Configuring a device selection

Expand all | Collapse all

To configure a device selection:

1. In the main menu, go to Devices → Device selections.

   A page with a list of device selections is displayed.

2. Select the relevant user-defined device selection, and click the Properties button.

   The Device selection settings window opens.

3. On the General tab, click the New condition link.
4. Specify conditions that must be met for including devices in this selection.
5. Click the Save button.

The settings are applied and saved.

Below are descriptions of the conditions for assigning devices to a selection. Conditions are combined by using the OR logical operator: the selection will contain devices that comply with at least one of the listed conditions.

General

In the General section, you can change the name of the selection condition and specify whether that condition must be inverted:

Invert selection condition

Network infrastructure

In the Network subsection, you can specify the criteria that will be used to include devices in the selection according to their network data:

• Device name

  Windows network name (NetBIOS name) of the device, or the IPv4 or IPv6 address.

• Windows domain

  Displays all devices included in the specified Windows domain.

• Administration group

  Displays devices included in the specified administration group.

• Description

  Text in the device properties window: In the Description field of the General section.

  To describe text in the Description field, you can use the following characters:

  • Within a word:
    • *. Replaces any string with any number of characters.

    Example:

    To describe words such as Server or Server's, you can enter Server*.

    • ?. Replaces any single character.

    Example:

    To describe words such as Window or Windows, you can enter Windo?.

    Asterisk (*) or question mark (?) cannot be used as the first character in the query.

  • To find several words:
    • Space. Displays all the devices whose descriptions contain any of the listed words.

    Example:

    To find a phrase that contains Secondary or Virtual words, you can include Secondary Virtual line in your query.

    • +. When a plus sign precedes a word, all search results will contain this word.

    Example:

    To find a phrase that contains both Secondary and Virtual, enter the +Secondary+Virtual query.

    • -. When a minus sign precedes a word, no search results will contain this word.

    Example:

    To find a phrase that contains Secondary and does not contain Virtual, enter the +Secondary-Virtual query.

    • "<some text>". Text enclosed in quotation marks must be present in the text.

    Example:

    To find a phrase that contains Secondary Server word combination, you can enter "Secondary Server" in the query.

• IP range

  If this option is enabled, you can enter the initial and final IP addresses of the IP range in which the relevant devices must be included.

  By default, this option is disabled.

• Managed by a different Administration Server

  Select one of the following values:

  • Yes. A device moving rule only applies to client devices managed by other Administration Servers. These Servers are different from the Server on which you configure the device moving rule.
  • No. The device moving rule only applies to client devices managed by the current Administration Server.
  • No value is selected. The condition does not apply.

In the Active Directory subsection, you can configure criteria for including devices into a selection based on their Active Directory data:

• Device is in an Active Directory organizational unit

  If this option is enabled, the selection includes devices from the Active Directory unit specified in the entry field.

  By default, this option is disabled.

• Include child organizational units

  If this option is enabled, the selection includes devices from all child organizational units of the specified Active Directory organizational unit.

  By default, this option is disabled.

• This device is a member of an Active Directory group

  If this option is enabled, the selection includes devices from the Active Directory group specified in the entry field.

  By default, this option is disabled.

In the Network activity subsection, you can specify the criteria that will be used to include devices in the selection according to their network activity:

• Acts as a distribution point

  In the drop-down list, you can set up the criterion for including devices in the selection when performing search:

  • Yes. The selection includes devices that act as distribution points.
  • No. Devices that act as distribution points are not included in the selection.
  • No value is selected. The criterion will not be applied.
• Do not disconnect from the Administration Server

  In the drop-down list, you can set up the criterion for including devices in the selection when performing search:

  • Enabled. The selection will include devices on which the Do not disconnect from the Administration Server check box is selected.
  • Disabled. The selection will include devices on which the Do not disconnect from the Administration Server check box is cleared.
  • No value is selected. The criterion will not be applied.
• Connection profile switched

  In the drop-down list, you can set up the criterion for including devices in the selection when performing search:

  • Yes. The selection will include devices that connected to the Administration Server after the connection profile was switched.
  • No. The selection will not include devices that connected to the Administration Server after the connection profile was switched.
  • No value is selected. The criterion will not be applied.
• Last connected to Administration Server

  You can use this check box to set a search criterion for devices according to the time they last connected to the Administration Server.

  If this check box is selected, in the entry fields you can specify the time interval (date and time) during which the last connection was established between Network Agent installed on the client device and the Administration Server. The selection will include devices that fall within the specified interval.

  If this check box is cleared, the criterion will not be applied.

  By default, this check box is cleared.

• New devices detected by network poll

  Searches for new devices that have been detected by network polling over the last few days.

