that category. This data transmission option is used with Network Agent Service Pack 2 and later versions.

Page top

Features of using the management interface

This section describes actions that you can perform in the main window of Kaspersky Security Center.

In this section

Console tree

How to update data in the workspace

How to navigate the console tree

How to open the object properties window in the workspace

How to select a group of objects in the workspace

How to change the set of columns in the workspace

Page top

Console tree

The console tree (see the figure below) is designed to display the hierarchy of Administration Servers on the corporate network, the structure of their administration groups, and other objects of the application, such as the Repositories or Application management folders. The name space of Kaspersky Security Center can contain several nodes including the names of servers corresponding to the installed Administration Servers included in the hierarchy.

Console tree

Administration Server node

The Administration Server – <Device name> node is a container that shows the structural organization of the selected Administration Server.

The workspace of the Administration Server node contains summary information about the current status of the application and devices managed through the Administration Server. Information in the workspace is distributed between various tabs:

Monitoring. Displays information about the application operation and the current status of client devices in real-time mode. Important messages for the administrator (such as messages on vulnerabilities, errors, or viruses detected) are highlighted in a specific color. You can use links on the Monitoring tab to perform the standard administrator tasks (for example, install and configure the security application on client devices), as well as to go to other folders in the console tree.
Statistics. Contains a set of charts grouped by topics (protection status, Anti-Virus statistics, updates, etc.). These charts visualize current information about the application operation and the status of client devices.
Reports. Contains templates for reports generated by the application. On this tab, you can create reports using preset templates, as well as create custom report templates.
Events window. Contains records on events that have been registered during the application operation. Those records are distributed between topics for ease of reading and filtering. On this tab, you can view selections of events that have been generated automatically, as well as create custom selections.

Folders in the Administration Server node

The Administration Server – <Device name> node includes the following folders:

Managed devices. This folder is intended for storage, display, configuration, and modification of the structure of administration groups, group policies, and group tasks.
Mobile Device Management. This folder is intended for managing mobile devices. The Mobile Device Management folder contains the following subfolders:
- Mobile Device Servers. Intended for managing iOS MDM Servers and Microsoft Exchange Mobile Devices Servers.
- Mobile Devices. It is intended for managing mobile devices, KES, Exchange ActiveSync, and iOS MDM.
- Certificates. It is intended for managing certificates of mobile devices.
Device selections. This folder is intended for quick selection of devices that meet specified criteria (a device selection) among all managed devices. For example, you can quickly select devices on which no security application is installed, and proceed to these devices (view the list). You can perform specific actions on these selected devices, for example, assign them some tasks. You can use preset selections or create your own custom selections.
Unassigned devices. This folder contains a list of devices that have not been included in any of the administration groups. You can perform some actions on unassigned devices, for example, move them into administration groups or install applications on them.
Policies. This folder is intended for viewing and creating policies.
Tasks. This folder is intended for viewing and creating tasks.
Kaspersky Licenses. Contains a list of license keys available for Kaspersky applications. In the workspace of this folder, you can add new license keys to the license key repository, deploy license keys to managed devices, and view the license key usage report.
Advanced. This folder contains a set of subfolders that correspond to various groups of application features.

Advanced folder. Moving folders in the console tree

The Advanced folder includes the following subfolders:

User accounts. Contains a list of network user accounts.
Application management. Intended for managing applications installed on devices on the network. The Application management folder contains the following subfolders:
- Application categories. Intended for managing custom application categories.
- Applications registry. Contains a list of applications on devices with Network Agent installed.
- Executable files. Contains the list of executable files stored on client devices with Network Agent installed.
- Software vulnerabilities. Contains a list of vulnerabilities in applications on devices with Network Agent installed.
- Software updates. Contains a list of application updates received by Administration Server that can be distributed on devices.
- Third-party licenses usage. Contains a list of licensed applications groups. You can use licensed applications groups to monitor the usage of licenses for third-party software (non-Kaspersky applications) and possible violations of licensing restrictions.
Remote installation. This folder is intended for managing remote installation of operating systems and applications. The Remote installation folder contains the following subfolders:
- Deploy device images. Intended for deploying images of operating systems on devices.
- Installation packages. Contains a list of installation packages that can be used for remote installation of applications on devices.
Data encryption and protection. This folder is intended for managing the process of data encryption on hard drives and removable drives.
Network poll. This folder displays the network in which Administration Server is installed. Administration Server receives information about the structure of the network and its devices, through regular polls of the Windows network, IP subnets, and Active Directory on the corporate network. Poll results are displayed in the workspaces of the corresponding folders: Domains, IP ranges, and Active Directory.
Repositories. This folder is intended for operations with objects used to monitor the status of devices and perform maintenance. The Repositories folder contains the following subfolders:
- Adaptive anomaly detection. Contains a list of detects performed by the Kaspersky Endpoint Security rules working in the SMART Training mode on client devices.
- Kaspersky software updates and patches. Contains a list of updates received by Administration Server that can be distributed to devices.
- Hardware. Contains a list of hardware connected to the organization's network.
- Quarantine. Contains a list of objects moved to Quarantine by anti-virus applications on devices.
- Backup. Contains a list of backup copies of files that were deleted or modified during disinfection on devices.
- Unprocessed files. Contains a list of files assigned for later scanning by anti-virus applications.

You can change the set of subfolders included in the Advanced folder. Frequently used subfolders can be moved up one level from the Advanced folder. Subfolders that are used rarely can be moved to the Advanced folder.

To move a subfolder out of the Advanced folder:

In the console tree, select the subfolder that you want to move out of the Advanced folder.
In the context menu of the subfolder, select View → Move from Advanced folder.

You can also move a subfolder out of the Advanced folder in the workspace of the Advanced folder by clicking the Move from Advanced folder link in the section with the name of that subfolder.

To move a subfolder to the Advanced folder:

In the console tree, select the subfolder that you need to move to the Advanced folder.
In the context menu of the subfolder, select View → Move to Advanced folder.

See also:

Main installation scenario

Page top

How to update data in the workspace

In Kaspersky Security Center, the workspace data (such as device statuses, statistics, and reports) are never updated automatically.

To update data in the workspace:

Press the F5 key.
In the context menu of the object in the console tree, select Refresh.
Click the refresh icon () in the workspace.

