Tags
discoveries network management remote folder TLS TLS1.2 pci dss pci compliance ITarian Portal Endpoint Manager vdi environment vdi clone environment instant clone documentation vendor notice security dashboard events resolution remote tool partner onboard itarian unknown file hunter TLS Encryption procedure parameters pass profiles history performance metrics real time remote endpoints download browse Subscriptions service URL Security Components system Global Software Inventory 2 minutes Integrate intagrate Active Directory Portable Interception SSL enable reporting Rule Threat Protection Rule Advance spam Customize archived outgoing incoming administrator validate domains add Antispam type PCI data loss Location Network information start software session extensions appoinments resource connection computers Comodo Rescue Disk infected opportunity opportunities custom relationship management quote COMODO-CRM protect mac device email notifications registry COM Quarantined point system restore msi contained applications processes security client events Release date department registration particular os section Two Factor Authentication Login interface dashboard report generate Direct Download Link One drive Google drive HIPS mode cleanup automatic suspicious suspicious certificates shellcode injection detect Elevated Access system user access default charging groups move current malware list store push IP address ip installer acronis auto-remediation server machine icon Product Logos Rebrand backup Device Control data Chromoting WebRTC ports Protocol skip offline manual time entries ticket assignee Help Guide Tour schedule Reschedule appointment unknown application protection virtual desktop Local Verdict server manage calculation cost configuration charging SD contract prepaid hours products classification inventory analyze Device list OS patches global search bar Tool bar Windows Defender Security Center file group white Citrix record SPF work billable time onsite email template template variables emails Gmail SMTP disable Add collaborators admin action Audit logs feature requests submit vote remotely Reset proxy swg secure web gateway dome error disk ticket detail page thread section tickets section internal notes Sub-help topic help topic features Application control white_list Patch Management child parent scheduled customized get to headers columns company restrict customer technician remote access list iOS devices field Reports iOS device APN Certificate MAC OS X options Linux block Comodo Client Communication (CCC) allow Comodo Client Security (CCS) network zones active component tray icon hide show packages additional install block port baseline installation package bulk implement restrict firewall endpoints security and communication global export virus import Database folders files define exclusions change staff admin rating check reassign assign permissions new role create for user of device enroll associated use how profile specific Removing Devices Uninstall windows profile Configuration templates latest version clients comodo file ratings monitoring script procedure custom All Devices Ratings Track widgets Agent valkyrie malware files Kill chain report automated establishing endpoint remote session Users prevent Android organization windows assets Mac OS billing identified threats Sort Closed inside Program executed containment service desk remote control Locally runs update scan antivirus SLA Business Hours control CCS Password access Client Auto Specific Device Response Application Third party Status View Logs intended devices alert fails Company Information Configure Verdict Patch Procedures Executable Comodo Internet Security ITSM Analysis Command Line Heuristic Filter Unrecognized Trusted File Rate Malicious Purge Calendar Device Exclusion USB Admin Panel Settings ticket Default system-wide Specific Path Details Monitor Multi Set Currency Connected Who Quick Actions Comparison Version Enterprise Managed Service Provider C1 Portal Remote management Comodo Remote Control ticket management staff panel assign tickets
More

How to scan a network and discover devices using Endpoint Manager

Release Time
02/10/2019
Views
none

Click 'Network Management' > 'Discoveries' to open the scan configuration area

Introduction

Preliminaries

Create a discovery scan

Run the scan

Enroll discovered devices to Endpoint Manager - Click here

Introduction

  • The network discovery feature lets you scan networks by IP and SNMP to identify all connected endpoints.
     
  • The scans are run by a 'probe device' placed inside the network you want to scan. The probe device must be a managed Windows endpoint which has already been added to Endpoint Manager.
     
  • Devices found by the scan are shown in 'Devices' > 'Device List' > 'Discovered Devices:

Notes:

  • All newly discovered devices are 'Unmanaged'. This means you can’t yet control them with Endpoint Manager. You need to install the communication client on the devices to enroll them.
     
  • This first release of the feature is only intended as a quick way to see which devices are connected to a network, and to place those devices into a device group.
     
