Network Scanner

 Top  Previous  Next

Dr.Web Server contains the Network Scanner component.

It is not recommended to launch the Network Scanner under Windows 2000 and earlier operating systems due to possible insufficiencies of network review.

The functioning of the Network Scanner is guarantied under UNIX system-based operating systems and Windows XP or later.

 

The Network scanner requires Dr.Web Security Control Center Extension.

 

For correct functioning of the Network Scanner under Windows Internet Explorer browser, you must add Dr.Web Security Control Center address into which the Network Scanner is launched, to the list of trusted sites in the web browser settings: Tools → Internet Options → Security → Trusted Sites.

Network Scanner provides the following functions:

Scan (browse) the network for workstations.

Detect Dr.Web Agents on stations.

Install Dr.Web Agent on the detected stations as instructed by the administrator. Dr.Web Agent installation is described in detail in the Installation Manual, p. Installing Dr.Web Agent Software via Dr.Web Security Control Center.

To scan (browse) the network, perform the following actions

1.Open the Network Scanner window: select the Administration item in the main menu of Dr.Web Security Control Center and in the opened window, select the Network Scanner item in the control menu. The Network Scanner window will be opened.

2.Set the Search by IP addresses, flag to search for stations in the network by specified IP addresses. In the Networks field specify networks in the following format:

with a hyphen (for example, 10.4.0.1-10.4.0.10)

separated by a comma with a whitespace (for example, 10.4.0.1-10.4.0.10, 10.4.0.35-10.4.0.90)

with a network prefix (for example, 10.4.0.0/24).

3.For Windows OS: set the Search in Active Directory flag to search for stations in the Active Directory domain. At this, specify the following parameters:

Domains—domains list in which stations are searched. Use comma to divide several domains.

Active Directory controller—Active Directory controller, e.g., dc.example.com.

To be able to search stations in the Active Directory domain via the Network Scanner, the web browser in which the Control Center is opened, must be launched in the name of the domain user with permissions to search objects in the Active Directory domain.

4.For UNIX system-based OS: set the Search by LDAP flag to search for stations by LDAP. At this, specify the following parameters:

Domains—domains list in which stations are searched. Use comma to divide several domains.

LDAP server—LDAP server, e.g., ldap://ldap.example.com.

Login—LDAP user login.

Password—LDAP user password.

5.In the Port field, specify the port to connect via the UDP protocol to the Agents during search.

6.If necessary, in the Timeout field, change the value of timeout in seconds, which defines time limit for receiving an answer from inquired stations.

7.Set the Show station names flag to display either IP address and DNS name of found network stations.

If a station is not registered at DNS server, only its IP address displays.

8.Set the Correlate with stations list from database flag to enable synchronization of Network Scanner search results with the stations list stored in the Server DB. If the flag is set, the list of found network stations contains stations from the Server DB list that are not found by the Network Scanner during current search, e.g. if a firewall installed at stations blocks the transfer of packets needed to establish a TCP connection.

During synchronization of Network Scanner search results with Server DB data, the Server DB data has priority, i.e. if station statuses from search results and from DB are differ, the status from DB is set.

9.Click the Scan button to launch network scanning.

10.The catalog (hierarchical list) of computers demonstrating where Dr.Web Enterprise Security Suite anti-virus software is installed will be loaded into this window.

Unfold the catalog elements corresponding to workgroups (domains). All elements of the catalog corresponding to workgroups and individual stations are marked with different icons the meaning of which is given below.

Possible icons

Icon

Description

Workgroups

The work groups containing inter alia computers on which Dr.Web Enterprise Security Suite anti-virus software can be installed.

Other groups containing protected or unavailable by network computers.

Workstations

The detected station is registered in the DB and active (i.e. the workstation with installed anti-virus software).

The detected station is registered in the DB as deleted (i.e. the workstation is listed in the table of deleted stations).

The detected station is not registered in the DB (i.e. there is no anti-virus software on the station).

The detected station is not registered in the DB (the station is connected to another Server).

The detected station is registered in the DB, bus it is not active and the port is closed.

You can also unfold catalog items corresponding to computers with the or icon, and check which program components are installed there.

Interaction with Dr.Web Agent

The Network Scanner tool has been included in Dr.Web Enterprise Security Suite starting from version 4.44.

Network Scanner can detect Agents of version 4.44 and older but cannot interact with Agents 4.33.

Dr.Web Agents 4.44 and older installed on protected stations process respective calls of Network Scanner received at a certain port. By default port udp/2193 is using, but also port udp/2372 is supported for compatibility with older versions. Correspondingly, it is the default port offered by the Scanner to call at. Network Scanner decides whether there is an Agent on the workstation based on the assumption of the possibility to exchange information with the station (request-response) through the specified port.

If the station is forbidden (for example, by a firewall) to accept packages at udp/2193, the Agent will not be detected and consequently Network Scanner considers that there is no Agent installed on the station.