About device statuses

April 17, 2023

ID 191051_1

Kaspersky Security Center assigns a status to each managed device. The particular status depends on whether the conditions defined by the user are met. In some cases, when assigning a status to a device, Kaspersky Security Center takes into consideration the device's visibility flag on the network (see the table below). If Kaspersky Security Center does not find a device on the network within two hours, the visibility flag of the device is set to Not Visible.

The statuses are the following:

  • Critical or Critical / Visible
  • Warning or Warning / Visible
  • OK or OK / Visible

The table below lists the default conditions that must be met to assign the Critical or Warning status to a device, with all possible values.

Conditions for assigning a status to a device

Condition

Condition description

Available values

Security application is not installed

Network Agent is installed on the device, but a security application is not installed.

  • Toggle button is on.
  • Toggle button is off.

Too many viruses detected

Some viruses have been found on the device by a task for virus detection, for example, the Virus scan task, and the number of viruses found exceeds the specified value.

More than 0.

Real-time protection level differs from the level set by the Administrator

The device is visible on the network, but the real-time protection level differs from the level set (in the condition) by the administrator for the device status.

  • Stopped.
  • Paused.
  • Running.

Virus scan has not been performed in a long time

The device is visible on the network and a security application is installed on the device, but neither the Malware scan task nor a local scan task has been run within the specified time interval. The condition is applicable only to devices that were added to the Administration Server database 7 days ago or earlier.

More than 1 day.

Databases are outdated

The device is visible on the network and a security application is installed on the device, but the anti-virus databases have not been updated on this device within the specified time interval. The condition is applicable only to devices that were added to the Administration Server database 1 day ago or earlier.

More than 1 day.

Not connected in a long time

Network Agent is installed on the device, but the device has not connected to an Administration Server within the specified time interval, because the device was turned off.

More than 1 day.

Active threats are detected

The number of unprocessed objects in the ACTIVE THREATS folder exceeds the specified value.

More than 0 items.

Restart is required

The device is visible on the network, but an application requires the device restart longer than the specified time interval and for one of the selected reasons.

More than 0 minutes.

Incompatible applications are installed

The device is visible on the network, but software inventory performed through Network Agent has detected incompatible applications installed on the device.

  • Toggle button is off.
  • Toggle button is on.

Software vulnerabilities have been detected

The device is visible on the network and Network Agent is installed on the device, but the Find vulnerabilities and required updates task has detected vulnerabilities with the specified severity level in applications installed on the device.

  • Critical.
  • High.
  • Medium.
  • Ignore if the vulnerability cannot be fixed.
  • Ignore if an update is assigned for installation.

License expired

The device is visible on the network, but the license has expired.

  • Toggle button is off.
  • Toggle button is on.

License expires soon

The device is visible on the network, but the license will expire on the device in less than the specified number of days.

More than 0 days.

Check for Windows Update updates has not been performed in a long time

The device is visible on the network, but the Perform Windows Update synchronization task has not been run within the specified time interval.

More than 1 day.

Invalid encryption status

Network Agent is installed on the device, but the device encryption result is equal to the specified value.

  • Does not comply with the policy due to the user's refusal (for external devices only).
  • Does not comply with the policy due to an error.
  • Restart is required when applying the policy.
  • No encryption policy is specified.
  • Not supported.
  • When applying the policy.

Mobile device settings do not comply with the policy

The mobile device settings are other than the settings that were specified in the Kaspersky Endpoint Security for Android policy during the check of compliance rules.

  • Toggle button is off.
  • Toggle button is on.

Unprocessed incidents detected

Some unprocessed incidents have been found on the device. Incidents can be created either automatically, through managed Kaspersky applications installed on the client device, or manually by the administrator.

  • Toggle button is off.
  • Toggle button is on.

Device status defined by application

The status of the device is defined by the managed application.

  • Toggle button is off.
  • Toggle button is on.

Device is out of disk space

Free disk space on the device is less than the specified value or the device could not be synchronized with the Administration Server. The Critical or Warning status is changed to the OK status when the device is successfully synchronized with the Administration Server and free space on the device is greater than or equal to the specified value.

More than 0 MB.

Device has become unmanaged

During device discovery, the device was recognized as visible on the network, but more than three attempts to synchronize with the Administration Server failed.

  • Toggle button is off.
  • Toggle button is on.

Protection is disabled

The device is visible on the network, but the security application on the device has been disabled for longer than the specified time interval.

More than 0 minutes.

Security application is not running

The device is visible on the network and a security application is installed on the device but is not running.

  • Toggle button is off.
  • Toggle button is on.

Kaspersky Security Center allows you to set up automatic switching of the status of a device in an administration group when specified conditions are met. When specified conditions are met, the client device is assigned one of the following statuses: Critical or Warning. When specified conditions are not met, the client device is assigned the OK status.

Different statuses may correspond to different values of one condition. For example, by default, if the Databases are outdated condition has the More than 3 days value, the client device is assigned the Warning status; if the value is More than 7 days, the Critical status is assigned.

If you upgrade the Kaspersky Security Center from the previous version, the values of the Databases are outdated condition for assigning the status to Critical or Warning do not change.

When Kaspersky Security Center assigns a status to a device, for some conditions (see the Condition description column) the visibility flag is taken into consideration. For example, if a managed device was assigned the Critical status because the Databases are outdated condition was met, and later the visibility flag was set for the device, then the device is assigned the OK status.

See also:

Configuring the switching of device statuses

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.