  If this option is enabled, the selection only includes new devices that have been detected by device discovery over the number of days specified in the Detection period (days) field.

  If this option is disabled, the selection includes all devices that have been detected by device discovery.

  By default, this option is disabled.

• Device is visible

  In the drop-down list, you can set up the criterion for including devices in the selection when performing search:

  • Yes. The application includes in the selection devices that are currently visible in the network.
  • No. The application includes in the selection devices that are currently invisible in the network.
  • No value is selected. The criterion will not be applied.

In the Cloud segments subsection, you can configure criteria for including devices in a selection according to their respective cloud segments:

• Device is in a cloud segment

  If this option is enabled, you can choose devices from the AWS, Azure, and Google cloud segments.

  If the Include child objects option is also enabled, the search is run on all child objects of the selected segment.

  Search results include only devices from the selected segment.

• Device discovered by using the API

  In the drop-down list, you can select whether a device is detected by API tools:

  • Yes. The device is detected by using the AWS, Azure, or Google API.
  • No. The device cannot be detected by using the AWS, Azure, or Google API. That is, the device is either outside the cloud environment or it is in the cloud environment but it cannot be detected by using an API.
  • No value. This condition does not apply.

Device statuses

In the Managed device status subsection, you can configure criteria for including devices into a selection based on the description of the devices status from a managed application:

• Device status

  Drop-down list in which you can select one of the device statuses: OK, Critical, or Warning.

• Real-time protection status

  Drop-down list, in which you can select the real-time protection status. Devices with the specified real-time protection status are included in the selection.

• Device status description

  In this field, you can select the check boxes next to conditions that, if met, assign one of the following statuses to the device: OK, Critical, or Warning.

In the Status of components in managed applications subsection, you can configure criteria for including devices in a selection according to the statuses of components in managed applications:

• Data Leakage Prevention status

  Search for devices by the status of Data Leakage Prevention (No data from device, Stopped, Starting, Paused, Running, Failed).

• Collaboration servers protection status

  Search for devices by the status of server collaboration protection (No data from device, Stopped, Starting, Paused, Running, Failed).

• Anti-virus protection status of mail servers

  Search for devices by the status of Mail Server protection (No data from device, Stopped, Starting, Paused, Running, Failed).

• Endpoint Sensor status

  Search for devices by the status of the Endpoint Sensor component (No data from device, Stopped, Starting, Paused, Running, Failed).

In the Status-affecting problems in managed applications subsection, you can specify the criteria that will be used to include devices in the selection according to the list of possible problems detected by a managed application. If at least one problem that you select exists on a device, the device will be included in the selection. When you select a problem listed for several applications, you have the option to select this problem in all of the lists automatically.

You can select check boxes for descriptions of statuses from the managed application; upon receipt of these statuses, the devices will be included in the selection. When you select a status listed for several applications, you have the option to select this status in all of the lists automatically.

System details

In the Operating system section, you can specify the criteria that will be used to include devices in the selection according to their operating system type.

• Platform type

  If the check box is selected, you can select an operating system from the list. Devices with the specified operating systems installed are included in the search results.

• Operating system service pack version

  In this field, you can specify the package version of the operating system (in the X.Y format), which will determine how the moving rule is applied to the device. By default, no version value is specified.

• Operating system bit size

  In the drop-down list, you can select the architecture for the operating system, which will determine how the moving rule is applied to the device (Unknown, x86, AMD64, or IA64). By default, no option is selected in the list so that the operating system's architecture is not defined.

• Operating system build

  This setting is applicable to Windows operating systems only.

  The build number of the operating system. You can specify whether the selected operating system must have an equal, earlier, or later build number. You can also configure searching for all build numbers except the specified one.

• Operating system release number

  This setting is applicable to Windows operating systems only.

  The release identifier (ID) of the operating system. You can specify whether the selected operating system must have an equal, earlier, or later release ID. You can also configure searching for all release ID numbers except the specified one.

In the Virtual machines section, you can set up the criteria to include devices in the selection according to whether these are virtual machines or part of virtual desktop infrastructure (VDI):

• This is a virtual machine

  In the drop-down list, you can select the following options:

  • Undefined.
  • No. Find devices that are not virtual machines.
  • Yes. Find devices that are virtual machines.
• Virtual machine type

  In the drop-down list, you can select the virtual machine manufacturer.

  This drop-down list is available if the Yes or Not important value is selected in the This is a virtual machine drop-down list.

• Part of Virtual Desktop Infrastructure

  In the drop-down list, you can select the following options:

  • Undefined.
  • No. Find devices that are not part of Virtual Desktop Infrastructure.
  • Yes. Find devices that are part of the Virtual Desktop Infrastructure (VDI).