Page top

How to navigate the console tree

To navigate the console tree, you can use the following toolbar buttons:

—One step back.
—One step forward.
—One level up.

You can also use a navigation chain located in the upper-right corner of the workspace. The navigation chain contains the full path to the folder of the console tree in which you are currently located. All elements of the chain, except for the last one, are links to the objects in the console tree.

Page top

How to open the object properties window in the workspace

You can change the properties of the most Administration Console objects in the object properties window.

To open the properties window of an object located in the workspace:

From the context menu of the object, select Properties.
Select an object and press ALT+ENTER.

Page top

How to select a group of objects in the workspace

You can select a group of objects in the workspace. You can select a group of objects, for example, to create a set of devices for which you may create tasks later.

To select an objects range:

Select the first object in the range and press Shift.
Hold down the Shift key and select the last object in the range.

The range will be selected.

To group separate objects:

Select the first object in the group and press Ctrl.
Hold down the Ctrl key and select other objects that you want to include in the group.

The objects will be grouped.

Page top

How to change the set of columns in the workspace

Administration Console allows you to change a set of columns displayed in the workspace.

To change a set of columns displayed in the workspace:

In the console tree, click the object for which you wish to change the set of columns.
In the workspace of the folder, open the window intended for configuration of the set of columns by clicking the Add/Remove columns link.
In the Add/Remove columns window, specify the set of columns to be displayed.

Page top

Reference information

Tables of this section provide summary information about the context menu of Administration Console objects, as well as about the statuses of console tree objects and workspace objects.

In this section

Context menu commands

List of managed devices. Description of columns

Statuses of devices, tasks, and policies

File status icons in Administration Console

Page top

Context menu commands

This section lists Administration Console objects and corresponding context menu items (see table below).

Items of the context menu of Administration Console objects

Object	Menu item	Menu item purpose
General items of context menu	Search	Opens the devices search window.
	Refresh	Refreshes the display of the selected object.
	Export list	Exports the current list to a file.
	Properties	Opens the properties window of the selected object.
	View → Add/Remove columns	Adds or removes columns to/from the table of objects in the workspace.
	View → Large icons	Shows objects in the workspace as large icons.
	View → Small icons	Shows objects in the workspace as small icons.
	View → List	Shows objects in the workspace as a list.
	View → Table	Shows objects in the workspace as a table.
	View → Configure	Configures the display of Administration Console elements.
Kaspersky Security Center	New → Administration Server	Adds an Administration Server to the console tree.
<Administration Server name>	Connect to Administration Server	Connects to the Administration Server.
<Administration Server name>	Disconnect from Administration Server	Disconnects from the Administration Server.
Managed devices	Install application	Starts the Application Remote Installation Wizard.
	View → Configure interface	Configures the display of interface elements.
	Remove	Removes the Administration Server from the console tree.
	Install application	Starts the Remote Installation Wizard for the administration group.
	Reset Virus Counter	Resets the virus counters for devices included in the administration group.
	View report on threats	Creates a report on threats and virus activity on devices included in the administration group.
	New → Group	Creates an administration group.
	All Tasks → New group structure	Creates a structure of administration groups based on the structure of domains or Active Directory.
	All Tasks → Show Message	Starts the New Message for User Wizard intended for the users of devices included in the administration group.
Managed devices → Administration Servers	New → Secondary Administration Server	Starts the Add Secondary Administration Server Wizard.
Managed devices → Administration Servers	New → Virtual Administration Server	Starts the New Virtual Administration Server Wizard.
Mobile Device Management → Mobile devices	New → Mobile device	Connects a new mobile device of the user.
Mobile Device Management → Certificates	New → Certificate	Creates a certificate.
Mobile Device Management → Certificates	Create → Mobile device	Connects a new mobile device of the user.
Device selections	New → New selection	Creates a device selection.
Device selections	All Tasks → Import	Imports a selection from a file.
Kaspersky Licenses	Add activation code or key file	Adds a license key to the Administration Server repository.
	Activate Application	Starts the Application Activation Task Creation Wizard.
	Report on usage of license keys	Creates and shows a report on license keys on client devices.
Application management → Application categories	New → Category	Creates an application category.
Application management → Applications registry	Filter	Sets up a filter for the list of applications.
	Monitored Applications	Configures the publishing of events related to installation of applications.
	Remove applications that are not installed	Clears the list of all details of applications that are no longer installed on networked devices.
Application management → Software updates	Accept License Agreements for updates	Accepts the License Agreements of software updates.
Application management → Third-party licenses usage	New → Licensed applications group	Creates a licensed applications group.
Remote installation → Installation packages	Show current application versions	Shows the list of up-to-date versions of Kaspersky applications available on web servers.
	New → Installation package	Creates an installation package.
	All Tasks → Update databases	Updates application databases in installation packages.
	All Tasks → Show the general list of stand-alone packages	Shows the list of stand-alone packages created for installation packages.
Device discovery → Domains	All Tasks → Device Activity	Sets up the Administration Server's response to inactivity of networked devices.
Device discovery → IP ranges	New → IP range	Creates an IP range.
Repositories → Updates for Kaspersky databases and software modules	Download updates	Opens the properties window of the Download updates to the repository task of the Administration Server.
	Updates Download Settings	Configures the Download updates to the repository task of the Administration Server.
	Report on usage of anti-virus databases	Creates and shows a report on versions of databases.
	All Tasks → Clear updates repository	Clears the repository of updates on the Administration Server.
Repositories → Hardware	New → Device	Creates a new device.

List of managed devices. Description of columns

The following table displays the names and respective descriptions of columns in the list of managed devices.

