Configuring a device selection
Expand all | Collapse all
To configure a device selection:
- In the console tree, select the Device selections folder.
- In the workspace, click the Selection tab, and then click the relevant device selection in the list of user selections.
- Click the Selection properties button.
- In the properties window that opens, specify the following settings:
- General selection properties.
- Conditions that must be met for including devices in this selection. You can configure the conditions after selecting a condition name and clicking the Properties button.
- Security settings.
- Click OK.
The settings are applied and saved.
Below are descriptions of the conditions for assigning devices to a selection. Conditions are combined by using the OR logical operator: the selection will contain devices that comply with at least one of the listed conditions.
General
In the General section, you can change the name of the selection condition and specify whether that condition must be inverted:
Invert selection condition
If this option is enabled, the specified selection condition will be inverted. The selection will include all devices that do not meet the condition.
By default, this option is disabled.
Network
In the Network section, you can specify the criteria that will be used to include devices in the selection according to their network data:
- Device name or IP address
Windows network name (NetBIOS name) of the device, or the IPv4 or IPv6 address.
- Windows domain
Displays all devices included in the specified Windows domain.
- Administration group
Displays devices included in the specified administration group.
- Description
Text in the device properties window: In the Description field of the General section.
To describe text in the Description field, you can use the following characters:
- Within a word:
- *. Replaces any string with any number of characters.
Example:
To describe words such as Server or Server's, you can enter Server*.
- ?. Replaces any single character.
Example:
To describe words such as Window or Windows, you can enter Windo?.
Asterisk (*) or question mark (?) cannot be used as the first character in the query.
- To find several words:
- Space. Displays all the devices whose descriptions contain any of the listed words.
Example:
To find a phrase that contains Secondary or Virtual words, you can include Secondary Virtual line in your query.
- +. When a plus sign precedes a word, all search results will contain this word.
Example:
To find a phrase that contains both Secondary and Virtual, enter the +Secondary+Virtual query.
- -. When a minus sign precedes a word, no search results will contain this word.
Example:
To find a phrase that contains Secondary and does not contain Virtual, enter the +Secondary-Virtual query.
- "<some text>". Text enclosed in quotation marks must be present in the text.
Example:
To find a phrase that contains Secondary Server word combination, you can enter "Secondary Server" in the query.
- IP range
If this option is enabled, you can enter the initial and final IP addresses of the IP range in which the relevant devices must be included.
By default, this option is disabled.
Tags
In the Tags section, you can configure criteria for including devices into a selection based on key words (tags) that were previously added to the descriptions of managed devices:
- Apply if at least one specified tag matches
If this option is enabled, the search results will show devices with descriptions that contain at least one of the selected tags.
If this option is disabled, the search results will only show devices with descriptions that contain all the selected tags.
By default, this option is disabled.
- Tag must be included
If this option is selected, the search results will display the devices whose descriptions contain the selected tag. To find devices, you can use the asterisk, which stands for any string with any number of characters.
By default, this option is selected.
- Tag must be excluded
If this option is selected, the search results will display the devices whose descriptions do not contain the selected tag. To find devices, you can use the asterisk, which stands for any string with any number of characters.
Active Directory
In the Active Directory section, you can configure criteria for including devices into a selection based on their Active Directory data:
Network activity
In the Network activity section, you can specify the criteria that will be used to include devices in the selection according to their network activity:
- This device is a distribution point
In the drop-down list, you can set up the criterion for including devices in the selection when performing search:
- Yes. The selection includes devices that act as distribution points.
- No. Devices that act as distribution points are not included in the selection.
- No value is selected. The criterion will not be applied.
- Do not disconnect from the Administration Server
In the drop-down list, you can set up the criterion for including devices in the selection when performing search:
- Enabled. The selection will include devices on which the Do not disconnect from the Administration Server check box is selected.
- Disabled. The selection will include devices on which the Do not disconnect from the Administration Server check box is cleared.
- No value is selected. The criterion will not be applied.
- Connection profile switched
In the drop-down list, you can set up the criterion for including devices in the selection when performing search:
- Yes. The selection will include devices that connected to the Administration Server after the connection profile was switched.
- No. The selection will not include devices that connected to the Administration Server after the connection profile was switched.
- No value is selected. The criterion will not be applied.
