Quick Start: AVG Business Management Consoles

With the AVG Business Management Consoles, adding critical protection to every PC and server has never been easier. Flexible management provides the most convenient way to protect businesses. The Management Consoles provide:

  • Complete control over the behavior of Antivirus on endpoint devices
  • Centralized management of multiple devices, either accessible anywhere in the Cloud or situated locally with the On-Premise Console
  • A complete overview of the current status of entire environment with immediate alerts
  • Automatic and seamless updates

AVG Business Management Consoles integrate seamlessly with AVG Business Antivirus to:

  • Leverage virtualization to protect confidential information
  • Protect multiple platforms - PCs and servers
  • Update to the latest version automatically or manually
  • Add extra firewall protection for remote endpoints
  • Provide complete server protection
  • Secure your e-mail client

When you install AVG Business Antivirus on devices through the AVG Business Management Consoles, you can control AVG Business Antivirus on those devices remotely. You can change and apply settings to each device individually, without having to visit each device or recall them from the field.

Verify Console System Requirements

AVG Business Cloud Console

Browsers (latest versions recommended):

  • Google Chrome
  • Firefox
  • Safari
  • Microsoft Edge
  • Internet Explorer

AVG Business On-Premise Console

Windows:

  • 11, 10, 8.x, 7 SP1 — x64, x86
  • Server 2022, 2019, 2016, 2012, 2008 R2 SP1 — any edition — x64
  • Small Business Server 2011, 2008 — x64
  • Exchange Server 2022, 2019, 2016, 2013, 2010, 2007 — x64
  • Exchange Server 2003 (up to Antivirus version 18.8) — x86
  • SharePoint Server 2019, 2016, 2012, 2010, 2007, 2003 — x64

AVG Business Antivirus Endpoints

Windows:

  • 11 — x64, x86
  • 10 — all versions except Mobile and IoT Core Edition — x64, x86
  • 8/8.1 — all versions except RT and Starter Edition — x64, x86
  • 7 SP1 — requires KB3033929 — x64, x86
  • Server 2022, 2019, 2016, 2012 — any edition with latest service pack excluding Server Core — x64
  • Server 2008 R2 — requires KB3033929 — x64
  • Small Business Server 2011 — x64
  • Microsoft Exchange Server 2022, 2019, 2016, 2013, 2010 SP2 — x64
  • Microsoft SharePoint Server 2010/SharePoint Services 3.0 and higher

AVG Business Patch Management

Windows Only:

  • 10, 8.x, 7 SP1requires KB3033929 — x64, x86
  • Server 2019, 2016, 2012 — any edition with latest Service Pack excluding Server Core — x64
  • Server 2008 R2requires KB3033929 — x64
  • Exchange Server 2016, 2013, 2010 SP2 — x64

Preparing your devices for Patch Management

Windows Update: we recommend you change Windows Update settings for your devices via the Windows Update Center and/or Group Policy. We have provided our recommended settings in Recommended Windows Update Configuration for Patch Management. The recommendations are the same for Avast and AVG consoles.

Software Updater: older versions of the Cloud Console and CloudCare provided a Software Updater component that performed some of the same functions as Patch Management. Ensure Software Updater is disabled/uninstalled for devices.

Local System account: patches are deployed under the remote machine's Local System account, so you need to ensure deployment will be allowed by that account.

Hard Drive space: a minimum of 2GB hard drive space should be free to store patches. If you are using a Master Agent/Local Update Agent, that device should have a minimum of 5GB hard drive space.

Servers vs Workstations: If you plan to use different Patch Management settings for your server devices and workstations, you should place your servers into a separate policy. If you only want to update the Windows Server operating system then you should exclude all 3rd party vendors from the Excludes list to make sure that only Windows updates are being provided.

Verify Console Firewall Requirements

For overall functionality, and to enable the Antivirus clients and/or the Management Consoles to authenticate/update, you must allow certain ports and URL addresses through your Firewall or Proxy Server.