Descriptions of columns in the list of managed devices

Column name	Value
Name	NetBIOS name of the client device. The descriptions of the icons of device names are given in the appendix.
Operating system type	Type of operating system installed on the client device.
Windows domain	Name of the Windows domain in which the client device is located.
Network Agent is installed	Result of Network Agent installation on the client device (Yes, No, Unknown).
Network Agent is running	The result of Network Agent operation (Yes, No, Unknown).
Real-time protection	Security application is installed (Yes, No, Unknown).
Last connected to Administration Server	Time period that has elapsed since the client device was connected to the Administration Server.
Protection last updated	The time period that has elapsed since the last update of managed devices.
Status	Current status of the client device (OK, Critical, or Warning).
Status description	Reasons for change of the client device status to Critical or Warning. The device status changes to Warning or Critical for the following reasons: Security application is not installed. Too many viruses detected. Real-time protection level differs from the level set by the Administrator. Virus scan has not been performed in a long time. Databases are outdated. Not connected in a long time. Active threats are detected. Restart is required. Incompatible applications are installed. Software vulnerabilities have been detected. Check for Windows Update updates has not been performed in a long time. Invalid encryption status. Mobile device settings do not comply with the policy. Unprocessed incidents detected. Device status defined by application. Device is out of disk space. License expires soon. The device status only changes to Critical by the following reasons: License expired. Device has become unmanaged. Protection is disabled. Security application is not running. Managed Kaspersky applications on client devices can add status descriptions to the list. Kaspersky Security Center can receive the description of a client device status from managed Kaspersky applications installed on that device. If the status that has been assigned to the device by a managed application is other than that assigned by Kaspersky Security Center, Administration Console displays the status that is the most critical to the device security. For example, if a managed application has assigned the Critical status to the device while Kaspersky Security Center has assigned it the Warning status, Administration Console displays the Critical status for that device with the corresponding description provided by the managed application.
Information last updated	Time period that has elapsed since the client device was last synchronized successfully with the Administration Server (that is, since the last network scan).
DNS name	DNS domain name of the client device.
DNS domain	The main DNS suffix.
IP address	IP address of the client device. It is recommended to use the IPv4 address.
Last visible	Time period during which the client device has remained visible on the network.
Last full scan	Date and time of the last scan of the client device performed by the security application upon the user's request.
Total number of threats detected	Number of threats found.
Real-time protection status	Real-time protection status (Starting, Running, Running (maximum protection), Running (maximum speed), Running (recommended settings), Running (custom settings), Stopped, Paused, Failed).
Connection IP address	The IP address that is used for connection to Kaspersky Security Center Administration Server.
Network Agent version	Version of Network Agent.
Application version	Version of the security application installed on the client device.
Anti-virus databases last updated	The version of the anti-virus databases.
System last started	Date and time when the client device was last turned on.
Restart is required	Restart of the client device is required.
Distribution point	Name of the device that acts as distribution point for this client device.
Description	Description of the client device received after a network scan.
Encryption status	Data encryption status of the client device.
WUA status	Status of Windows Update Agent on the client device. Yes corresponds to client devices that receive updates through Windows Update from the Administration Server. No corresponds to client devices that receive updates through Windows Update from other sources.
Operating system bit size	Bit size of the operating system installed on the client device.
Spam protection status	Status of Spam protection component (Running, Starting, Stopped, Paused, Failed, No data from device)
Data Leakage Prevention status	Status of Data Leakage Prevention component (Running, Starting, Stopped, Paused, Failed, No data from device)
Collaboration servers protection status	Status of Content Filtering component (Running, Starting, Stopped, Paused, Failed, No data from device)
Anti-virus protection status of mail servers	Status of Mail Server anti-virus protection component (Running, Starting, Stopped, Paused, Failed, No data from device)
Endpoint Sensor status	Status of Endpoint Sensor component (Running, Starting, Stopped, Paused, Failed, No data from device)
Created	Time when the <Device Name> icon was created. This attribute is used to compare various events with each other.
Name of virtual or secondary Administration Server	Name of virtual or secondary Administration Server. This column is only available in lists that contain devices from different Administration Servers.
Parent group	Name of the administration group where the < Device Name> icon is located. This column is only available in lists that contain devices from different Administration Servers.
Managed by a different Administration Server	The parameter can take one of these values: True, if during remote installation of security applications on the device, it turns out that the device is managed by different Administration Server. False, otherwise.
Operating system build	The build number of the operating system. You can specify whether the selected operating system must have an equal, earlier, or later build number. You can also configure searching for all build numbers except the specified one.
Operating system release ID	The release identifier (ID) of the operating system. You can specify whether the selected operating system must have an equal, earlier, or later release ID. You can also configure searching for all release ID numbers except the specified one.

Statuses of devices, tasks, and policies

The table below contains a list of icons displayed in the console tree and in the Administration Console workspace, next to the names of devices, tasks, and policies. Those icons define the statuses of objects.

Statuses of devices, tasks, and policies

Icon	Status
	Device with an operating system for workstations detected in the system but not yet included in any of the administration groups.
	Device with an operating system for workstations included in an administration group, with the OK status.
	Device with an operating system for workstations included in an administration group, with the Warning status.
	Device with an operating system for workstations included in an administration group, with the Critical status.
	Device with an operating system for workstations included in an administration group, which has lost connection with the Administration Server.
	Device with an operating system for servers detected in the system but not yet included in any of the administration groups.
	Device with an operating system for servers included in an administration group, with the OK status.
	Device with an operating system for servers included in an administration group, with the Warning status.
	Device with an operating system for servers included in an administration group, with the Critical status.
	Device with an operating system for servers included in an administration group, which has lost connection with the Administration Server.
	Mobile device detected on the network and included in none of the administration groups.
	Mobile device included in an administration group, with the OK status.
	Mobile device included in an administration group, with the Warning status.
	Mobile device included in an administration group, with the Critical status.
	Mobile device included in an administration group, having lost its connection with the Administration Server.
	UEFI protection device detected on the network but not included in any administration group. UEFI protection device is on the network.
	UEFI protection device detected on the network but not included in any administration group. UEFI protection device is not on the network.
	UEFI protection device included in an administration group, with OK status. UEFI protection device is on the network.
	UEFI protection device included in an administration group, with OK status. UEFI protection device is not on the network.
	UEFI protection device included in an administration group, with Warning status. UEFI protection device is on the network.
	UEFI protection device included in an administration group, with Warning status. UEFI protection device is not on the network.
	UEFI protection device included in an administration group, with Critical status. UEFI protection device is on the network.
	UEFI protection device included in an administration group, with Critical status. UEFI protection device is not on the network.
	Active policy.
	Inactive policy.
	Active policy inherited from a group that was created on the primary Administration Server.
	Active policy inherited from a top-level group.
	Task (group task, Administration Server task, or task for specific devices) with the Scheduled or Completed successfully status.
	Task (group task, Administration Server task, or task for specific devices) with the Running status.
	Task (group task, Administration Server task, or task for specific devices) with the Failed status.
	Task inherited from a group that was created on the primary Administration Server.
	Task inherited from a top-level group.

