Local Network

Agent-Initiated Activation

If the Vulnerability ProtectionDeep Security Manager is hosted outside of your local network and cannot initiate communication with the computers on your network, you will need to instruct the computers to perform Agent-initiated activation. With Agent-initiated activation, you must install the Vulnerability ProtectionDeep Security Agent on the computer and then run a set of command-line instructions which tell the Agent to communicate with the Vulnerability ProtectionDeep Security Manager. During the communication, the Vulnerability ProtectionDeep Security Manager activates the Agent and can be further instructed to perform a number of other actions such as assigning a security Policy, making the computer a member of a computer Group, and so on.

If you are going to add a large number of computers to the Vulnerability ProtectionDeep Security Manager at one time, you can use the command-line instructions to create scripts to automate the process. For more information on Agent-initiated activation, scripting, and command line options, see Command-Line Utilities.

Entering the IP Address or Hostname Directly

You can manually add an individual computer.

To manually add a computer:

Go to the Computers page and click New in the toolbar to display the New Computer wizard.
Enter the new computer's IP address or hostname.
Select a Policy to assign to it from the drop-down list.
Select a Relay Group from which the new computer will download Security Updates.
Click Next to begin the search for the computer.

If the computer is detected and an Agent is installed and running on that computer, the computer will be added to your computer List and the Agent will be activated.

"Activating" an Agent means that the Manager communicates with the Agent sending it a unique "fingerprint". The Agent will then use this fingerprint to uniquely identify the Vulnerability ProtectionDeep Security Manager and will not accept instructions from any other Managers that might try to contact it.

If a Policy has been assigned to the computer, the Policy will be deployed to the Agent and the computer will be protected with all the rules and configurations that make up the Policy.

By default, the Security Updates delivered by Relay Groups include new malware patterns. If you have enabled the Support 9.0 (and earlier) Agents option (on the Administration > System Settings > Updates page), updates to the detection engines will also be included.

If the computer is detected but no Vulnerability ProtectionDeep Security Agent is present, you will be told that the computer can still be added to your computer list but that you still have to install an Agent on the computer. Once you install an Agent on the computer, you will have to find the computer in your computer List, right-click it, and choose "Activate/Reactivate" from the context menu.

If the computer is not detected (not visible to the Manager), you will be told that you can still add the computer but that when it becomes visible to the Manager you will have to activate it as above.

Performing a Discovery Operation

A discovery operation scans the network for visible computers. To initiate a discovery operation, click Discover... in the toolbar on the Computers page. The Discover Computers dialog will appear.

You are provided several options to restrict the scope of the scan. You can choose to perform a port scan of each discovered computer. Use this option carefully as it can take a lot of time if you are discovering/scanning a large number of computers.

When discovering computers you can specify a computer group to which they should be added. Depending on how you have chosen to organize your computer groups, it may be convenient to create a computer group called "Newly Discovered Computers", or "Newly Discovered Computers on Network Segment X" if you will be scanning multiple network segments. You can then move your discovered computers to other computer groups based on their properties and activate them.

During discovery, the Manager searches the network for any visible computers. When a computer is found, the Manager attempts to detect whether an Agent is present. When discovery is complete, the Manager displays all the computers it has detected and displays their status in the Status column. After discovery operations, a computer can be in one of the following states:

Discovered (No Agent): The computer has been detected but no Agent is present. The computer may also be in this state if an Agent is installed but has been previously activated and is configured for Agent initiated communications. In this case, you will have to deactivate and then reactivate the Agent. ("No Agent" will also be reported if the Agent is installed but not running.)
Discovered (Activation Required): The Agent is installed and listening, and has been activated, but is not yet being managed by the Manager. This state indicates that this Manager was at one point managing the Agent, but the Agent's public certificate is no longer in the Manager's database. This may be the case if the if the computer was removed from the Manager and then discovered again. To begin managing the Agent on this computer, right-click the computer and select "Activate/Reactivate". Once reactivated, the Status will change to "Online".
Discovered (Deactivation Required): The Agent is installed and listening, but it has already been activated by another Manager. In this case the Agent must be deactivated (reset) prior to activation by this Manager. Deactivating an Agent must be done using the Manager that originally activated it or it can be reset directly on the computer. To deactivate the Agent from the Manager, right-click the computer and choose Actions > Deactivate.

The Discovery operation will not discover computers running as virtual machines in a vCenter or computers in a Directory/Active directory.