- Last connected to Administration Server
You can use this check box to set a search criterion for devices according to the time they last connected to the Administration Server.
If this check box is selected, in the entry fields you can specify the time interval (date and time) during which the last connection was established between Network Agent installed on the client device and the Administration Server. The selection will include devices that fall within the specified interval.
If this check box is cleared, the criterion will not be applied.
By default, this check box is cleared.
- New devices detected by network poll
Searches for new devices that have been detected by network polling over the last few days.
If this option is enabled, the selection only includes new devices that have been detected by device discovery over the number of days specified in the Detection period (days) field.
If this option is disabled, the selection includes all devices that have been detected by device discovery.
By default, this option is disabled.
- Device is visible
In the drop-down list, you can set up the criterion for including devices in the selection when performing search:
- Yes. The application includes in the selection devices that are currently visible in the network.
- No. The application includes in the selection devices that are currently invisible in the network.
- No value is selected. The criterion will not be applied.
Application
In the Application section, you can configure criteria for including devices in a selection based on the selected managed application:
- Application name
In the drop-down list, you can set a criterion for including devices in a selection when search is performed by the name of a Kaspersky application.
The list provides only the names of applications with management plug-ins installed on the administrator's workstation.
If no application is selected, the criterion will not be applied.
- Application version
In the entry field, you can set a criterion for including devices in a selection when search is performed by the version number of a Kaspersky application.
If no version number is specified, the criterion will not be applied.
- Critical update name
In the entry field, you can set a criterion for including devices in a selection when search is performed by application name or by update package number.
If the field is left blank, the criterion will not be applied.
- Modules last updated
You can use this option to set a criterion for searching devices by time of the last update of modules of applications installed on those devices.
If this check box is selected, in the entry fields you can specify the time interval (date and time) during which the last update of modules of applications installed on those devices was performed.
If this check box is cleared, the criterion will not be applied.
By default, this check box is cleared.
- Device is managed through Kaspersky Security Center 13.2
In the drop-down list, you can include in the selection the devices managed through Kaspersky Security Center:
- Yes. The application includes in the selection devices managed through Kaspersky Security Center.
- No. The application includes devices in the selection if they are not managed through Kaspersky Security Center.
- No value is selected. The criterion will not be applied.
- Security application is installed
In the drop-down list, you can include in the selection all devices with the security application installed:
- Yes. The application includes in the selection all devices with the security application installed.
- No. The application includes in the selection all devices with no security application installed.
- No value is selected. The criterion will not be applied.
Operating system
In the Operating system section, you can specify the criteria that will be used to include devices in the selection according to their operating system type.
- Operating system version
If the check box is selected, you can select an operating system from the list. Devices with the specified operating systems installed are included in the search results.
- Operating system bit size
In the drop-down list, you can select the architecture for the operating system, which will determine how the moving rule is applied to the device (Unknown, x86, AMD64, or IA64). By default, no option is selected in the list so that the operating system's architecture is not defined.
- Operating system service pack version
In this field, you can specify the package version of the operating system (in the X.Y format), which will determine how the moving rule is applied to the device. By default, no version value is specified.
- Operating system build
This setting is applicable to Windows operating systems only.
The build number of the operating system. You can specify whether the selected operating system must have an equal, earlier, or later build number. You can also configure searching for all build numbers except the specified one.
- Operating system release ID
This setting is applicable to Windows operating systems only.
The release identifier (ID) of the operating system. You can specify whether the selected operating system must have an equal, earlier, or later release ID. You can also configure searching for all release ID numbers except the specified one.
Device status
In the Device status section, you can configure criteria for including devices into a selection based on the description of the devices status from a managed application:
- Device status
Drop-down list in which you can select one of the device statuses: OK, Critical, or Warning.
- Device status description
In this field, you can select the check boxes next to conditions that, if met, assign one of the following statuses to the device:
OK, Critical, or Warning.
- Device status defined by application
Drop-down list, in which you can select the real-time protection status. Devices with the specified real-time protection status are included in the selection.
Protection components
In the Protection components section, you can set up the criteria for including devices in a selection based on their protection status:
- Databases released
If this option is selected, you can search for client devices by anti-virus database release date. In the entry fields you can set the time interval, on the basis of which the search is performed.
By default, this option is disabled.