File status icons in Administration Console

For ease of file management in Kaspersky Security Center Administration Console, icons are displayed next to the names of files (see table below). Icons indicate statuses assigned to files by managed Kaspersky applications on client devices. Icons are shown in the workspaces of the Quarantine, Backup, and Active threats folders.

Statuses are assigned to objects by Kaspersky Endpoint Security installed on the client device on which the object is located.

Correspondence between icons and file statuses

Icon	Status
	File with the Infected status.
	File with the Warning or Probably infected status.
	File with the Added by user status.
	File with the False positive status.
	File with the Disinfected status.
	File with the Deleted status.
	File in the Quarantine folder with the Not infected, Password-protected or Must be sent to Kaspersky status. If there is no status description next to an icon, this means that the managed Kaspersky application on the client device has reported an unknown status to Kaspersky Security Center.
	File in the Backup folder with the Not infected, Password-protected or Must be sent to Kaspersky status. If there is no status description next to an icon, this means that the managed Kaspersky application on the client device has reported an unknown status to Kaspersky Security Center.
	File in the Active threats folder with Not infected, Password-protected or Must be sent to Kaspersky status. If there is no status description next to an icon, this means that the managed Kaspersky application on the client device has reported an unknown status to Kaspersky Security Center.

Using masks in string variables

Searching and exporting data

This section contains information about data search methods and about exporting data.

In this section

Finding devices

Device search settings

Using regular expressions in the search field

Exporting lists from dialog boxes

Page top

Finding devices

Kaspersky Security Center allows you to find devices on the basis of specified criteria. Search results can be saved to a text file.

The search feature allows you to find the following devices:

Client devices in administration groups of an Administration Server and its secondary Servers.
Unassigned devices managed by an Administration Server and its secondary Servers.

To find client devices included in an administration group:

In the console tree, select an administration group folder.
Select Search from the context menu of the administration group folder.
On the tabs of the Search window, specify the criteria for the search of devices, and click the Find now button.

Devices that meet the specified search criteria are now displayed in a table in the lower part of the Search window.

To find unassigned devices:

In the console tree, select the Unassigned devices folder.
Select Search from the context menu of the Unassigned devices folder.
On the tabs of the Search window, specify the criteria for the search of devices, and click the Find now button.

Devices that meet the specified search criteria are now displayed in a table in the lower part of the Search window.

To find devices regardless of whether they are included in an administration group:

In the console tree, select the Administration Server node.
In the context menu of the node, select Search.
On the tabs of the Search window, specify the criteria for the search of devices, and click the Find now button.

Devices that meet the specified search criteria are now displayed in a table in the lower part of the Search window.

In the Search window you can also search for administration groups and secondary Administration Servers using a drop-down list in the top right corner of the window. Search functionality for administration groups and secondary Administration Servers is not available if you opened the Search window from the Unassigned devices folder.

To find devices, you can use regular expressions in the fields of the Search window.

Full text search in the Search window is available:

On the Network tab, in the Description field
On the Hardware tab, in the Device, Vendor, and Description fields

See also:

Device search settings

Page top

Device search settings

Below are descriptions of the settings used for searching managed devices. Search results are displayed in the lower part of the window.

Network

On the Network tab, you can specify the criteria that will be used to search for devices according to their network data:

Device name or IP address
Windows network name (NetBIOS name) of the device or IPv4 address.
Windows domain
Displays all devices included in the specified Windows domain.
Administration group
Displays devices included in the specified administration group.
Description
Text in the device properties window: In the Description field of the General section.

To describe text in the Description field, you can use the following characters:
- Within a word:
  - *. Replaces any string with any number of characters.
  Example:
  
  To describe words such as Server or Server's, you can enter Server*.
  - ?. Replaces any single character.
  Example:
  
  To describe words such as Window or Windows, you can enter Windo?.
  
  Asterisk (*) or question mark (?) cannot be used as the first character in the query.
- To find several words:
  - Space. Displays all the devices whose descriptions contain any of the listed words.
  Example:
  
  To find a phrase that contains Secondary or Virtual words, you can include Secondary Virtual line in your query.
  - +. When a plus sign precedes a word, all search results will contain this word.
  Example:
  
  To find a phrase that contains both Secondary and Virtual, enter the +Secondary+Virtual query.
  - -. When a minus sign precedes a word, no search results will contain this word.
  Example:
  
  To find a phrase that contains Secondary and does not contain Virtual, enter the +Secondary-Virtual query.
  - "<some text>". Text enclosed in quotation marks must be present in the text.
  Example:
  
  To find a phrase that contains Secondary Server word combination, you can enter "Secondary Server" in the query.
IP range
If this option is enabled, you can enter the initial and final IP addresses of the IP range in which the relevant devices must be included.

By default, this option is disabled.
Managed by a different Administration Server
Select one of the following values:
- Yes. Only the client devices managed by other Administration Servers are considered.
- No. Only the client devices managed by the same Administration Server are considered.
- No value is selected. The criterion will not be applied.

Finding devices

Page top

Using masks in string variables

Using masks for string variables is allowed. When creating masks, you can use the following regular expressions:

Wildcard character (*)—Any string of 0 or more characters.
Question mark (?)—Any single character.
[<range>]—Any single character from a specified range or set.
For example: [0–9]—Any digit. [abcdef]—Any of the characters a, b, c, d, e, or f.

Page top

Using regular expressions in the search field

You can use the following regular expressions in the search field to search for specific words and characters:

*. Replaces any sequence of characters. To search for such words as Server, Servers, or Server room, enter the Server* expression in the search field.
?. Replaces any single character. To search for such words as Word or Ward, enter the W?rd expression in the search field.
Text in the search field cannot begin with a question mark (?).
[<range>]. Replaces any single character from a specified range or set. To search for any numeral, enter the [0-9] expression in the search field. To search for one of the characters—a, b, c, d, e, or f—enter the [abcdef] expression in the search field.

