Endpoint Protection

 View Only
Back to Library

Unmanaged Detector in SEP 12.1 

Feb 04, 2012 11:39 AM

To configure the client as an unmanaged detector, you must do the following actions:

  •  Enable Network Threat Protection.
  •  Switch the client to computer mode.
  •  Install the client on a computer that runs all the time.
  •  Enable only Symantec Endpoint Protection clients as unmanaged detectors.
  • A Symantec Network Access Control client cannot be an unmanaged detector.

 

To configure a client to detect unauthorized devices

1 In the console, click Clients.

2 Under View Clients, select the group that contains the client that you want to enable as an unmanaged detector.

3 On the Clients tab, right-click the client that you want to enable as an unmanaged detector, and then click Enable as Unmanaged Detector.

4 To specify one or more devices to exclude from detection by the unmanaged detector, click Configure Unmanaged Detector.

5 In the Unmanaged Detector Exceptions for client name dialog box, click Add.

6 In the Add Unmanaged Detector Exception dialog box, click one of the following options:

Exclude detection of an IP address range, and then enter the IP address range for several devices.

Exclude detection of aMACaddress, and then enter the device's MAC address.

7 Click OK.

8 Click OK.

 

To display the list of unauthorized devices that the client detects

1 In the console, click Home.

2 On the Home page, in the Security Status section, click More Details.

3 In the Security Status Details dialog box, scroll to the Unknown Device Failures table.

4 Close the dialog box.

Statistics
0 Favorited
4 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

shaabin
Feb 29, 2016 04:59 AM

while i enable the Unmanged detector.the security status is :Attention needed(Red color:failed)

cable mite
Apr 13, 2015 08:54 PM

Hey Sadelphin were you able to add to the database directly? I have been wanting to use the unmanaged detector but the adding of these exclusions is too painful.

AjinBabu
May 23, 2013 03:32 AM

Nice One Pete

TRS-80 Certified Professional
Dec 06, 2012 04:08 PM

Does your network use the 172.x.x.x range?  It looks like these are just your IP addresses represented by a 4-byte integer.

For instance, if I plug the first entry "2887716761" into my decimal to hex calculator, I get AC 1F 0F 99.  Break this up into the components, and convert them back to decimal: AC=172, 1F=31, 0F=15, 99=153.  So it looks like this is 172.31.15.153.

There are various tools to do this on the Internet, as well as some code examples.

http://www.developmentnow.com/g/96_2005_8_0_0_580868/Convert-Decimal-to-IP.htm
http://www.geektools.com/geektools-cgi/ipconv.cgi

I'm tempted to insert some into our database as well.  This is a good feature, but is just about useless on mixed networks of any size without having a better user interface, especially when you have numerous printers and IP phones to contend with.

John Santana
Nov 11, 2012 09:48 PM

cool, thanks man !

pete
May 19, 2012 08:05 AM

its not recommended to directly insert into DB without DB schema information. however if it is must you can take a backup of db and then insert the query.

Migration User
May 19, 2012 06:57 AM

Instaed of adding the mac address/ip address one by one i'm thinking of adding those directly  to the database.

 

pete
May 19, 2012 06:52 AM

can you check this

Monitors > Notification > View Notifications from Symantec Endpoint Protection Manager you see IP addresses in the report that were excluded.does that help?

 

 

Migration User
May 19, 2012 06:43 AM

Thanks pete for directing me in the right direction.

But it seems in the database the ip address range is hashed somehow.

I've excluded some ip address range in console by configure unmanaged detector. when i query in database i dont see the actual ip address mentioned, only some random number is there... attached screen shot for your reference

pete
May 19, 2012 02:51 AM

it will be saved in the SEPM database.

IDEA

https://www-secure.symantec.com/connect/ideas/import-file-mac-address-exclusion-unmanaged-detector

Migration User
May 19, 2012 02:34 AM

say if i add some mac address in exclusion list.. Where it will be saved?. in sepm or client. If it's saved in a file somewhere can we edith that ?

pete
May 19, 2012 01:39 AM

may be we can add it as an IDEA, going to add it in sometime.

Migration User
May 19, 2012 12:16 AM

What if i have 400 mac id's to exlude?..

pete
May 18, 2012 09:05 AM

you can multiple MAC address one by one. we cannot import a file to exclude.

Migration User
May 18, 2012 08:46 AM

Is there a way to add multiple mac address to exclude ? like importing from a file

Migration User
Apr 23, 2012 05:02 AM

I have added exlusions, but they still show up in the list.  I'm using the IP address range to block monitoring things like network printers, etc.

What else is missing?

 

thanks, Jake

pete
Feb 20, 2012 09:28 PM

thank you :-).

Migration User
Feb 20, 2012 04:23 PM

Nice one

Related Entries and Links

No Related Resource entered.