To discover computers on the network, a computer that runs the Symantec System Center sends several pings, which are UDP broadcasts to port 38293, to the network. The ping program verifies that the remote computer exists and can accept requests.. Only antivirus servers are discovered by using this ping and pong mechanism. Symantec Client Security finds client information by querying the server for its client information. Clients ping the server to get the port number that the server’s Rtvscan listens on. The client’s Rtvscan can then send its keep-alive packet to the parent server’s Rtvscan, and communication can begin. The keep-alive packet contains information such as the following:
■ Date of the computer’s virus definitions files
■ When the computer was last infected
■ Firewall version
■ Timestamp of the firewall policy
■ If the firewall is installed, enabled, and whether there was an error importing the last policy sent
■ If the firewall policy on the server and client differ IP pings are sent to the remote computer running Symantec Client Security server software to determine what type of protocol it uses.
The data from the computer that runs Symantec Client Security client software is stored on the computer that runs Symantec Client Security server software that is the client’s parent management server. The Symantec System Center console reads each parent management server’s registry to get the data that it displays in the console.
You can configure the Discovery Cycle time-out interval. By default, the interval is set to 480 minutes (every 8 hours), but you can set the time-out to any value from 1 to 1440 minutes between Discovery attempts. A new Discovery is skipped if the last Discovery is still running. For example, if you have Discovery set to run once a minute, and Discovery takes 20 minutes, 19 Discovery attempts are skipped.
Using the Refresh feature
In the Symantec System Center console, you can refresh the information in the console at the system hierarchy, server group, or server level to validate active communication with the list of currently displayed servers. If the refresh determines that a server that previously appeared in the server group view is nolonger communicating, the unavailable server icon appears.
Note: The Refresh feature does not find servers or server groups that may havebeen added since the current session of the Symantec System Center started.