Use the following regular expressions in the search field to run a full-text search:

Space. The result is all devices whose descriptions contain any of the listed words. For example, to search for a phrase that contains the word "Secondary" or "Virtual" (or both these words), enter the Secondary Virtual expression in the search field.
Plus sign (+), AND, or &&. When a plus sign precedes a word, all search results will contain this word. For example, to search for a phrase that contains both the word "Secondary" and the word "Virtual", you can enter any of the following expressions in the search field: +Secondary+Virtual, Secondary AND Virtual, Secondary && Virtual.
OR or ||. When placed between two words, it indicates that one word or the other can be found in the text. To search for a phrase that contains either the word "Secondary" or the word "Virtual", you can enter any of the following expressions in the search field: Secondary OR Virtual, Secondary || Virtual.
Minus sign (-). When a minus sign precedes a word, no search results will contain this word. To search for a phrase that must contain such word as Secondary and must not contain such word as Virtual, you must enter the +Secondary-Virtual expression in the search field.
"<some text>". Text enclosed in quotation marks must be present in the text. To search for a phrase that contains such word combination as Secondary Server, you must enter the "Secondary Server" expression in the search field.

Full-text search is available in the following filtering blocks:

In the event list filtering block, by the Event and Description columns.
In the user account filtering block, by the Name column.
In the applications registry filtering block, by the Name column, if the Show in list section has no grouping selected as the filtering criterion.

Page top

Exporting lists from dialog boxes

In dialog boxes of the application you can export lists of objects to text files.

Export of a list of objects is possible for dialog box sections that contain the Export to file button.

Page top

Settings of tasks

This section lists all settings of tasks in Kaspersky Security Center.

In this section

Download updates to the Administration Server repository task settings

Download updates to the repositories of distribution points task settings

Find vulnerabilities and required updates task settings

Install required updates and fix vulnerabilities task settings

Page top

General task settings

This section contains the settings that you can view and configure for most of your tasks. The list of settings available depends on the task you are configuring.

Settings specified during task creation

You can specify the following settings when creating a task. Some of these settings can also be modified in the properties of the created task.

Operating system restart settings:
- Do not restart the device
  Client devices are not restarted automatically after the operation. To complete the operation, you must restart a device (for example, manually or through a device management task). Information about the required restart is saved in the task results and in the device status. This option is suitable for tasks on servers and other devices where continuous operation is critical.
- Restart the device
  Client devices are always restarted automatically if a restart is required for completion of the operation. This option is useful for tasks on devices that provide for regular pauses in their operation (shutdown or restart).
- Prompt user for action
  The restart reminder is displayed on the screen of the client device, prompting the user to restart it manually. Some advanced settings can be defined for this option: text of the message for the user, the message display frequency, and the time interval after which a restart will be forced (without the user's confirmation). This option is most suitable for workstations where users must be able to select the most convenient time for a restart.
  
  By default, this option is selected.
- Repeat prompt every (min)
  If this option is enabled, the application prompts the user to restart the operating system with the specified frequency.
  
  By default, this option is enabled. The default interval is 5 minutes. Available values are between 1 and 1440 minutes.
  
  If this option is disabled, the prompt is displayed only once.
- Restart after (min)
  After prompting the user, the application forces restart of the operating system upon expiration of the specified time interval.
  
  By default, this option is enabled. The default delay is 30 minutes. Available values are between 1 and 1440 minutes.
- Force closure of applications in blocked sessions
  Running applications may prevent a restart of the client device. For example, if a document is being edited in a word processing application and is not saved, the application does not allow the device to restart.
  
  If this option is enabled, such applications on a locked device are forced to close before the device restart. As a result, users may lose their unsaved changes.
  
  If this option is disabled, a locked device is not restarted. The task status on this device states that a device restart is required. Users have to manually close all applications running on locked devices and restart these devices.
  
  By default, this option is disabled.
Task scheduling settings:
- Scheduled start setting:
  - Every N hours
    The task runs regularly, with the specified interval in hours, starting from the specified date and time.
    
    By default, the task runs every six hours, starting from the current system date and time.
  - Every N days
    The task runs regularly, with the specified interval in days. Additionally, you can specify a date and time of the first task run. These additional options become available, if they are supported by the application for which you create the task.
    
    By default, the task runs every day, starting from the current system date and time.
  - Every N weeks
    The task runs regularly, with the specified interval in weeks, on the specified day of week and at the specified time.
    
    By default, the task runs every Monday at the current system time.
  - Every N minutes
    The task runs regularly, with the specified interval in minutes, starting from the specified time on the day that the task is created.
    
    By default, the task runs every 30 minutes, starting from the current system time.
  - Daily (daylight saving time is not supported)
    The task runs regularly, with the specified interval in days. This schedule does not support observance of daylight saving time (DST). It means that when clocks jump one hour forward or backward at the beginning or ending of DST, the actual task start time does not change.
    
    We do not recommend that you use this schedule. It is needed for backward compatibility of Kaspersky Security Center.
    
    By default, the task starts every day at the current system time.
  - Weekly
    The task runs every week on the specified day and at the specified time.
  - By days of week
    The task runs regularly, on the specified days of week, at the specified time.
    
    By default, the task runs every Friday at 6:00:00 PM.
  - Monthly
    The task runs regularly, on the specified day of the month, at the specified time.
    
    In months that lack the specified day, the task runs on the last day.
    
    By default, the task runs on the first day of each month, at the current system time.
  - Manually
    The task does not run automatically. You can only start it manually.
    
    By default, this option is enabled.
  - Every month on specified days of selected weeks
    The task runs regularly, on the specified days of each month, at the specified time.
    
    By default, no days of month are selected; the default start time is 6:00:00 PM.
  - When new updates are downloaded to the repository
    The task runs after updates are downloaded to the repository. For example, you may want to use this schedule for the find vulnerabilities and required updates task.
  - On virus outbreak
    The task runs after a Virus outbreak event occurs. Select application types that will monitor virus outbreaks. The following application types are available:
    - Anti-virus for workstations and file servers
    - Anti-virus for perimeter defense
    - Anti-virus for mail systems
    By default, all application types are selected.
    
    You may want to run different tasks depending on the anti-virus application type that reports a virus outbreak. In this case, remove the selection of the application types that you do not need.
  - On completing another task
    The current task starts after another task completes. You can select how the previous task must complete (successfully or with error) to trigger the start of the current task. For example, you may want to run the Manage devices task with the Turn on the device option and, after it completes, run the Virus scan task.
- Run missed tasks
  This option determines the behavior of a task if a client device is not visible on the network when the task is about to start.
  
