This site is for AVG Business products only. For articles on Avast Business products, see Avast Business Help. If you are in the right place but cannot find what you are looking for, please contact AVG Business Support for further assistance.

Network Discovery and Remote Deployment

This Article Applies to:

  • AVG Business Cloud Console

 

IMPORTANT: If any devices in your network are running legacy OS (e.g. Windows XP, Vista, 2003, or 2008 SP2) and you attempt remote deployment with those devices included, the deployment will fail for all devices selected. Therefore, please ensure you do not select and attempt deployment to devices with legacy OS installed.

Network Discovery

Network discovery in the AVG Business Cloud Console enables you to scan your network so you know what devices are connected to it. This involves two main steps:

  1. Configuring scan settings
  2. Scanning network for devices

To access these settings, click the Network Discovery tab on the Devices page. Then click Set up your first scan.

Recommendations for Scanning Agents

Scanning Agents have access to your entire network and can remotely access devices. For security, we strongly recommend following these guidelines:

  • Use only one Scanning Agent per network
  • Ensure your Scanning Agent is a trusted, non-roaming device with secure access (such as a server)
  • Use a device your network administrator has full control over
  • If necessary, add exceptions in your network for the scanning agent to avoid triggering network security measures

Recommendations for Scans

When performing network scans, we recommend the following:

  • Only scan your private networks
  • Follow our recommendations for Scanning Agents (see above)
  • Provide adequate time for the scan to complete (a larger network will take longer to scan)

Scan Settings

Adding Scanning Agent

The Scanning Agent is responsible for scanning for devices on your network and, if desired, remotely distributing AVG services to those devices. It functions more or less the same as the Local Update Server (see Setting Up Update Agents and Local Update Servers).

Only Windows devices can become Scanning Agents.

  1. Click + Add Scanning Agent
  2. Select the checkbox of the device you would like to promote to scanning agent
  3. Click Add Scanning Agent

Once a Scanning Agent has been added, it will appear in the Devices scanning your networks section of the settings.

Scanning Agent can only be enabled for devices running Antivirus agent version 4.31 or higher.

Scanning Methods

There are two available methods for scanning your network.

Network scan: this option scan all devices connected to your network. The device detection process uses Address Resolution Protocol (ARP) to ping all IP addresses within the subnet in order to get their MAC address. This process can take up to 15 minutes, possibly longer depending on the network. If a response is received with a MAC address, a reverse DNS lookup occurs to get the host name for the IP.

Active Directory scan: this option scans all devices that are part of your Active Directory domain by fetching the AD database.

Use the toggles to select which scan method(s) you would like to use. If you choose Active Directory scan, ensure you enter the domain name and your AD credentials (user name and password).

Scan Results

If you would like to remove devices from the list of found devices that are not managed or cannot be managed by the Cloud Console, you can choose to have them automatically deleted if they have not been seen in the past 30 days. Use the toggle beside Auto-removal of old devices to turn this on or off.

Scanning Your Network for Devices

Once you have configured your Network scan settings, click Scan network to save your selections and begin the scan.

When the scan is complete, you will be able to see all found devices in a list, which includes the device's name, IP address, Active Directory Group (if applicable), what scanning agent detected it, when it was last detected, and its status.

Statuses

  • Unmanaged: the device is not managed by the Cloud Console and meets the System Requirements
  • Installation queue: AVG services are waiting to be installed
  • Installing AVG: AVG services are being installed on the device
  • Installation failed: AVG services could not be installed due to an error (such as credentials or offline device)
  • Unmanageable: the device is not managed by the Cloud Console but does not meet the System Requirements
  • Offline: the device could not be reached or is offline
  • Managed by AVG: the device is already managed by the Cloud Console

Remote Deployment

Remote Deployment becomes available once you have installed AVG services on at least one device in your network. You can see whether or not you have managed devices on the Devices page of the Cloud Console. See for more details on adding devices manually.

Remotely Installing AVG Services on Devices

Once a network scan has been completed and you have located Unmanaged devices on the Network Discovery tab, you can remotely install AVG services.

For devices that are not connected to Active Directory, you will need to change restrictions on remote UAC (User Account Control). Open RegEdit, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, and add or edit the item "DWORD LocalAccountTokenFilterPolicy" and set to 1. For more information, see Microsoft’s article on UAC remote restrictions.

  1. Click the checkbox(es) for the device(s) you would like to manage in the Cloud Console
  2. Click Install security services
  3. Choose installation settings:
    1. Select which services to install using the drop-down menus and the toggles
    2. Select which group and policy to use
    3. Enter local admin credentials for remote access to the device
      • Without these credentials, remote deployment will fail. Ensure the correct username and password have been entered.
    4. Select whether to automatically remove conflicting Antivirus products from the device
  4. Click Install the package remotely

Remote deployment may take some time, depending on the number of devices you are adding, the services you chose, and the speed of your network. Ensure the device is online until the installation finishes. Successfully installed devices will appear on the Managed devices tab.

Troubleshooting and Frequently Asked Questions

Yes. However, we recommend only one per network in order to avoid devices constantly updating data from alternate scans.

Yes, a device can be both a Scanning and Update Agent.

Yes. Deployment will be performed from the Scanning Agent.

You can still cancel while the device is in the “Installation queue” status. If deployment has already begun on the end device it cannot be canceled.

Remote Deployment will cancel after 24 hours of being unable to connect to the device. The device will go into “Installation failed” status, and the tooltip will note the device is offline.

Deployment should take less than 5 minutes. The time it takes depends on device specifications and device online status.

No, but they are planned for the future.

No. The Antivirus agent can be deployed without any services, and will be able to remotely deploy any service.

The agent_log.log file will show the scan command has been received.

The Scanning Agent must be Windows 7 or higher. The 2015-2019 redistributable and the HNS component (technology used for scanning) are installed when you enable the Scanning Agent. The sb_deploy.log file shows these results, and the vs_redist.x86.log file shows the redistributable installation results.

Yes. If MAC/IP addresses are changed, for example, the devices will be updated in the list in the Cloud Console to reflect the changes.

Other Articles In This Section:

Adding Devices to Cloud Console

Removing Devices From Cloud Console

Installing Managed Antivirus

Command-Line Installation Parameters

Device Cloning

Related Articles:

Managing Services

Managing Alerts

Removable Antivirus Products

Migrating On-Premise Console to Cloud Console