IP range polling

Initially, Kaspersky Security Center gets IP ranges for polling from the network settings of the device on which it is installed. If the device address is 192.168.0.1 and the subnet mask is 255.255.255.0, Kaspersky Security Center includes the network 192.168.0.0/24 in the list of polling address automatically. Kaspersky Security Center polls all addresses from 192.168.0.1 to 192.168.0.254.

It is not recommended to use IP range polling if you use Windows network polling and/or Active Directory polling.

Kaspersky Security Center can poll IP ranges by reverse DNS lookup or by using the NBNS protocol:

Reverse DNS lookup
Kaspersky Security Center attempts to perform reverse name resolution for every IP address from the specified range to a DNS name using standard DNS requests. If this operation succeeds, the server sends an ICMP ECHO REQUEST (the same as the ping command) to the received name. If the device responds, the information about it is added to the Kaspersky Security Center database. The reverse name resolution is necessary to exclude the network devices that can have an IP address but are not computers, for example, network printers or routers.

This polling method relies upon a correctly configured local DNS service. It must have a reverse lookup zone. In the networks where Active Directory is used, such a zone is maintained automatically. But in these networks, IP subnet polling does not provide more information than Active Directory polling. Moreover, administrators of small networks often do not configure the reverse lookup zone because it is not necessary for the work of many network services. For these reasons, IP subnet polling is disabled by default.
NBNS protocol
If the reverse name resolution is not possible in your network for some reason, Kaspersky Security Center uses the NBNS protocol to poll the IP ranges. If a request to an IP address returns a NetBIOS name, the information about this device is added to the Kaspersky Security Center database.

Viewing and modifying the settings for IP range polling

To view and modify the properties of IP range polling:

In the main menu, go to DISCOVERY & DEPLOYMENT → DISCOVERY → IP RANGES.
Click the Properties button.
The IP polling properties window opens.
Enable or disable IP polling by using the Allow polling toggle button.
Configure the poll schedule. By default, IP polling runs every 420 minutes (seven hours).
When specifying the polling interval, make sure that this setting does not exceed the value of the IP address lifetime parameter. If an IP address is not verified by polling during the IP address lifetime, this IP address is automatically removed from the polling results. By default, the life span of the polling results is 24 hours, because dynamic IP addresses (assigned using Dynamic Host Configuration Protocol (DHCP)) change every 24 hours.

Polling schedule options:
- Every N days
  The polling runs regularly, with the specified interval in days, starting from the specified date and time.
  
  By default, the polling runs every day, starting from the current system date and time.
- Every N minutes
  The polling runs regularly, with the specified interval in minutes, starting from the specified time.
- By days of week
  The polling runs regularly, on the specified days of week, and at the specified time.
- Every month on specified days of selected weeks
  The polling runs regularly, on the specified days of each month, and at the specified time.
- Run missed tasks
  If the Administration Server is switched off or unavailable during the time for which the poll is scheduled, the Administration Server can either start the poll immediately after it is switched on, or wait for the next time for which the poll scheduled.
  
  If this option is enabled, the Administration Server starts polling immediately after it is switched on.
  
  If this option is disabled, the Administration Server waits for the next time for which the polling is scheduled.
  
  By default, this option is disabled.
Click the Save button.

The properties are saved and applied to all IP ranges.

Running the poll manually

To run the poll immediately,

click Start poll.