  If this option is enabled, the system attempts to start the task the next time the Kaspersky application is run on the client device. If the task schedule is Manually, Once or Immediately, the task is started immediately after the device becomes visible on the network or immediately after the device is included in the task scope.
  
  If this option is disabled, only scheduled tasks run on client devices; for Manually, Once and Immediately, tasks run only on those client devices that are visible on the network. For example, you may want to disable this option for a resource-consuming task that you want to run only outside of business hours.
  
  By default, this option is enabled.
- Use automatically randomized delay for task starts
  If this option is enabled, the task is started on client devices randomly within a specified time interval, that is, distributed task start. A distributed task start helps to avoid a large number of simultaneous requests by client devices to the Administration Server when a scheduled task is running.
  
  The distributed start time is calculated automatically when a task is created, depending on the number of client devices to which the task is assigned. Later, the task is always started on the calculated start time. However, when task settings are edited or the task is started manually, the calculated value of the task start time changes.
  
  If this option is disabled, the task starts on client devices according to the schedule.
- Use randomized delay for task starts within an interval of (min)
  If this option is enabled, the task is started on client devices randomly within the specified time interval. A distributed task start helps to avoid a large number of simultaneous requests by client devices to the Administration Server when a scheduled task is running.
  
  If this option is disabled, the task starts on client devices according to the schedule.
  
  By default, this option is disabled. The default time interval is one minute.
Devices to which the task will be assigned:
- Select networked devices detected by Administration Server
  The task is assigned to specific devices. The specific devices can include devices in administration groups as well as unassigned devices.
  
  For example, you may want to use this option in a task of installing Network Agent on unassigned devices.
- Specify device addresses manually or import addresses from a list
  You can specify NetBIOS names, DNS names, IP addresses, and IP subnets of devices to which you want to assign the task.
  
  You may want to use this option to execute a task for a specific subnet. For example, you may want to install a certain application on devices of accountants or to scan devices in a subnet that is probably infected.
- Assign task to a device selection
  The task is assigned to devices included in a device selection. You can specify one of the existing selections.
  
  For example, you may want to use this option to run a task on devices with a specific operating system version.
- Assign task to an administration group
  The task is assigned to devices included in an administration group. You can specify one of the existing groups or create a new one.
  
  For example, you may want to use this option to run a task of sending a message to users if the message is specific for devices included in a specific administration group.
Account settings:
- Default account
  The task will be run under the same account as the application that performs this task.
  
  By default, this option is selected.
- Specify account
  Fill in the Account and Password fields to specify the details of an account under which the task is run. The account must have sufficient rights for this task.
- Account
  Account under which the task is run.
- Password
  Password of the account under which the task will be run.

Settings specified after task creation

You can specify the following settings only after a task is created.

Advanced scheduling settings:
- Activate the device before the task is started through Wake-on-LAN (min)
  The operating system on the device starts at the specified time before the task is started. The default time period is five minutes.
  
  Enable this option if you want the task to run on all of the client devices from the task scope, including those devices that are turned off when the task is about to start.
  
  If you want the device to be automatically turned off after the task is complete, enable the Shut down device when task is complete option. This option can be found in the same window.
  
  By default, this option is disabled.
- Shut down device when task is complete
  For example, you may want to enable this option for an install update task that installs updates to client devices each Friday after business hours, and then turns off these devices for the weekend.
  
  By default, this option is disabled.
- Stop if the task is taking longer than (min)
  After the specified time period expires, the task is stopped automatically, whether it is completed or not.
  
  Enable this option if you want to interrupt (or stop) tasks that take too long to execute.
  
  By default, this option is disabled. The default task execution time is 120 minutes.
Notification settings:
- Store task history block:
  - On Administration Server for (days)
    Application events related to execution of the task on all client devices from the task scope are stored on the Administration Server during the specified number of days. When this period elapses, the information is deleted from the Administration Server.
    
    By default, this option is enabled.
  - Store in the OS event log on device
    Application events related to execution of the task are stored locally in Windows Event Log of each client device.
    
    By default, this option is disabled.
  - Store in the OS event log on Administration Server
    Application events related to execution of the task on all client devices from the task scope are stored centrally in Windows Event Log of the Administration Server operating system (OS).
    
    By default, this option is disabled.
  - Save all events
    If this option is selected, all events related to the task are saved to the event logs.
  - Save events related to task progress
    If this option is selected, only events related to the task execution are saved to the event logs.
  - Save only task execution results
    If this option is selected, only events related to the task results are saved to the event logs.
- Notify administrator of task execution results
  You can select the methods by which administrators receive notifications about task execution results: by email, by SMS, and by running an executable file. To configure notification, click the Settings link.
  
  By default, all notification methods are disabled.
- Notify of errors only
  If this option is enabled, administrators are only notified when a task execution completes with an error.
  
  If this option is disabled, administrators are notified after every task execution completion.
  
  By default, this option is enabled.
Security settings
Task scope settings
Depending on how the task scope is determined, the following settings are present:
- Devices
  If the scope of a task is determined by an administration group, you can view this group. No changes are available here. However, you can set Exclusions from task scope.
  
  If the scope of a task is determined by a list of devices, you can modify this list by adding and removing devices.
- Device selection
  You can change the device selection to which the task is applied.
- Exclusions from task scope
  You can specify groups of devices to which the task is not applied. Groups to be excluded can only be subgroups of the administration group to which the task is applied.
Revision history

Page top

Download updates to the Administration Server repository task settings

Settings specified during task creation

You can specify the following settings when creating a task. Some of these settings can also be modified in the properties of the created task.

Sources of updates
The following resources can be used as a source of updates for the Administration Server:
- Kaspersky update servers
  HTTP(S) servers at Kaspersky from which Kaspersky applications download database and application module updates. By default, the Administration Server communicates with Kaspersky update servers and downloads updates by using the HTTPS protocol. You can configure the Administration Server to use the HTTP protocol instead of HTTPS.
  
  Selected by default.
- Primary Administration Server
  This resource applies to tasks created for a secondary or virtual Administration Server.
- Local or network folder
  A local or network folder that contains the latest updates. A network folder can be an FTP or HTTP server, or an SMB share. When selecting a local folder, you must specify a folder on the device that has Administration Server installed.
  
