Computer discovery and remote installation of the client software

All products based on Cytomic Platform include tools to find unprotected Windows workstations and servers on the network and to open a remote installation session from the management console.

To remotely install the protection software on a computer using the management console, follow these steps:

Designate one or more computers on the network as discovery computers. See Designating a discovery computer.
Make sure the computers on the network meet the minimum requirements. See Operating system and network requirements.
Start the remote installation of the security software. See Remote installation of the client software.

Discovery computers find computers on the network that the security software does not manage. All computers that meet the necessary requirements appear in the Unmanaged computers discovered list, regardless of whether their operating system or device type supports the installation of Advanced EDR.

The first Windows computer that you add to Advanced EDR is automatically designated as the discovery computer.

The discovery computer can use one or the two available discovery methods at the same time: discovery using network scanning or discovery using Active Directory. See Using the network to discover computers Using Active Directory to discover computers and Designating a discovery computer.

Designating a discovery computer

Make sure the computer that you want to designate as a discovery computer has Advanced EDR installed.
Select the Settings menu at the top of the console. Select Network services from the side menu. Select the Discovery tab.
Click the Add discovery computer button. From the list, select the computer or computers that you want to perform discovery tasks across the network.

After you have designated a computer as a discovery computer, it is displayed on the list of discovery computers (top menu Settings, side menu Network services, Discovery tab). The following information is displayed for each discovery computer:

Discovery computer information

Field	Description
Computer name (1)	Name of the discovery computer.
IP address (2)	IP address of the discovery computer.
Discovery task settings (3)	Description of the settings of the automatic tasks defined for the discovery computer.
Last checked (4)	Time and date when the discovery task was last launched.
Error codes (5)	“The computer is turned off or offline”: The discovery computer cannot be accessed by the Advanced EDR server. Error: Wrong credentials. Error: Active Directory server not found. Error (<error code>): If the error is an unknown error.
Configure (6)	Set the discovery task scope and type (automatic or manual). If the task is automatic, it is performed once a day. See Designating a discovery computer.
Search now (7)	Launch the search task manually. See Discovering computers on demand.
Information displayed for each discovery computer

Using the network to discover computers

Select the Settings menu at the top of the console. Select Network services from the side menu. Select the Discovery tab. Select the discovery computer that you want to configure. Click the Configure link. The Configure discovery on <computer name> page opens.
To enable discovery, click the Discover computers on the network toggle.
In the Discovery scope section, select an option to limit the scope of the computer search:
- Search across the entire network: The discovery computer uses the network mask configured on the interface to scan its subnet for unmanaged computers. The search is performed only on private IP address ranges.
- Search only in the following IP address ranges: Enter an IP address or IP address range, separated by commas. The IP address ranges must have a "-" (dash or hyphen) in the middle. You can only specify private IP address ranges.
- Search for computers in the following domains: Enter the Windows domains for the discovery computer to search, separated by commas.

The scope settings affect only the subnet where the discovery computer resides. To search for unmanaged devices across all subnets on the network, add at least one discovery computer from each subnet.

Using Active Directory to discover computers

The discovery computer connects to the company’s Active Directory to search for computers on the network. Each discovery computer can connect to a maximum of three servers to launch queries against directories.

Select the Settings menu at the top of the console. Select Network services from the side menu. Select the Discovery tab. Select the discovery computer whose scope you want to configure. Click the Configure link. The Configure discovery page opens.
To enable discovery, click the Discover computers in Active Directory toggle.
Click the Add Active Directory server link. The Add Active Directory server window opens.
Enter the name or IP address (mandatory field) of the server you want to search. Enter the server credentials if required (optional field).
Click Save. The discovery computer asks Active Directory for computers on the network every four hours.

Scheduling computer discovery tasks

You can configure the discovery computer to run discovery tasks at regular intervals.

Network discovery

Select the Settings menu at the top of the console. Select Network services from the side menu. Select the Discovery tab. In the list of computers, next to the discovery computer you want to configure, click Configure.
From the Run automatically drop-down menu, select Every day.
Select the time of day when the search runs.
To specify the time based on the time on the discovery computer, select the Computer’s local time checkbox. If you do not select this checkbox, the time is based on the Advanced EDR server time.
Click Save. The discovery computer shows a summary of the scheduled task in its description.

Discovery using Active Directory

Select the Settings menu at the top of the console. Select Network services from the side menu. Select the Discovery tab. Select the computer that you want to configure. Click the Configure link. The Configure discovery page opens.
Click the Active Directory you want to configure. The Edit Active Directory server window opens.
From the Recurrence drop-down menu, select how often searches are run (hours).

Discovering computers on demand

To discover computers on demand, the discovery computer must be up and running and connected to the Advanced EDR server.

Select the Settings menu at the top of the console. Select Network services from the side menu. Select the Discovery tab.
Click the Check now link next to your chosen discovery computer. If the discovery computer has only one discovery method configured, the Search for unmanaged computers in progress message appears and the discovery task is launched in the background.
If the discovery computer has multiple discovery methods configured, a context menu appears when you click the Check now link.
- Search everywhere: The discovery computer scans the network and all configured Active Directory servers.
- Search the network: The discovery computer scans the network.
- Search <server_name>: The discovery computer searches only the selected server.