Ports (TCP & UDP)

  • 80 – Internet vulnerability checks and feature updates
  • 443 – Encrypted communication
  • 8080, 8090 – Communication between console and clients within local network (only for On-Premise Console)
  • 4158 – Mirror, for local updates within local network
  • 7074 – Remote Deployment within local network

URLs

  • *.avast.com
  • *.avg.com
  • *.avcdn.net

Setting Up the Console

Cloud Console

  1. Navigate to https://console.avg.com/
  2. Click Register and fill in all required information to set up access

On-Premise Console

  1. Navigate to https://www.avg.com/en-us/installation-files-business
  2. Under the Business tab, click Download beside the AVG On-Premise Management Console

For the On-Premise Console, follow the installation process for your operating system as detailed in On-Premise Console Management.

Activating Licenses in the Management Console

An activation code is part of your confirmation of purchase. It contains information about the edition you purchased. Your code is the license used to activate your software.

  1. When running the Console for the first time, the screen will prompt you to enter your license code.
  2. Enter your license code.
  3. Click Activate license code.

Activating Additional Licenses

  1. Navigate to the Subscriptions page
  2. Do one of the following:
    • If you have a license code, click Got activation code?, enter the code, then click Activate
    • Beside the subscription you would like to purchase, click Buy, then complete the transaction

Assigning Licenses to Devices

You can only perform this action after you have added a device to your network.

This procedure requires the device to restart.

  1. On the Devices page, do one of the following:
    • To include all devices in a group, click the More button next to the group name. Then click Edit group.
    • To include multiple devices, select the check boxes of the devices. Then click Actions Change subscription.
    • For a single device, click the More button next to a device, then click Change subscription.
  2. Select the license you would like to use from the drop-down menu(s).
  3. Click Apply for the license you want to change to, or Save group if you are changing the subscription for an entire group of devices.

Adding Devices via the Installer File or Shareable Link

Cloud Console and On-Premise Console

Downloading Installer

  1. Select which type of installer you need:
    • Windows .exe (for workstations and servers)
    • Windows .msi (for deployment using GPO)
  2. Select the subscription products
  3. Click Advanced Settings to view the following options
  4. Choose the Group and Policy the device will use
    1. If desired, you can activate your devices and select the subscriptions to use after installation by checking the box with that option.
  5. Choose whether to automatically remove competitive antivirus products on the device
    1. The option to remove competitive antivirus products is checked by default. We recommend that you leave this option checked when installing the Antivirus service. 
  6. Ensure you have defined the correct Proxy Server, if any, in the policy you are applying to the device
  7. Click Download now and specify where to save the installation package–such as on a flash drive or network drive

You can also send a download link from this page by clicking Share download link beneath the Download now button. You can then copy and send the private download URL to any desired recipients.

On-Premise Console Only

Sending Download Link via Email

Before you can send download links from the On-Premise Console, you will need to define your SMTP server.

  1. Enter the email addresses for the target users in the Send To box, separated by commas
  2. If desired, alter the Subject line of the email that will be sent
  3. To configure the message you send in the email, check Include your custom message and type a message in the space provided
  4. Select the subscription products
  5. Click Advanced Settings to view the following options
  6. Choose the Group and Policy the device will use
    1. If desired, you can activate your devices and select the subscriptions to use after installation by checking the box with that option.
  7. Choose whether to automatically remove conflicting antivirus products on the device
    1. The option to remove competitive antivirus products is checked by default. We recommend that you leave this option checked when installing the Antivirus service. 
  8. Ensure you have defined the correct Proxy Server, if any, in the settings template you are applying to the device
  9. Click Send

Installing on the Local Client

Once you have an installer file or download link from the AVG Business Management Console, you need to install AVG Business Antivirus to the end device(s).

  1. Copy the installer file to a location accessible by the end device
  2. Double-click on the installer file to run it
  3. If asked to allow the application to make changes to your device, click Yes
  4. Wait while AVG Business Antivirus is installed on the device
  5. When prompted, restart the device
  6. The device should now be visible in your Console

Adding Devices via Remote Deployment

Remote Deployment Requirements

  • Administrator credentials to the computer or Windows domain. If using domain credentials, include the domain name: (e.g., YOUR_DOMAIN\username).
  • Network information about the devices you are deploying to. You need this information to locate the devices on your network.
  • Prepare computers for the client installation. Uninstall any other Antivirus software if installing Avast Business Antivirus.