  An FTP or HTTP server or a network folder used by an update source must contain a folders structure (with updates) that matches the structure created when using Kaspersky update servers.
Other settings:
Force update of secondary Administration Servers

If this option is enabled, the Administration Server starts the update tasks on the secondary Administration Servers as soon as new updates are downloaded. Otherwise, the update tasks on the secondary Administration Servers start according to their schedules.

By default, this option is disabled.

Copy downloaded updates to additional folders

After the Administration Server receives updates, it copies them to the specified folders. Use this option if you want to manually manage the distribution of updates on your network.

For example, you may want to use this option in the following situation: the network of your organization consists of several independent subnets, and devices from each of the subnets do not have access to other subnets. However devices in all of the subnets have access to a common network share. In this case, you set Administration Server in one of the subnets to download updates from Kaspersky update servers, enable this option, and then specify this network share. In downloaded updates to the repository tasks for other Administration Servers, specify the same network share as the update source.

By default, this option is disabled.

Do not force updating of devices and secondary Administration Servers unless copying is complete

The tasks of downloading updates to client devices and secondary Administration Servers start only after those updates are copied from the main update folder to additional update folders.

This option must be enabled if client devices and secondary Administration Servers download updates from additional network folders.

By default, this option is disabled.

Update Network Agent modules (for Network Agent versions earlier than 10 Service Pack 2)

If this option is enabled, updates for software modules of Network Agent are installed automatically after the Administration Server completes the download updates to the repository task. Otherwise, updates received for Network Agent modules can be installed manually.

This option is only applicable to Network Agent versions earlier than 10 Service Pack 2. Starting from version 10 Service Pack 2, Network Agents are updated automatically.

By default, this option is enabled.

Settings specified after task creation

You can specify the following settings only after a task is created.

Settings section, Content of updates block:
Download diff files

This option enables the downloading diff files feature.

By default, this option is disabled.
Update verification section:
Verify updates before distributing

Administration Server downloads updates from the source, saves them to a temporary repository, and runs the task defined in the Update verification task field. If the task completes successfully, the updates are copied from the temporary repository to a shared folder on the Administration Server and then distributed to all devices for which the Administration Server acts as the source of updates (tasks with the When new updates are downloaded to the repository schedule type are started). The task of downloading updates to the repository is finished only after completion of the Update verification task.

By default, this option is disabled.

Update verification task

This task verifies downloaded updates before they are distributed to all devices for which the Administration Server acts as the source of updates.

In this field, you can specify the Update verification task created earlier. Alternatively, you can create a new Update verification task.

See also:

Creating the task for downloading updates to the repository of the Administration Server

Verifying downloaded updates

Page top

Download updates to the repositories of distribution points task settings

Settings specified during task creation

You can specify the following settings when creating a task. Some of these settings can also be modified in the properties of the created task.

Sources of updates
The following resources can be used as a source of updates for the distribution point:
- Kaspersky update servers
  HTTP(S) servers at Kaspersky from which Kaspersky applications download database and application module updates.
  
  This option is selected by default.
- Primary Administration Server
  This resource applies to tasks created for a secondary or virtual Administration Server.
- Local or network folder
  A local or network folder that contains the latest updates. A network folder can be an FTP or HTTP server, or an SMB share. If a network folder requires authentication, only the SMB protocol is supported. When selecting a local folder, you must specify a folder on the device that has Administration Server installed.
  
  An FTP or HTTP server or a network folder used by an update source must contain a folders structure (with updates) that matches the structure created when using Kaspersky update servers.
If you enable the Do not use proxy server option for the Kaspersky update servers or Local or network folder sources of update, a distribution point does not use a proxy server for downloading updates, even if you enabled the option Use proxy server of the Network Agent policy settings for the distribution point.
Other settings → Folder for storing updates
The path to the specified folder for storing saved updates. You can copy the specified folder path to a clipboard. You cannot change the path to a specified folder for a group task.

Settings specified after task creation

You can specify the following setting in the Settings section, in the Content of updates block only after a task is created.

Download diff files

This option enables the downloading diff files feature.

By default, this option is disabled.

See also:

Creating the Download updates to the repositories of distribution points task

Page top

Find vulnerabilities and required updates task settings

Settings specified during task creation

You can specify the following settings when creating a task. Some of these settings can also be modified in the properties of the created task.

Search for vulnerabilities and updates listed by Microsoft
When searching for vulnerabilities and updates, Kaspersky Security Center uses the information about applicable Microsoft updates from the source of Microsoft updates, which are available at the present moment.

For example, you may want to disable this option if you have different tasks with different settings for Microsoft updates and updates of third-party applications.

By default, this option is enabled.
- Connect to the update server to update data
  Windows Update Agent on a managed device connects to the source of Microsoft updates. The following servers can act as a source of Microsoft updates:
  - Kaspersky Security Center Administration Server (see the settings of Network Agent policy)
  - Windows Server with Microsoft Windows Server Update Services (WSUS) deployed in your organization's network
  - Microsoft Updates servers
  If this option is enabled, Windows Update Agent on a managed device connects to the source of Microsoft updates to refresh the information about applicable Microsoft Windows updates.
  
  If this option is disabled, Windows Update Agent on a managed device uses the information about applicable Microsoft Windows updates that was received from the source of Microsoft updates earlier and that is stored in the device's cache.
  
  Connecting to the source of Microsoft updates can be resource-consuming. You might want to disable this option if you set regular connection to this source of updates in another task or in the properties of Network Agent policy, in the section Software updates and vulnerabilities. If you do not want to disable this option, then, to reduce the Server overload, you can configure the task schedule to randomize delay for task starts within 360 minutes.
  
  By default, this option is enabled.
  
