Tags
malware activity virus scope autoruns Proxy servers fallback flag Inactive discovered devices SNMP Apple Device Enrollment Program set up service explorer manually deploy Comodo EDR agent parent process multiple ticket selection selected tickets security events folder transfer discoveries network management remote folder TLS TLS1.2 pci dss pci compliance ITarian Portal Endpoint Manager vdi environment vdi clone environment instant clone documentation vendor notice security dashboard events resolution remote tool partner onboard itarian unknown file hunter TLS Encryption procedure parameters pass profiles history performance metrics real time remote endpoints download browse service URL Security Components system Global Software Inventory 2 minutes Integrate intagrate Active Directory Portable Interception SSL enable reporting Rule Threat Protection Rule Advance spam Customize archived outgoing incoming administrator validate domains add Antispam type PCI data loss Location Network information start software session extensions appoinments resource connection computers Comodo Rescue Disk infected opportunity opportunities custom relationship management quote COMODO-CRM protect mac device email notifications registry COM Quarantined point system restore msi contained applications processes security client events Release date department registration particular os section Two Factor Authentication Login interface dashboard report generate Direct Download Link One drive Google drive HIPS mode cleanup automatic suspicious suspicious certificates shellcode injection detect Elevated Access system user access default charging groups move current malware list store push IP address ip installer acronis auto-remediation server machine icon Product Logos Rebrand backup Device Control data Chromoting WebRTC ports Protocol skip offline manual time entries ticket assignee Help Guide Tour schedule Reschedule appointment unknown application protection virtual desktop Local Verdict server manage calculation cost configuration charging SD contract prepaid hours products classification inventory analyze Device list OS patches global search bar Tool bar Windows Defender Security Center file group white Citrix record SPF work billable time onsite email template template variables emails Gmail SMTP disable Add collaborators admin action Audit logs feature requests submit vote remotely Reset proxy swg secure web gateway dome error disk ticket detail page thread section tickets section internal notes Sub-help topic help topic features Application control white_list Patch Management child parent scheduled customized get to headers columns company restrict customer technician remote access list iOS devices field Reports iOS device APN Certificate MAC OS X options Linux block Comodo Client Communication (CCC) allow Comodo Client Security (CCS) network zones active component tray icon hide show packages additional install block port baseline installation package bulk implement restrict firewall endpoints security and communication global export virus import Database folders files define exclusions change staff admin rating check reassign assign permissions new role create for user of device enroll associated use how profile specific Removing Devices Uninstall windows profile Configuration templates latest version clients comodo file ratings monitoring custom All Devices Ratings Track widgets Agent valkyrie malware files Kill chain report automated establishing endpoint remote session Users prevent Android organization windows assets Mac OS billing identified threats Sort Closed inside Program executed containment service desk remote control Locally runs update scan antivirus SLA Business Hours control CCS Password access Client Auto Specific Device Response Application Third party Status View Logs intended devices alert fails Company Information Configure Verdict Patch Procedures Executable Comodo Internet Security ITSM Analysis Command Line Heuristic Filter Unrecognized Trusted File Rate Malicious Purge Calendar Device Exclusion USB Admin Panel Settings ticket Default system-wide Specific Path Details Monitor Multi Set Currency Connected Who Quick Actions Comparison Version Enterprise Managed Service Provider C1 Portal Remote management Comodo Remote Control ticket management staff panel assign tickets
More

How to scan a network and auto enroll devices in Endpoint Manager

Release Time
02/10/2019
Views
none

Click 'Network Management' > 'Discoveries' to open the scan configuration area

Introduction

Click 'Network Management' > 'Discoveries' to open this interface.

  • The discovery feature lets you scan networks and active directory (AD) servers to identify all devices on the network.
     
  • The scan will identify both managed and unmanaged devices. You can configure EM to alert you if a scan finds new devices.
     
  • You can run simple network scans from a ‘probe device’ situated in the target network. The probe device must be a managed Windows endpoint which has already been added to Endpoint Manager.
     
  • You can scan Active Directory servers either with or without the use of a probe device.
     