  • You can then create a client installation package for the group and use Comodo's auto-deployment tool to install the package on group devices. This will enroll the devices to endpoint manager.
     
  • You can change the owner and group of these devices after they have been enrolled. Full auto-enrollment of discovered devices is coming in later releases.

Preliminaries

  • Make sure your probe device is in place in your target network. It can be any managed Windows endpoint that you have already added to Endpoint Manager. It is the communication client on the probe device which handles the scan.
     
  • Create a target group for the discovered devices:
     
    • Click 'Devices' > 'Device List' > 'Group Management' > 'Create Group'.
       
    • Select the target customer and name the group, for example, 'Discovered Devices – Company X'.
       
    • Do not add any existing devices to this group. Leave it empty. The group is purely to segment the discovered devices. You can move devices to different groups after they have been enrolled.

Create a discovery scan

  • Open Endpoint Manager
     
  • Click 'Network Management' > 'Discoveries' > 'Create' > 'Discovery by Network’:
     
    • Create a name for the discovery task. For example, 'Discovery Task on Company X network'.
       
    • Click 'OK' to open the task configuration screen:
       
  • Click the ‘General’ tab then click 'Edit' to configure the scan:

  • Discovery name - Create a label for the discovery task. Ideally, the label should help you identify the target or purpose of the task in future. For example, ‘Discovery Task on Company X network'.
     
  • Customer – Specify the company that owns/controls the target network. Make sure you select the customer you identified in ‘Preliminaries’.
    • Enter the first few letters of a company name and select from the suggestions.
       
  • Device group – The group to which identified devices will be assigned. Please make sure you select the group you just created in ‘Preliminaries’.
    • Enter the first few letters of the device group and select from the suggestions.
       
  • SNMP – Choose whether to add a simple network management protocol (SNMP) scan to the discovery task.
     
    • If enabled, the SNMP scan will run simultaneously with the IP range scan.
       
      • The results from the SNMP scan are reported separately to Endpoint Manager and may find additional devices.
         
      • The ‘Community String’ is a passcode sent with each SNMP Get-Request to authenticate access to a router or other device. If the community string is correct, then the device responds with the requested information.
         
      • Most network vendors ship their equipment with a default password of "public". This is the so-called "default public community string".
         
  • Probe Devices – Choose the device you want to use to run the scan. A probe device is a managed Windows endpoint inside the network that you want to scan. The device must already be enrolled to Endpoint Manager and have the communication client installed. This device will launch the scans you request on the target network:
    • Type the name of the device you want to use in the 'Device' field. EM will auto-suggest candidates as you type.
       
    • Click 'Add' to save your probe device.
       
    • Repeat the process to add more probes. Multiple probes act as fail-overs for each other.
       
    • You must select a default probe for scans if you add multiple probes. The other probes will only run the scan if the default probe is not available.
  • IP ranges - Specify the IP address range that you want to scan for devices. You can add any number of IP ranges within the network for a single discovery task. You can also specify addresses to be skipped as exclusions.

    • Leave IP range blank if you want to scan the entire network to which the probe is connected.
       
  • Alerts (Optional) - Select which events you want to be notified about. Events include when the scan ends, when a new device is found, and when a new IP is found.
     
  • Discovery Logs – View the results of previous scans ran under this task. Click ‘Details’ to view devices found by the scan. This area will become populated only after you run your first scan.
     
  • Click ‘Save’ when you have finished configuring the scan.
     

Run the scan

  • Click ‘Network Management’ > ‘Discoveries’
     
  • Select the scan you just created in the ‘Create a discovery scan’ step
     
  • Click the ‘Discover Now’ button above the table:
     

  • Skip if probe device is offline – Select to abort the scan if the probe device is not available. If unselected, then the scan will be queued until the device comes online.
     
  • Click ‘Discover’ to start the scan. The scan will run for 10 minutes before reporting back to Endpoint Manager. The SNMP scan is started simultaneously if you enabled it.
     
  • All discovered devices will go into your new group.
     
  • You can view all discovered devices in 'Devices' > 'Device List' > 'Discovered Devices'.

NextEnroll discovered devices to Endpoint Manager