Network Scanner

Network Scanner Functions

Scan (browse) the network for workstations.

Detect Dr.Web Agents on stations.

Install Dr.Web Agent on the detected stations as instructed by the administrator. Dr.Web Agent installation is described in detail in the Installation Manual, Installing Dr.Web Agent Software via Dr.Web Security Control Center.

Network Scanner Operation Principal

Network scanner supports the following search modes:

1.Search in Active Directory

2.Search via NetBIOS

3.Search via ICMP

4.Search via TCP

5.Additional mode: Dr.Web Agent detect.

Procedure when all modes are enabled

1.First three modes are run in parallel. Repeated inquiring of already inquired stations is not performed.

2.After ICMP search is complete, the TCP search is launched for stations that have not responded. If ICMP search is disabled, TCP search is launched immediately in parallel with first two modes.

info

ICMP search is implemented by sending ping requests that can be blocked because of network policies (e.g. by firewall settings).

For example:

If in Windows OS (Vista or later) network settings, the Public location options is set, OS will block all ping requests.

3.For stations found by search via the first four modes, the Dr.Web Agent detect search is launched.

info

Network Scanner can detect Dr.Web Agents only of version 4.44 and later but cannot interact with Dr.Web Agents of earlier versions.

Dr.Web Agent installed on a protected stations process respective calls of Network Scanner received at a certain port. By default, port udp/2193 is used. Correspondingly, the default port is offered to call by the Scanner. Network Scanner decides whether Dr.Web Agent is on a station or not basing on the assumption of the possibility to exchange information (request-response) via the specified port.

warning

If the station is forbidden (for example, by a firewall) to accept packages at udp/2193, Dr.Web Agent will not be detected and consequently Network Scanner considers that there is no Dr.Web Agent installed on the station.

Network Scanner Launch

To scan the network

1.Open the Network Scanner window: select the Administration item in the main menu of Dr.Web Security Control Center and in the opened window, select the Network Scanner item in the control menu. The Network Scanner window will be opened.

2.Set the Enable ICMP search flag to search for stations via ICMP protocol in range of specified IP addresses.

3.Set the Enable TCP search flag to search for stations via TCP protocol in range of specified IP addresses.

Specify the settings for this mode:

Quick scan. In the quick network scan mode, only most common ports on stations are checked: 445, 139, 22, 80.

Extended scan. In the extended network scan mode, a set of frequently used ports are checked. The ports are scanned in the specified order: 445, 139, 135, 1025, 1027, 3389, 22, 80, 443, 25, 21, 7, 19, 53, 110, 115, 123, 220, 464, 465, 515, 873, 990, 993, 995, 1194, 1433, 1434, 2049, 3306, 3690, 4899, 5222, 5269, 5432, 6000, 6001, 6002, 6003, 6004, 6005, 6006, 6007, 6446, 9101, 9102, 9103, 10050, 10051, 8080, 8081, 98, 2193, 8090, 8091, 24554, 60177, 60179.

IPv4 addresses—the list of IPv4 addresses:

single addresses: 10.4.0.10

range of addresses with a hyphen: 172.16.0.1-172.16.0.123

range of addresses with a network prefix: 192.168.0.0/24

If you set several addresses, use “;” or “,” as a separator.

IPv6 addresses—the list of IPv6 addresses:

single addresses: fe80::9109:1808:8e44:735b%3

range of addresses with a hyphen: [FC00::0001]-[FC00::ffff]

with a network prefix: [::ffff:10.0.0.1]/7

If you set several addresses, use “;” or “,” as a separator.

4.Set the flag Enable search by NetBIOS to search for stations via NetBIOS protocol.

Specify the settings for this mode:

Domains—domains list in which stations are searched. Use comma to divide several domains.

Set the flag Extended scan to use extended scan using data from network browsers.

5.Set the flag Enable search in Active Directory to search for stations in the Active Directory domain.

warning

To be able to search stations in the Active Directory domain via the Network Scanner, the web browser in which the Control Center is opened, must be launched in the name of the domain user with permissions to search objects in the Active Directory domain.

 

Searching for stations in the Active Directory domain is performed only using the secure ldaps protocol.

Specify the settings for this mode:

Active Directory controller—Active Directory controller, e.g. dc.example.com.

Login—Active Directory user login.

Password—Active Directory user password.

info

For Dr.Web Servers under Windows OS, settings of Active Directory search are not obligatory. Information of a user on whose behalf the Dr.Web Server process is run (usually, it is LocalSystem) is used as a default registration information.

For Dr.Web Servers under Unix-like OS, the settings must be obligatory specified.

In the Connection security drop-down list, select the type of encrypted data exchange:

STARTTLS—switching to secured connection is performed by using the STARTTLS command. The 25 port is used by default for the connection.

SSL/TLS—establish a new secured TLS connection. The 465 port is used by default for the connection.

No—do not use encryption. Data exchange will be over an unprotected connection.

6.In the General parameters section, specify common settings for all search modes:

Time-out (sec.)—maximum time in seconds to wait a response from a station.

Number of requests to one station—maximum number of requests to one station waiting for the answer.

Number of simultaneous requests—maximum number of stations for simultaneous requests.

Set the Show station names flag to display either IP address or DNS name of found stations. If a station is not registered at DNS server, only its IP address displays.

Set the Detect installed Agent flag to detect installed Dr.Web Agent on a station. If the option is disabled, the status for all found stations indicates that the state of anti-virus software on the station is unknown.

info

If the Detect installed Agent option is disabled, all found stations will have the icon-station_free state, i.e. the state of anti-virus software on a station is unknown.

Port—UDP protocol port number to call the Dr.Web Agent during the search. The range is 1-65535. The 2193 port is used by default.

7.Click Scan to launch the network scanning.

8.The list of computers demonstrating where Dr.Web Agent is installed will be loaded into this window.

Unfold the catalog elements corresponding to workgroups (domains). All elements of the catalog corresponding to workgroups and individual stations are marked with different icons the meaning of which is given below:

Icon

Description

Workgroups

icon-group-free

The work groups containing inter alia computers on which Dr.Web Enterprise Security Suite anti-virus software can be installed.

icon-general-install

Other groups containing protected or unavailable by network computers.

Workstations

icon-station_online

Active station with installed anti-virus software.

icon-station_free

Active station with unknown state of anti-virus software: there is no anti-virus software on a station or software detection was not perform.

You can also unfold catalog items corresponding to computers with the icon-station_online icon, and check which program components are installed there.