In the Hardware registry subsection, you can configure criteria for including devices into a selection based on their installed hardware:

Ensure that the lshw utility is installed on Linux devices from which you want to fetch hardware details. Hardware details fetched from virtual machines may be incomplete depending on the hypervisor used.

• Device

  In the drop-down list, you can select a unit type. All devices with this unit are included in the search results.

  The field supports the full-text search.

• Vendor

  In the drop-down list, you can select the name of a unit manufacturer. All devices with this unit are included in the search results.

  The field supports the full-text search.

• Device name

  Name of the device in the Windows network. The device with the specified name is included in the selection.

• Description

  Description of the device or hardware unit. Devices with the description specified in this field are included in the selection.

  A device's description in any format can be entered in the properties window of that device. The field supports the full-text search.

• Device vendor

  Name of the device manufacturer. Devices produced by the manufacturer specified in this field are included in the selection.

  You can enter the manufacturer's name in the properties window of a device.

• Serial number

  All hardware units with the serial number specified in this field will be included in the selection.

• Inventory number

  Equipment with the inventory number specified in this field will be included in the selection.

• User

  All hardware units of the user specified in this field will be included in the selection.

• Location

  Location of the device or hardware unit (for example, at the HQ or a branch office). Computers or other devices that are deployed at the location specified in this field will be included in the selection.

  You can describe the location of a device in any format in the properties window of that device.

• CPU clock rate, in MHz, from

  The minimum clock rate of a CPU. Devices with a CPU that matches the clock rate range specified in the entry fields (inclusive) will be included in the selection.

• CPU clock rate, in MHz, to

  The maximum clock rate of a CPU. Devices with a CPU that matches the clock rate range specified in the entry fields (inclusive) will be included in the selection.

• Number of virtual CPU cores, from

  The minimum number of virtual CPU cores. Devices with a CPU that matches the range of the virtual cores number specified in the entry fields (inclusive) will be included in the selection.

• Number of virtual CPU cores, to

  The maximum number of virtual CPU cores. Devices with a CPU that matches the range of the virtual cores number specified in the entry fields (inclusive) will be included in the selection.

• Hard drive volume, in GB, from

  The minimum volume of the hard drive on the device. Devices with a hard drive that matches the volume range specified in the entry fields (inclusive) will be included in the selection.

• Hard drive volume, in GB, to

  The maximum volume of the hard drive on the device. Devices with a hard drive that matches the volume range specified in the entry fields (inclusive) will be included in the selection.

• RAM size, in MB, from

  The minimum size of the device RAM. Devices with RAM that matches the size range specified in the entry fields (inclusive) will be included in the selection.

• RAM size, in MB, to

  The maximum size of the device RAM. Devices with RAM that matches the size range specified in the entry fields (inclusive) will be included in the selection.

Third-party software details

In the Applications registry subsection, you can set up the criteria to search for devices according to applications installed on them:

• Application name

  Drop-down list in which you can select an application. Devices on which the specified application is installed, are included in the selection.

• Application version

  Entry field in which you can specify the version of selected application.

• Vendor

  Drop-down list in which you can select the manufacturer of an application installed on the device.

• Application status

  A drop-down list in which you can select the status of an application (Installed, Not installed). Devices on which the specified application is installed or not installed, depending on the selected status, will be included in the selection.

• Find by update

  If this option is enabled, search will be performed using the details of updates for applications installed on the relevant devices. After you select the check box, the Application name, Application version, and Application status fields change to Update name, Update version, and Status respectively.

  By default, this option is disabled.

• Name of incompatible security application

  Drop-down list in which you can select third-party security applications. During the search, devices on which the specified application is installed, are included in the selection.

• Application tag

  In the drop-down list, you can select the application tag. All devices that have installed applications with the selected tag in the description are included in the device selection.

• Apply to devices without the specified tags

  If this option is enabled, the selection includes devices with descriptions that contain none of the selected tags.

  If this option is disabled, the criterion is not applied.

  By default, this option is disabled.

In the Vulnerabilities and updates subsection, you can specify the criteria that will be used to include devices in the selection according to their Windows Update source:

WUA is switched to Administration Server

Details of Kaspersky applications

In the Kaspersky applications subsection, you can configure criteria for including devices in a selection based on the selected managed application:

• Application name

  In the drop-down list, you can set a criterion for including devices in a selection when search is performed by the name of a Kaspersky application.

  The list provides only the names of applications with management plug-ins installed on the administrator's workstation.

  If no application is selected, the criterion will not be applied.

• Application version

  In the entry field, you can set a criterion for including devices in a selection when search is performed by the version number of a Kaspersky application.