- Last scanned
If this check option is enabled, you can search for client devices by time of the last virus scan. In the entry fields you can specify the time period within which the last virus scan was performed.
By default, this option is disabled.
- Total number of threats detected
If this option is enabled, you can search for client devices by number of viruses detected. In the entry fields you can set the lower and upper threshold values for the number of viruses found.
By default, this option is disabled.
Applications registry
In the Applications registry section, you can set up the criteria to search for devices according to applications installed on them:
- Application name
Drop-down list in which you can select an application. Devices on which the specified application is installed, are included in the selection.
- Application version
Entry field in which you can specify the version of selected application.
- Vendor
Drop-down list in which you can select the manufacturer of an application installed on the device.
- Application status
A drop-down list in which you can select the status of an application (Installed, Not installed). Devices on which the specified application is installed or not installed, depending on the selected status, will be included in the selection.
- Find by update
If this option is enabled, search will be performed using the details of updates for applications installed on the relevant devices. After you select the check box, the Application name, Application version, and Application status fields change to Update name, Update version, and Status respectively.
By default, this option is disabled.
- Incompatible security application name
Drop-down list in which you can select third-party security applications. During the search, devices on which the specified application is installed, are included in the selection.
- Application tag
In the drop-down list, you can select the application tag. All devices that have installed applications with the selected tag in the description are included in the device selection.
- Apply to devices without the specified tags
If this option is enabled, the selection includes devices with descriptions that contain none of the selected tags.
If this option is disabled, the criterion is not applied.
By default, this option is disabled.
Hardware registry
In the Hardware registry section, you can configure criteria for including devices into a selection based on their installed hardware:
- Device
In the drop-down list, you can select a unit type. All devices with this unit are included in the search results.
The field supports the full-text search.
- Vendor
In the drop-down list, you can select the name of a unit manufacturer. All devices with this unit are included in the search results.
The field supports the full-text search.
- Device name
Name of the device in the Windows network. The device with the specified name is included in the selection.
- Description
Description of the device or hardware unit. Devices with the description specified in this field are included in the selection.
A device's description in any format can be entered in the properties window of that device. The field supports the full-text search.
- Device vendor
Name of the device manufacturer. Devices produced by the manufacturer specified in this field are included in the selection.
You can enter the manufacturer's name in the properties window of a device.
- Serial number
All hardware units with the serial number specified in this field will be included in the selection.
- Inventory number
Equipment with the inventory number specified in this field will be included in the selection.
- User
All hardware units of the user specified in this field will be included in the selection.
- Location
Location of the device or hardware unit (for example, at the HQ or a branch office). Computers or other devices that are deployed at the location specified in this field will be included in the selection.
You can describe the location of a device in any format in the properties window of that device.
- CPU frequency, in MHz
The frequency range of a CPU. Devices with CPUs that match the frequency range in these fields (inclusive) will be included in the selection.
- Virtual CPU cores
Range of the number of virtual cores in a CPU. Devices with CPUs that match the range in these fields (inclusive) will be included in the selection.
- Hard drive volume, in GB
Range of values for the size of the hard drive on the device. Devices with hard drives that match the range in these entry fields (inclusive) will be included in the selection.
- RAM size, in MB
Range of values for the size of the device RAM. Devices with RAMs that match the range in these entry fields (inclusive) will be included in the selection.
Virtual machines
In the Virtual machines section, you can set up the criteria to include devices in the selection according to whether these are virtual machines or part of virtual desktop infrastructure (VDI):
- This is a virtual machine
In the drop-down list, you can select the following options:
- Not important.
- No. Find devices that are not virtual machines.
- Yes. Find devices that are virtual machines.
- Virtual machine type
In the drop-down list, you can select the virtual machine manufacturer.
This drop-down list is available if the Yes or Not important value is selected in the This is a virtual machine drop-down list.
- Part of Virtual Desktop Infrastructure
In the drop-down list, you can select the following options:
- Not important.
- No. Find devices that are not part of Virtual Desktop Infrastructure.
- Yes. Find devices that are part of the Virtual Desktop Infrastructure (VDI).
Vulnerabilities and updates
In the Vulnerabilities and updates section, you can specify the criteria that will be used to include devices in the selection according to their Windows Update source:
WUA is switched to Administration Server
You can select one of the following search options from the drop-down list:
- Yes. If this option is selected, the search results will include devices that receive updates through Windows Update from the Administration Server.
