This site is for Avast Business products only. For articles on AVG Business products, see AVG Business Help. If you are in the right place but cannot find what you are looking for, please contact Avast Business Support for further assistance.

Network Discovery and Remote Deployment

This Article Applies to:

  • Avast Business Hub

 

IMPORTANT: If any devices in your network are running legacy OS (e.g. Windows XP, Vista, 2003, or 2008 SP2) and you attempt remote deployment with those devices included, the deployment will fail for all devices selected. Therefore, please ensure you do not select and attempt deployment to devices with legacy OS installed.

Network Discovery

Network discovery in the Business Hub enables you to scan your network so you know what devices are connected to it. This involves two main steps:

  1. Configuring scan settings
  2. Scanning network for devices

To access these settings, click the Network Discovery tab on the Devices page. Then click Set up your first scan.

Scan Settings

Adding Scanning Agent

The Scanning Agent is responsible for scanning for devices on your network and, if desired, remotely distributing Avast services to those devices. It functions more or less the same as the Local Update Server (see Setting Up Update Agents and Local Update Servers).

Only Windows devices can become Scanning Agents.

  1. Click + Add Scanning Agent
  2. Select the checkbox of the device you would like to promote to scanning agent
  3. Click Add Scanning Agent

Once a Scanning Agent has been added, it will appear in the Devices scanning your networks section of the settings.

Scanning Agent can only be enabled for devices running Antivirus agent version 4.31 or higher.

Scanning Agents have access to your entire network and can remotely access devices. For security, we recommend the following:

  • use only 1 Scanning Agent per network
  • ensure your Scanning Agent is a trusted, non-roaming device with secure access (such as a server)
  • use a device your network administrator has full control over
  • if necessary, add exceptions in your network for the scanning agent to avoid triggering network security measures

Scanning Methods

There are two available methods for scanning your network.

Network scan: this option scan all devices connected to your network. The device detection process uses Address Resolution Protocol (ARP) to ping all IP addresses within the subnet in order to get their MAC address. This process can take up to 15 minutes, possibly longer depending on the network. If a response is received with a MAC address, a reverse DNS lookup occurs to get the host name for the IP.

Active Directory scan: this option scans all devices that are part of your Active Directory domain by fetching the AD database.

Use the toggles to select which scan method(s) you would like to use. If you choose Active Directory scan, ensure you enter the domain name and your AD credentials (user name and password).

  • only scan your private networks
  • ensure your scanning agent is a trusted, non-roaming, and protected device (such as a server), and configure exceptions for it if needed
  • provide adequate time for the scan to complete — a larger network will take longer to scan

Scan Results

If you would like to remove devices from the list of found devices that are not managed or cannot be managed by the Hub, you can choose to have them automatically deleted if they have not been seen in the past 30 days. Use the toggle beside Auto-removal of old devices to turn this on or off.

Scanning Your Network for Devices

Once you have configured your Network scan settings, click Scan network to save your selections and begin the scan.

When the scan is complete, you will be able to see all found devices in a list, which includes the device's name, IP address, Active Directory Group (if applicable), what scanning agent detected it, when it was last detected, and its status.

Statuses

  • Unmanaged: the device is not managed by the Hub and meets System Requirements
  • Installation queue: Avast services are waiting to be installed
  • Installing Avast: Avast services are being installed on the device
  • Installation failed: Avast services could not be installed due to an error (such as credentials or offline device)
  • Unmanageable: the device is not managed by the Hub but does not meet System Requirements
  • Offline: the device could not be reached or is offline
  • Managed by Avast: the device is already managed by the Hub

Remote Deployment

Remote Deployment becomes available once you have installed Avast services on at least one device in your network. You can see whether or not you have managed devices on the Devices page of the Hub. See Adding Devices to Business Hub for more details on adding devices manually.

Remotely Installing Avast Services on Devices

Once a network scan has been completed and you have located Unmanaged devices on the Network Discovery tab, you can remotely install Avast services.

For devices that are not connected to Active Directory, you will need to change restrictions on remote UAC (User Account Control). Open RegEdit, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, and add or edit the item "DWORD LocalAccountTokenFilterPolicy" and set to 1. For more information, see Microsoft’s article on UAC remote restrictions.

  1. Click the checkbox(es) for the device(s) you would like to manage in the Hub
  2. Click Install security services
  3. Choose installation settings:
    1. Select which services to install using the drop-down menus and the toggles
    2. Select which group and policy to use
    3. Enter local admin credentials for remote access to the device
      • Without these credentials, remote deployment will fail. Ensure the correct username and password have been entered.
    4. Select whether to automatically remove conflicting Antivirus products from the device
  4. Click Install the package remotely

Remote deployment may take some time, depending on the number of devices you are adding, the services you chose, and the speed of your network. Ensure the device is online until the installation finishes. Successfully installed devices will appear on the Managed devices tab.

Troubleshooting and Frequently Asked Questions

Yes. However, we recommend only one per network in order to avoid devices constantly updating data from alternate scans.

Yes, a device can be both a Scanning and Update Agent.

Yes. Deployment will be performed from the Scanning Agent.

You can still cancel while the device is in the “Installation queue” status. If deployment has already begun on the end device it cannot be canceled.

No. MacOS devices can be discovered via Network Scanning, but cannot have Antivirus remotely deployed to them. MacOS devices also cannot be Scanning Agents.

Remote Deployment will cancel after 24 hours of being unable to connect to the device. The device will go into “Installation failed” status, and the tooltip will note the device is offline.

Deployment should take less than 5 minutes. The time it takes depends on device specifications and device online status.

No, but they are planned for the future.

No. The Antivirus agent can be deployed without any services, and will be able to remotely deploy any service.

The agent_log.log file will show the scan command has been received.

The Scanning Agent must be Windows 7 or higher. The 2015-2019 redistributable and the HNS component (technology used for scanning) are installed when you enable the Scanning Agent. The sb_deploy.log file shows these results, and the vs_

redist.x86.log file shows the redistributable installation results.

Yes. If MAC/IP addresses are changed, for example, the devices will be updated in the list in the Hub to reflect the changes.

Other Articles In This Section:

Adding Devices to Business Hub

Removing Devices from Business Hub

Installing Managed Local Client

Command-Line Installation Parameters

Deploying on macOS With Jamf

Deploying on Windows Using Group Policy Object

Device Cloning

Related Articles:

Managing Services

Managing Alerts

Uninstalling Antivirus Silently (Windows Only)

Installing Avast Agent on Deprecated Windows Systems

Migrating On-Premise Console to Business Hub