  Combination of the following options of the settings of Network Agent policy defines the mode of getting updates:
  - Windows Update Agent on a managed device connects to the Update Server to get updates only if the Connect to the update server to update data option is enabled and the Active option, in the Windows Update search mode settings group, is selected.
  - Windows Update Agent on a managed device uses the information about applicable Microsoft Windows updates that was received from the source of Microsoft updates earlier and that is stored in the device's cache, if the Connect to the update server to update data option is enabled and the Passive option, in the Windows Update search mode settings group, is selected, or if the Connect to the update server to update data option is disabled and the Active option, in the Windows Update search mode settings group, is selected.
  - Irrespective of the Connect to the update server to update data option's status (enabled or disabled), if Disabled option, in the Windows Update search mode settings group is selected, Kaspersky Security Center does not request any information about updates.
Search for third-party vulnerabilities and updates listed by Kaspersky
If this option is enabled, Kaspersky Security Center searches for vulnerabilities and required updates for third-party applications (applications made by software vendors other than Kaspersky and Microsoft) in Windows Registry and in the folders specified under Specify paths for advanced search of applications in file system. The full list of supported third-party applications is managed by Kaspersky.

If this option is disabled, Kaspersky Security Center does not search for vulnerabilities and required updates for third-party applications. For example, you may want to disable this option if you have different tasks with different settings for Microsoft Windows updates and updates of third-party applications.

By default, this option is enabled.
- Specify paths for advanced search of applications in file system
  The folders in which Kaspersky Security Center searches for third-party applications that require vulnerability fix and update installation. You can use system variables.
  
  Specify the folders to which applications are installed. By default, the list contains system folders to which most of the applications are installed.
Enable advanced diagnostics
If this feature is enabled, Network Agent writes traces even if tracing is disabled for Network Agent in Kaspersky Security Center Remote Diagnostics Utility. Traces are written to two files in turn; the total size of both files is determined by the Maximum size, in MB, of advanced diagnostics files value. When both files are full, Network Agent starts writing to them again. The files with traces are stored in the %WINDIR%\Temp folder. These files are accessible in the remote diagnostics utility, you can download or delete them there.

If this feature is disabled, Network Agent writes traces according to the settings in Kaspersky Security Center Remote Diagnostics Utility. No additional traces are written.

When creating a task, you do not have to enable advanced diagnostics. You may want to use this feature later if, for example, a task run fails on some of the devices and you want to get additional information during another task run.

By default, this option is disabled.
- Maximum size, in MB, of advanced diagnostics files
  The default value is 100 MB, and available values are between 1 MB and 2048 MB. You may be asked to change the default value by Kaspersky Technical Support specialists when information in the advanced diagnostics files sent by you is not enough to troubleshoot the problem.

See also:

Scanning applications for vulnerabilities

Page top

Install required updates and fix vulnerabilities task settings

Settings specified during task creation

You can specify the following settings when creating a task. Some of these settings can also be modified in the properties of the created task.

Specify rules for installing updates
These rules are applied to installation of updates on client devices. If rules are not specified, the task has nothing to perform. For information about operations with rules, refer to Rules for update installation.
Start installation at device restart or shutdown
If this option is enabled, updates are installed when the device is restarted or shut down. Otherwise, updates are installed according to a schedule.

Use this option if installing the updates might affect the device performance.

By default, this option is disabled.
Install required general system components
If this option is enabled, before installing an update the application automatically installs all general system components (prerequisites) that are required to install the update. For example, these prerequisites can be operating system updates

If this option is disabled, you may have to install the prerequisites manually.

By default, this option is disabled.
Allow installation of new application versions during updates
If this option is enabled, updates are allowed when they result in installation of a new version of a software application.

If this option is disabled, the software is not upgraded. You can then install new versions of the software manually or through another task. For example, you may use this option if your company infrastructure is not supported by a new software version or if you want to check an upgrade in a test infrastructure.

By default, this option is enabled.

Upgrading an application may cause malfunction of dependent applications installed on client devices.
Download updates to the device without installing them
If this option is enabled, the application downloads updates to the device but does not install them automatically. You can then Install downloaded updates manually.

Microsoft updates are downloaded to the system Windows storage. Updates of third-party applications (applications made by software vendors other than Kaspersky and Microsoft) are downloaded to the folder specified in the Folder for downloading updates field.

If this option is disabled, the updates are installed to the device automatically.

By default, this option is disabled.
- Folder for downloading updates
  This folder is used to download updates of third-party applications (applications made by software vendors other than Kaspersky and Microsoft).
Enable advanced diagnostics
If this feature is enabled, Network Agent writes traces even if tracing is disabled for Network Agent in Kaspersky Security Center Remote Diagnostics Utility. Traces are written to two files in turn; the total size of both files is determined by the Maximum size, in MB, of advanced diagnostics files value. When both files are full, Network Agent starts writing to them again. The files with traces are stored in the %WINDIR%\Temp folder. These files are accessible in the remote diagnostics utility, you can download or delete them there.

If this feature is disabled, Network Agent writes traces according to the settings in Kaspersky Security Center Remote Diagnostics Utility. No additional traces are written.

When creating a task, you do not have to enable advanced diagnostics. You may want to use this feature later if, for example, a task run fails on some of the devices and you want to get additional information during another task run.

By default, this option is disabled.
- Maximum size, in MB, of advanced diagnostics files
  The default value is 100 MB, and available values are between 1 MB and 2048 MB. You may be asked to change the default value by Kaspersky Technical Support specialists when information in the advanced diagnostics files sent by you is not enough to troubleshoot the problem.

Settings specified after task creation

You can specify the following settings only after a task is created.

Updates to install
In the Updates to install section, you can view the list of updates that the task installs. Only updates that match the applied task settings are shown.
Test installation of updates:
- Do not scan. Select this option if you do not want to perform a test installation of updates.
- Run scan on selected devices. Select this option if you want to test updates installation on selected devices. Click the Add button and select devices on which you need to perform test installation of updates.
- Run scan on devices in the specified group. Select this option if you want to test updates installation on a group of devices. In the Specify a test group field, specify a group of devices on which you want to perform a test installation.
- Run scan on specified percentage of devices. Select this option if you want to test updates installation on some portion of devices. In the Percentage of test devices out of all target devices field, specify the percentage of devices on which you want to perform a test installation of updates.

See also:

Installing updates on devices manually

Fixing vulnerabilities in applications

Page top

Global list of subnets

This section provides information about the global list of subnets that you can use in the rules.

To store the information about subnets of your network, you can set up a global list of subnets for each Administration Server you use. This list helps you match pairs {IP address, mask} and physical units such as branch offices. You can use subnets from this list in the networking rules and settings.

In this section

Adding subnets to the global list of subnets

Viewing and modifying subnet properties in the global list of subnets

Page top

Adding subnets to the global list of subnets