- No. If this option is selected, the results will include devices that receive updates through Windows Update from another sources.
Users
In the Users section, you can set up the criteria to include devices in the selection according to the accounts of users who have logged in to the operating system.
- Last user who logged in to the system
If this option is enabled, click the Browse button to specify a user account. The search results include devices on which the specified user performed the last login to the system.
- User who logged in to the system at least once
If this option is enabled, click the Browse button to specify a user account. The search results include devices on which the specified user logged in to the system at least once.
Status-affecting problems in managed applications
In the Status-affecting problems in managed applications section, you can specify the criteria that will be used to include devices in the selection according to the list of possible problems detected by a managed application. If at least one problem that you select exists on a device, the device will be included in the selection. When you select a problem listed for several applications, you have the option to select this problem in all of the lists automatically.
Device status description
You can select check boxes for descriptions of statuses from the managed application; upon receipt of these statuses, the devices will be included in the selection. When you select a status listed for several applications, you have the option to select this status in all of the lists automatically.
Statuses of components in managed applications
In the Statuses of components in managed applications section, you can configure criteria for including devices in a selection according to the statuses of components in managed applications:
- Data Leakage Prevention status
Search for devices by the status of Data Leakage Prevention (No data from device, Stopped, Starting, Paused, Running, Failed).
- Collaboration servers protection status
Search for devices by the status of server collaboration protection (No data from device, Stopped, Starting, Paused, Running, Failed).
- Anti-virus protection status of mail servers
Search for devices by the status of Mail Server protection (No data from device, Stopped, Starting, Paused, Running, Failed).
- Endpoint Sensor status
Search for devices by the status of the Endpoint Sensor component (No data from device, Stopped, Starting, Paused, Running, Failed).
Encryption
Encryption algorithm
Advanced Encryption Standard (AES) symmetrical block cipher algorithm. In the drop-down list, you can select the encryption key size (56-bit, 128-bit, 192-bit, or 256-bit).
Available values: AES56, AES128, AES192, and AES256.
Cloud segments
In the Cloud segments section, you can configure criteria for including devices in a selection according to their respective cloud segments:
- Device is in a cloud segment
If this option is enabled, you can click the Browse button to specify the segment to search.
If the Include child objects option is also enabled, the search is run on all child objects of the specified segment.
Search results include only devices from the selected segment.
- Device discovered by using the API
In the drop-down list, you can select whether a device is detected by API tools:
- AWS. The device is discovered by using the AWS API, that is, the device is definitely in the AWS cloud environment.
- Azure. The device is discovered by using the Azure API, that is, the device is definitely in the Azure cloud environment.
- Google Cloud. The device is discovered by using the Google API, that is, the device is definitely in the Google Cloud environment.
- No. The device cannot be detected by using the AWS, Azure, or Google API, that is, it is either outside the cloud environment or it is in the cloud environment but it cannot be detected by using an API.
- No value. This condition does not apply.
Application components
This section contains the list of components of those applications that have corresponding management plug-ins installed in Administration Console.
In the Application components section, you can specify criteria for including devices in a selection according to the statuses and version numbers of the components that refer to the application that you select:
- Status
Search for devices according to the component status sent by an application to the Administration Server. You can select one of the following statuses: No data from device, Stopped, Starting, Paused, Running, Malfunction, or Not installed. If the selected component of the application installed on a managed device has the specified status, the device is included in the device selection.
Statuses sent by applications:
- Starting—The component is currently in the process of initialization.
- Running—The component is enabled and working properly.
- Paused—The component is suspended, for example, after the user has paused protection in the managed application.
- Malfunction—An error has occurred during the component operation.
- Stopped—The component is disabled and not working at the moment.
- Not installed—The user did not select the component for installation when configuring custom installation of the application.
Unlike other statuses, the No data from device status is not sent by applications. This option shows that the applications have no information about the selected component status. For example, this can happen when the selected component does not belong to any of the applications installed on the device, or when the device is turned off.
- Version
Search for devices according to the version number of the component that you select in the list. You can type a version number, for example 3.4.1.0
, and then specify whether the selected component must have an equal, earlier, or later version. You can also configure searching for all versions except the specified one.
Page top