Configure the following on each device:

Remote Deployment Details

The Remote Deployment option is only available after you have added at least one device to your network using another install method. You must also designate a Master Agent thus, it is best if the first device you add to your network is the device you will use as the Master Agent. Below is a summary of the remote deployment process:

Deploying Installers Remotely

Policy Configuration and Components

The main way you manage your devices is through policies, which are groups of security rules for multiple operating systems (Windows Workstation, Windows Server, and MacOS X) that determine how AVG Business Antivirus works on the endpoints. Any changes to a policy are applied to the devices and groups assigned to it.

The AVG Business Management Consoles include a default template that has already been set up with the suggested configuration. You can apply this template, or create your own by duplicating the default to customize it or by creating a new template altogether. The default template cannot be deleted until another policy has been created.

A single policy contains settings for Windows Workstations and Windows Servers so you do not need to create separate policies for each operating system. This enables you to configure settings for a device group that contains multiple OS types at once. You can create policies by clicking Add Policy on the Policies page. You will then have a chance to name the policy before configuring your settings for the various components.

Antivirus Components by Product License

Component AVG File Server Business AVG Email Server Business AVG Business Antivirus AVG Internet Security Business
File Shield X X X X
Web Shield     X X
Email Shield     X X
Behavior Shield     X X
Anti-Spam     X X
Enhanced Firewall     X X
Data Shredder     X X
Exchange   X   X
Sharepoint X X X X

Enabling and Disabling Components

Nearly all the shields and tools available in AVG Business Antivirus can be enabled or disabled in the policy. This is especially useful if you are trying to install only a few of the components on a server, or just keeping your number of tools to a minimum. Some tools, however, can only be installed or uninstalled entirely.

  1. In the policy you are configuring, select the Active Protection tab
  2. Select the relevant OS tab (Windows Workstation, Windows Server)
  3. Beside the components you want to alter, do one of the following:
    • To enable the component, move the slider to On
    • To disable the component, move the slider to Off

Installing and Uninstalling Components

Most Active Protection features are installed with AVG Business Antivirus, but these components can be uninstalled and reinstalled as needed via the policy.

  1. In the policy you are configuring, select the Active Protection tab
  2. Select the relevant OS tab (Windows Workstation, Windows Server)
  3. Beside the components you want to alter, do one of the following:
    • If the component is not yet installed, click Install this component. Then click I understand, install component
    • If the component is already installed, click the More button beside the component, then click Uninstall this component. Then click I understand, uninstall component

For more details on configuring the various components available in the Policies of the AVG Business Management Consoles, see Configuring Settings and Policies in the AVG Business Management Consoles.

Configuring Exclusions

Wildcards

Many of the Shields and other components included in AVG Business Antivirus, as well as the main Antivirus itself, enable you to configure exclusions or block specific paths. Wildcards help when you do not know the exact file path or file name of files you want to include or exclude, or if you want to indicate multiple files in one path. Not all file paths allow the use of wildcards.

Character Meaning
?

Replaces a single character

For example: ab?.html matches the files abc.html, abd.html, abe.html, etc. It will not match the file abc.htm.

*

Replaces zero or more characters

For example: *mtl matches the files abc.html and d.html. *txt matches the files abc.txt, x.txt, and xyztxt.

Exclusions

You can configure exclusions that will propagate across all of the various Shields and components of AVG Business Antivirus in the Antivirus Settings tab of your policies.

Any changes made to exclusions within policies will propagate across your network every 5-10 minutes. Console policies override local settings.

Business Hub and Avast Business Cloud Console

  1. Click the policy you would like to add exclusions to within the Policies page of the Business Hub
  2. Click the Exclusions tab
  3. Expand the Antivirus exclusions section
  4. Under the All Scans and Shields tab, click + Add new exclusion in the desired section:
    • File paths: enter a file path you would like to exclude, then click Add new exclusion
    • Hardened mode: enter an executable file you would like to exclude, then click Add new exclusion
    • URL addresses: enter a URL you would like to exclude, then click Add new exclusion
  5. Click Save when you are finished

Avast Business On-Premise Console

  1. Navigate to the Antivirus Settings tab for the desired OS
  2. In the Exclusions section, do one of the following:
    • Click File paths, enter a file path you would like to exclude, then click Add
    • Click URL addresses, enter a URL you would like to exclude, then click Add
  3. Click Apply changes when you are finished

If you have multiple OS types using the same policy, be sure to add the exclusions to this section under the Windows Workstation and/or Windows Server tabs.