  • All discovered devices are shown in 'Network Management' > 'Devices' > 'Discovered Devices':

 

Notes:

  • All newly discovered devices are 'Unmanaged'. This means you can’t yet control them with Endpoint Manager. You need to install the communication client on the devices to enroll them.
     
  • All discovered devices are placed into a group of your choice. You can then create a client installation package for the group and use Comodo's auto-deployment tool to install it. This will enroll the devices to the endpoint manager.
     
  • You can change the owner and group of these devices after they have been enrolled. Full auto-enrollment of discovered devices is coming in later releases.

Preliminaries

  • Optional – Make sure your probe device is in place. It can be any managed Windows endpoint inside the network that you want to scan. This device will launch the scans you request on the target network. The probe is required for network and SNMP scans but is optional for Active Directory scans.
     
  • Create a new group for discovered devices under the company of your choice:
     
    • Login to ITarian
       
    • Click 'Application' > 'Endpoint Manager'
       
    • Click 'Devices' > 'Device List' > 'Group Management' > 'Create Group'.
       
    • Name the group, for example, 'Discovered Devices - Company X'.
       
    • Do not add any existing devices to this group. Leave it empty. The group is pure to segment the discovered devices. You can move devices to different groups after they have been enrolled.

Create a discovery scan

There are two types of discovery task:

  • Network -  Scan an IP range using a probe device. The probe must be a managed Windows device connected to the network. You can run a concurrent SNMP scan when you run a network scan.
     
  • Active Directory – Scan an Active Directory domain for devices. You can configure the scan with or without a probe device. If not specified, EM will directly scan the AD server.

Network Discovery Scan

  • Login to ITarian
     
  • Click 'Application' > 'Endpoint Manager'
     
  • Click 'Network Management' > 'Discoveries'
     
  • Click 'Create Discovery'


 

  • Discovery Name  - Create a label for the discovery task. Ideally, the label should help you identify the target or purpose of the task in the future.
     
  • Select 'by Network'
     
  • Click 'Next' to add probe devices.


 

  • Select Device(s) – Start typing the name of the device you want to use as the probe and select from the suggestions.
     
    • A probe device is a managed Windows endpoint inside the network that you want to scan. The device must already be enrolled to Endpoint Manager and have communication client (CC) 6.32 or higher installed. This device will launch the scans you request on the target network.
       
    • You can also add additional devices for fail-over. The device added first will be used as the probe. If the first device is offline then EM will use the next device for the scan.
       
  • Enable SNMP for discovery – Run a simple network management protocol (SNMP) scan alongside the network scan.
     
    • If enabled, the SNMP scan will run simultaneously with the IP range scan.
       
    • The SNMP results are shown as a separate row in the 'Network Management' > 'Devices' > 'Discovered Devices' interface.
       
    • Community String - This is a passcode sent with each SNMP Get-Request to authenticate access to a router or other device. If the community string is correct, then the device responds with the requested information.
       
  • Run immediately after discovery is created - The discovery scan will start after it is saved.
     
  • Click 'Create'

The discovery task configuration screen opens:


 

  • General - Specify the IP addresses you want to scan. Set the customer and device group to which new devices should be assigned. Choose your probe device.
  • Auto Enrollment - Windows devices only. Set the customer and device group to which you want to assign discovered Windows devices. Complete the instructions in the ‘Auto Enrollment’ tab on the probe and target devices.
     
  • Notifications - Select which events you want to be notified about. Events include when the scan ends, when a new device is found, and when a new IP is found. (Optional)
     
  • Schedule - You can automate the discovery scans by scheduling them to run daily, weekly or monthly. (Optional)
     
  • Discovery Logs - View the results of previous scans run under this task. You can see the date, type and other general details about a scan. Click 'Details' then 'Click Here' to view a list of devices found by the scan.
     
  • Next, click 'Edit' on the right to configure scan targets and options.

General Settings
 


 

  • Discovery name -  This is pre-populated with the label you created in the previous step. Edit the name, if required.
     
  • Customer - Specify the company that owns/controls the target network.
     
