This site is for Avast Business products only. For articles on AVG Business products, see AVG Business Help. If you are in the right place but cannot find what you are looking for, please contact Avast Business Support for further assistance.

Network Discovery and Remote Deployment

This Article Applies to:

  • Avast Business Hub


IMPORTANT: If any devices in your network are running legacy OS (e.g. Windows XP, Vista, 2003, or 2008 SP2) and you attempt remote deployment with those devices included, the deployment will fail for all devices selected. Therefore, please ensure you do not select and attempt deployment to devices with legacy OS installed.

Network Discovery

Network discovery in the Business Hub enables you to scan your network so you know what devices are connected to it. This involves two main steps:

  1. Configuring scan settings
  2. Scanning network for devices

To access these settings, click the Network Discovery tab on the Devices page. Then click Set up your first scan.

Scan Settings

Adding Scanning Agent

The Scanning Agent is responsible for scanning for devices on your network and, if desired, remotely distributing Avast services to those devices. It functions more or less the same as the Local Update Server (see Setting Up Update Agents and Local Update Servers).

Only Windows devices can become Scanning Agents.

  1. Click + Add Scanning Agent
  2. Select the checkbox of the device you would like to promote to scanning agent
  3. Click Add Scanning Agent

Once a Scanning Agent has been added, it will appear in the Devices scanning your networks section of the settings.

Scanning Agent can only be enabled for devices running Antivirus agent version 4.31 or higher.

Scanning Methods

There are two available methods for scanning your network.

Network scan: this option scan all devices connected to your network. The device detection process uses Address Resolution Protocol (ARP) to ping all IP addresses within the subnet in order to get their MAC address. This process can take up to 15 minutes, possibly longer depending on the network. If a response is received with a MAC address, a reverse DNS lookup occurs to get the host name for the IP.

Active Directory scan: this option scans all devices that are part of your Active Directory domain by fetching the AD database.

Use the toggles to select which scan method(s) you would like to use. If you choose Active Directory scan, ensure you enter the domain name and your AD credentials (user name and password).

Scan Results

If you would like to remove devices from the list of found devices that are not managed or cannot be managed by the Hub, you can choose to have them automatically deleted if they have not been seen in the past 30 days. Use the toggle beside Auto-removal of old devices to turn this on or off.

Scanning Your Network for Devices

Once you have configured your Network scan settings, click Scan network to save your selections and begin the scan.

When the scan is complete, you will be able to see all found devices in a list, which includes the device's name, IP address, Active Directory Group (if applicable), what scanning agent detected it, when it was last detected, and its status.


  • Unmanaged: the device is not managed by the Hub and meets the System Requirements
  • Installation queue: Avast services are waiting to be installed
  • Installing Avast: Avast services are being installed on the device
  • Installation failed: Avast services could not be installed due to an error (such as credentials or offline device)
  • Unmanageable: the device is not managed by the Hub but does not meet the System Requirements
  • Offline: the device could not be reached or is offline
  • Managed by Avast: the device is already managed by the Hub

Remote Deployment

Remote Deployment becomes available once you have installed Avast services on at least one device in your network. You can see whether or not you have managed devices on the Devices page of the Hub. See Adding Devices to Business Hub for more details on adding devices manually.

Remotely Installing Avast Services on Devices

Once a network scan has been completed and you have located Unmanaged devices on the Network Discovery tab, you can remotely install Avast services.

For devices that are not connected to Active Directory, you will need to change restrictions on remote UAC (User Account Control). Open RegEdit, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, and add or edit the item "DWORD LocalAccountTokenFilterPolicy" and set to 1. For more information, see Microsoft’s article on UAC remote restrictions.

  1. Click the checkbox(es) for the device(s) you would like to manage in the Hub
  2. Click Install security services
  3. Choose installation settings:
    1. Select which services to install using the drop-down menus and the toggles
    2. Select which group and policy to use
    3. Enter local admin credentials for remote access to the device
      • Without these credentials, remote deployment will fail. Ensure the correct username and password have been entered.
    4. Select whether to automatically remove conflicting Antivirus products from the device
  4. Click Install the package remotely

Remote deployment may take some time, depending on the number of devices you are adding, the services you chose, and the speed of your network. Ensure the device is online until the installation finishes. Successfully installed devices will appear on the Managed devices tab.

Troubleshooting and Frequently Asked Questions