Configuring Automatic Updates

You can set your devices to automatically update the AVG Business Antivirus program and virus definitions.

Configuring Updates

Business Hub and Avast Business Cloud Console

  1. In the Business Hub, click the policy you would like to change
  2. Select the General Settings tab
  3. Expand the Updates section
  4. In the Virus definitions updates and Program updates sections, choose an update option from the following options:
    • Automatically when new update is available (Recommended)
    • Manually
  5. Click Save

Avast Business On-Premise Console

  1. Click the policy you would like to change
  2. Select the OS you are adding automatic update settings for
  3. Click the General Settings tab
  4. In the When to update section, choose an update option for both Virus definition updates and Program updates from the following options:
    • Automatically when new update is available (Recommended)
    • Manually
  5. Click Apply changes

Updates are sent either directly via AVG servers or any configured Master Agents/Local Update Servers on your network. If you have selected manual updates, you will need to manually update via the Devices page to ensure all devices on your network remain up to date with the latest protection.

Creating and Configuring Scans

You can configure the types of files and programs that are scanned by AVG Business Antivirus when you set up the scan task, assuming you selected an Advanced Scan type (Custom, Boot-time). Therefore, the main details for what will be scanned are not configured in policies, though exclusions are.

Types of Scans

  • Quick Scan—Scan for common threats
  • Full System Scan—Run a detailed scan of every file on the device
  • Removable Media Scan—Scan USBs and portable media connected to the device
  • Custom Scan—Run a scan where you choose the file types, sensitivity of the scan, performance, actions, and whether compressed files are included.
  • Boot-time Scan (MS Windows only)—Run a scan when the device boots up.

Cloud Console

Creating Scheduled Scans

You can only create scheduled Quick or Full System Scans.

  1. Navigate to the Policies page
  2. Click the policy you would like to add scheduled scans to
  3. Click the Service Settings tab
  4. Expand the Antivirus Scans section
  5. Configure the following for both Quick Scan and Full System Scan:
    • Frequency: choose between Daily, Weekly, and Monthly
    • Day of the week/month: choose which day you would like the scan to run
    • Start time: select which time of day you would like the scan to run
  6. When you are finished, click Apply
  1. Navigate to the Policies page
  2. Click the policy you would like to add scheduled scans to
  3. Click the tab for the operating system you would like to scan
  4. Configure the following for both Quick Scan and Full System Scan:
    • Frequency: choose between Daily, Weekly, and Monthly
    • Day of the week/month: choose which day you would like the scan to run
    • Start time: select which time of day you would like the scan to run
  5. When you are finished, click Apply changes

Creating One-Time Scans

  1. Navigate to the Devices page, then do one of the following:
    • For a single device, click the More button to the right of the device name
    • For multiple devices, check the boxes of all devices you would like included, then click Actions
  2. Hover over Antivirus Scans
  3. Click the type of task you would like to create:
    • Quick Antivirus Scan
    • Full System Antivirus Scan
    • Advanced Antivirus Scans
  4. Fill in the details and settings for the task, then click Create

On-Premise Console

  1. Click Scan device
  2. Select a type of scan:
    • Quick Scan—Scans for common threats
    • Full System Scan—Runs a detailed scan of every file on the device
    • Removable Media Scan—Scans USBs and portable media connected to the device
    • Custom Scan—Runs a scan where you choose the file types, sensitivity of the scan, performance, actions, and whether compressed files are included.
    • Boot-time Scan (MS Windows only)—Runs a scan when the device boots up.
    • If you chose Custom or Boot-time Scan, select the additional configuration options for your scan.
  3. If you would like the task to be recurring, select Schedule the scan and set the Frequency (one-time, daily, weekly, or monthly) and Schedule start date and time
  4. Type a Custom name for the scan
  5. Click Start Scan

Any threats that are detected during this scan are usually sent to the device's Virus Chest. You can view and manage these detections in Device Details.