    • Enter the first few letters of a company name and select from the suggestions.
       
  • Device group - Specify the group to which discovered devices should be assigned. The device group must belong to the 'Customer' named in the previous row.
     
    • Enter the first few letters of the device group and select from the suggestions.
       
  • SNMP – Pre-populated with the choice you made in the previous step. Change the choice if required.
     
    • If enabled, the SNMP scan will run simultaneously with the IP range scan.
       
    • SNMP results are shown as a separate row in the 'Network Management' > 'Devices' > 'Discovered Devices' interface.
       
    • Community String - This is a passcode sent with each SNMP Get-Request to authenticate access to a router or other device. If the community string is correct, then the device responds with the requested information.

      Most network vendors ship their equipment with a default password of "public". This is the so-called "default public community string".
       
  • Probe Devices – Pre-populated with the list of probe devices you specified in the previous step. You can add a new probe as follows:
     
    • Click 'Add' at top-left:




       
    • Start typing the name of the device you want to use as a probe. Select from the suggestions.
       
    • You can add multiple devices for fail-over if required. You must choose a default probe if you add multiple probes. The other probes are only used if the default is not available.
       
  • IP Ranges - Specify the IP address range that you want to scan for connected devices. You can add any number of IP ranges within the network for a single discovery task. You can also specify addresses to be skipped as exclusions. 
     
  • Leave this blank if you want to scan the entire network to which the probe is connected.
     
    • Click 'Add' to add the IP range to the list.


       
      • IP from - Start address of the IP range
         
      • IP to - End address of the IP range
         
      • Description - A brief description of the IP range (optional). Use this if there are different IP segments that you want to identify. You can enable or disable ranges as required in any scanning task.
         
  • Repeat the process to add more IP address ranges
     
  • Select an IP range and click 'Remove' to delete the IP range from the list
     
  • IP Range Exclusions - Specify IP addresses that should not be scanned.


 

Auto Enrollment

  • You must download and install PsTools on the probe device before you can use the auto-enrollment feature.
     
  • You also need to enable NetBIOS over TCP/IP on target devices.
     
  • Read the full instructions on the ‘Auto Enrollment’ page and complete the steps therein.

Auto-enroll devices:

  • Click the 'Auto Enrollment' tab
     
  • Click the 'Edit' button at the top-right


 

  • Auto Enrollment - Enable this to auto-enroll discovered Windows devices to EM
     
  • User Name / Password - Admin credentials for the target devices.
     
  • Device Owner  - Select the admin of the customer that you selected in the general tab. The devices are assigned to this admin after enrollment. You can assign the device to the appropriate user later. Start typing a name and select from the suggestions.
     
  • Device Group - Choose the group to which you want to assign auto-enrolled devices. Start typing the group name and select from the suggestions.
     
  • Assigned Profile - Choose the profile you want to apply to discovered devices. Start typing a profile name and select from the suggestions. Note - The security client has to be installed for the profile to take effect.
     
    • Click 'Save' to apply your changes

Next - Run the discovery scan

AD discovery scan

  • Login to ITarian
     
  • Click 'Application' > 'Endpoint Manager'
     
  • Click 'Network Management' > 'Discoveries'
     
  • Click 'Create Discovery'


 

  • Discovery Name  - Enter a label for the new discovery task. Ideally, the label should help you identify the target or purpose of the task in the future.
     
  • Select 'by Active Directory'
     
  • Click 'Next'.
     


 

Select the type of discovery: There are two options:

  • With Probe Device – Specify a probe device to run the discovery scan on the AD domain.
     
    • Select this option if the AD server is not directly accessible over the internet.
       
    • A probe device is a managed Windows endpoint on the same network to which the AD server is connected.
       
    • The device must already be enrolled to Endpoint Manager and have communication client (CC) version 6.32 + installed. This device will launch the scans you request on the target network.
       
    • The probe device need not be a member of the AD domain
       
    • If selected, specify the probe device you want to use in the 'Select Devices' field
       
  • Without Probe Device - The discovery scan will be run directly by EM
     
    • Select this option if the AD server is accessible through the internet.
       