  If no version number is specified, the criterion will not be applied.

• Critical update name

  In the entry field, you can set a criterion for including devices in a selection when search is performed by application name or by update package number.

  If the field is left blank, the criterion will not be applied.

• Application status

  A drop-down list in which you can select the status of an application (Installed, Not installed). Devices on which the specified application is installed or not installed, depending on the selected status, will be included in the selection.

• Modules last updated

  You can use this option to set a criterion for searching devices by time of the last update of modules of applications installed on those devices.

  If this check box is selected, in the entry fields you can specify the time interval (date and time) during which the last update of modules of applications installed on those devices was performed.

  If this check box is cleared, the criterion will not be applied.

  By default, this check box is cleared.

• Device is managed through Kaspersky Security Center 14.2

  In the drop-down list, you can include in the selection the devices managed through Kaspersky Security Center:

  • Yes. The application includes in the selection devices managed through Kaspersky Security Center.
  • No. The application includes devices in the selection if they are not managed through Kaspersky Security Center.
  • No value is selected. The criterion will not be applied.
• Security application is installed

  In the drop-down list, you can include in the selection all devices with the security application installed:

  • Yes. The application includes in the selection all devices with the security application installed.
  • No. The application includes in the selection all devices with no security application installed.
  • No value is selected. The criterion will not be applied.

In the Anti-virus protection subsection, you can set up the criteria for including devices in a selection based on their protection status:

• Databases released

  If this option is selected, you can search for client devices by anti-virus database release date. In the entry fields you can set the time interval, on the basis of which the search is performed.

  By default, this option is disabled.

• Database records count

  If this option is enabled, you can search for client devices by number of database records. In the entry fields you can set the lower and upper threshold values for anti-virus database records.

  By default, this option is disabled.

• Last scanned

  If this check option is enabled, you can search for client devices by time of the last malware scan. In the entry fields you can specify the time period within which the last malware scan was performed.

  By default, this option is disabled.

• Threats detected

  If this option is enabled, you can search for client devices by number of viruses detected. In the entry fields you can set the lower and upper threshold values for the number of viruses found.

  By default, this option is disabled.

In the Encryption subsection, you can configure the criterion for including devices in a selection based on the selected encryption algorithm:

Encryption algorithm

The Application components subsection contains the list of components of those applications that have corresponding management plug-ins installed in Kaspersky Security Center Web Console.

In the Application components subsection, you can specify criteria for including devices in a selection according to the statuses and version numbers of the components that refer to the application that you select:

• Status

  Search for devices according to the component status sent by an application to the Administration Server. You can select one of the following statuses: N/A, Stopped, Paused, Starting, Running, Failed, Not installed, Not supported by license. If the selected component of the application installed on a managed device has the specified status, the device is included in the device selection.

  Statuses sent by applications:

  • Stopped—The component is disabled and not working at the moment.
  • Paused—The component is suspended, for example, after the user has paused protection in the managed application.
  • Starting—The component is currently in the process of initialization.
  • Running—The component is enabled and working properly.
  • Failed—An error has occurred during the component operation.
  • Not installed—The user did not select the component for installation when configuring custom installation of the application.
  • Not supported by license—The license does not cover the selected component.

  Unlike other statuses, the N/A status is not sent by applications. This option shows that the applications have no information about the selected component status. For example, this can happen when the selected component does not belong to any of the applications installed on the device, or when the device is turned off.

• Version

  Search for devices according to the version number of the component that you select in the list. You can type a version number, for example 3.4.1.0, and then specify whether the selected component must have an equal, earlier, or later version. You can also configure searching for all versions except the specified one.

Tags

In the Tags section, you can configure criteria for including devices into a selection based on key words (tags) that were previously added to the descriptions of managed devices:

Apply if at least one specified tag matches

To add tags to the criterion, click the Add button, and select tags by clicking the Tag entry field. Specify whether to include or exclude the devices with the selected tags in the device selection.

• Must be included

  If this option is selected, the search results will display the devices whose descriptions contain the selected tag. To find devices, you can use the asterisk, which stands for any string with any number of characters.

  By default, this option is selected.

• Must be excluded

  If this option is selected, the search results will display the devices whose descriptions do not contain the selected tag. To find devices, you can use the asterisk, which stands for any string with any number of characters.

Users

In the Users section, you can set up the criteria to include devices in the selection according to the accounts of users who have logged in to the operating system.

• Last user who logged in to the system

  If this option is enabled, you can select the user account for configuring the criterion. The search results include devices on which the selected user performed the last login to the system.

• User who logged in to the system at least once

  If this option is enabled, click the Browse button to specify a user account. The search results include devices on which the specified user logged in to the system at least once.