Scan Configuration

Configuring Boot-Time Scans

Boot-time scans are only available for Microsoft Windows devices, and will scan your device when it is just beginning to "boot up".

Windows locations to scan: you can select preset locations to scan from the drop-down menu, which are then added to the list. If desired, you can also type the path to a specific location to be included in the scan. Any locations you do not want included in the scan can be removed from the list by clicking the delete button.

Restart the device now: immediately restart the device in order to perform a boot-time scan. If you do not check this, the boot-time scan will run the next time the device restarts.

Notify users with a message before the restart: enter a message to be displayed to the end user notifying them the device will restart shortly

Specify when the above message will be displayed: select when the message will be displayed, between 1 minute, 10 minutes, 30 minutes, or 1 hour before restart.

Heuristics: heuristics enable Antivirus to detect unknown malware by analyzing code for commands that may indicate malicious intent. The default setting is Normal. With higher sensitivity, Antivirus is more likely to detect malware, but also more likely to make false-positive detections that incorrectly identify files as malware.

PUP and suspicious files: choose whether or not to scan for Potentially Unwanted Programs (PUPs)

Unpack archive files: choose whether or not to unpack archive file types during scanning, which is slower but more extensive

When a threat is found: choose what action AVG takes when a threat is detected, between Clean automatically, move to chest, repair, delete, or no action.

Cancel the scan on the workstation: choose whether or not the scan can be canceled on the workstation while it is running

Configuring Custom Scans

Custom scans provide the most control over what specific types of files, folders, programs, and processes are included in the AVG Business Antivirus scan. You can select different scan options for Windows Workstations, Windows Servers, and MacOS X Devices within the same scan task.

Configuring Locations

You can select preset locations to scan from the drop-down menu, which are then added to the list. If desired, you can also type the path to a specific location to be included in the scan. Any locations you do not want included in the scan can be removed from the list by clicking the delete button.

File Types Tab

You can choose whether or not to scan all files (or just the most common areas for threats). Additionally, you can configure the scan to recognize file types by their content, which requires scanning the entire file, or by their name extension which will only scan the files with the extensions you enter in the text box that appears when that option is selected.

Sensitivity Tab

Heuristics Sensitivity: Heuristics enable Antivirus to detect unknown malware by analyzing code for commands that may indicate malicious intent. The default setting is Normal. With higher sensitivity, Antivirus is more likely to detect malware, but also more likely to make false-positive detections that incorrectly identify files as malware. Code emulations unpack and test suspected malware in an emulated environment where the file cannot cause damage to devices. Use code emulation is enabled by default.

Sensitivity: choose to test whole files, which will cause the scan to be slower but more extensive.

PUP and suspicious files: choose whether or not to scan for Potentially Unwanted Programs (PUPs)

Links: choose whether any links within files are followed during the scan, which will cause the scan to be slower but more extensive.

Performance Tab

Priority: choose the priority of the scan on the end device(s). A higher priority will lead to a quicker scan, but will use more resources.

Persistent cache: choose whether to speed up the scan by using the persistent cache, and/or to store data about scanned files in the persistent cache which will slow down the scan.

File access: choose whether to speed up the scan by reading files in the order they are stored on the disk, which is only effective on NTFS volumes.

Actions Tab

Apply an action: choose whether or not actions are automatically taken during the scan when a virus, potentially unwanted program (PUP), or suspicious file is detected. The options are Clean Automatically, Move to chest, Repair, Delete, and No Action.

If, for whatever reason, AVG cannot complete the main action, it will attempt the action selected under If the action fails, use

Options: choose whether to perform the selected action upon restart.

Processing of infected archives: choose whether to only remove the packed file from the archive (and if that fails, do nothing), remove the packed file from the archive (and if that fails, remove the entire archive), or to remove the entire archive.

Packers Tab

Choose whether or not to extract all archive files for scanning.

There are many more features and options available in the AVG Business Management Consoles. For more information, please see the rest of our Knowledge Base.