    • You need not specify a probe device to run the scan.
  • Select Device(s) – Applies only if 'With Probe Device' is chosen.
     
    • Start typing the name of the device you want to use as probe and select from the suggestions.
       
    • You can also add additional devices for fail-over. The device added first will be used as the probe. If the first device is offline at the time of discovery, EM will use the next device and so on.

LDAP Settings:

  • LDAP server host – Enter the IP address or hostname of the AD server that hosts the AD domain
     
  • LDAP account domain – Enter the domain name of the AD domain
     
  • LDAP account login and LDAP account password - The admin username and password required to access the AD server.

Run immediately after discovery is created - The discovery scan will start after it is saved.

  • Click 'Create'

The discovery task configuration screen opens:
 


 

  • General  – Edit the LDAP details of the AD server you want to scan. Set the customer and device group to which new devices should be assigned. Choose your probe device.
  • Notifications - Select which events you want to be notified about. Events include when the scan ends and when a new device is found. (optional)
     
  • Schedule - You can automate the discovery scans by scheduling them to run daily, weekly or monthly. (optional)
     
  • Discovery Logs - View the results of previous scans run under this task. You can see the date, type and other general details about a scan. Click 'Details' then 'Click Here' to view a list of devices found by the scan.

Click 'Edit' on the right to get started.

General Settings

  • Click the 'General' tab (if it is not already open)
     
  • Click the 'Edit' button at the top-right



 

  • Discovery name -  This field is pre-populated with the label you created in the previous step. Edit the name, if required.
     
  • LDAP Settings – The hostname of the AD server, AD domain name, AD admin username, and password are pre-populated from the details you entered in the previous step. Modify them if required. 
     
  • Customer - Specify the company that owns/controls the target AD network.
     
    • Enter the first few letters of a company name and select from the suggestions.
       
  • Device group -  Specify the device group to which identified devices will be assigned. The device group must belong to the 'Customer' named in the previous row.
     
    • Enter the first few letters of the device group and select from the suggestions.
       
  • Probe Devices – Applies only if you have chosen 'With Probe Devices' in the previous step. The list is pre-populated with the probe devices you specified in the previous step. You can add or remove devices if required.

    Add a probe device:
     
    • Click 'Add' at the top-left:


       
    • Start typing the name of the device you want to use as the probe then select from the suggestions.
       
    • You can also add additional devices for fail-over. The device added first will be used as the probe. if the first device is offline at the time of discovery, EM will use the next device and so on.
       
    • Click 'Add'.
       
  • Repeat the process to add more probes. Multiple probes act as fail-overs for each other.
     
  • You must select a default probe for scans if you add multiple probes. The other probes will only run the scan if the default probe is not available
     
  • Click 'Save'

Run a Discovery Task

  • Click 'Network Management' > 'Discoveries'
     
  • Select the discovery scan task from the list and click 'Discover Now' on the top
     
  • Alternatively, click the name of the discovery task and click 'Discover Now':
     


 

  • The scan will start and will run for ten minutes. Any SNMP scans will start simultaneously.
     
  • All discovered devices will appear in 'Network Management' >'Devices' > 'Discovered Devices' 

Next: Enroll discovered devices to Endpoint Manager

Change Device Type (Optional)

You can change the device category in case it was detected incorrectly after a scan.

  • Click 'Network Management' > 'Devices'
     
  • Click the 'Discovered Devices' tab
     
    • Select a company or a group to view the list of devices identified in that group

      OR
       
    • Select 'Show all' to view every discovered device
       
  • Select the devices that you want to change the category
     


 

  • Select the device type from the drop-down
     


 

  • Click 'Change'

The category will change with the appropriate icon in the device type column.

Manage SNMP Devices (Optional)

Move SNMP devices to management

  • Click 'Network Management' > 'Devices'
     
  • Click the 'Discovered Devices' tab
     
    • Select a company or a group to view the list of devices identified in that group

      Or
       
    • Select 'Show all' to view every discovered device
       
  • Select an SNMP compliant device then click 'Manage Device over SNMP'