Unmanaged Detector in SEP 12.1
To configure the client as an unmanaged detector, you must do the following actions:
- Enable Network Threat Protection.
- Switch the client to computer mode.
- Install the client on a computer that runs all the time.
- Enable only Symantec Endpoint Protection clients as unmanaged detectors.
- A Symantec Network Access Control client cannot be an unmanaged detector.
To configure a client to detect unauthorized devices
1 In the console, click Clients.
2 Under View Clients, select the group that contains the client that you want to enable as an unmanaged detector.
3 On the Clients tab, right-click the client that you want to enable as an unmanaged detector, and then click Enable as Unmanaged Detector.
4 To specify one or more devices to exclude from detection by the unmanaged detector, click Configure Unmanaged Detector.
5 In the Unmanaged Detector Exceptions for client name dialog box, click Add.
6 In the Add Unmanaged Detector Exception dialog box, click one of the following options:
■ Exclude detection of an IP address range, and then enter the IP address range for several devices.
■ Exclude detection of aMACaddress, and then enter the device's MAC address.
7 Click OK.
8 Click OK.
To display the list of unauthorized devices that the client detects
1 In the console, click Home.
2 On the Home page, in the Security Status section, click More Details.
3 In the Security Status Details dialog box, scroll to the Unknown Device Failures table.
4 Close the dialog box.
Comments
Nice one
Nice one
Swapnil
SOC Team .
Please don't forget to mark your thread solved with whatever answer helped you.
thank you :-).
thank you :-).
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Exclusion Issues
I have added exlusions, but they still show up in the list. I'm using the IP address range to block monitoring things like network printers, etc.
What else is missing?
thanks, Jake
Is there a way to add
Is there a way to add multiple mac address to exclude ? like importing from a file
you can multiple MAC address
you can multiple MAC address one by one. we cannot import a file to exclude.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
What if i have 400 mac id's
What if i have 400 mac id's to exlude?..
may be we can add it as an
may be we can add it as an IDEA, going to add it in sometime.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
say if i add some mac address
say if i add some mac address in exclusion list.. Where it will be saved?. in sepm or client. If it's saved in a file somewhere can we edith that ?
it will be saved in the SEPM
it will be saved in the SEPM database.
IDEA
https://www-secure.symantec.com/connect/ideas/import-file-mac-address-exclusion-unmanaged-detector
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Confused
Thanks pete for directing me in the right direction.
But it seems in the database the ip address range is hashed somehow.
I've excluded some ip address range in console by configure unmanaged detector. when i query in database i dont see the actual ip address mentioned, only some random number is there... attached screen shot for your reference
can you check this Monitors >
can you check this
Monitors > Notification > View Notifications from Symantec Endpoint Protection Manager you see IP addresses in the report that were excluded.does that help?
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
My point is different..
Instaed of adding the mac address/ip address one by one i'm thinking of adding those directly to the database.
its not recommended to
its not recommended to directly insert into DB without DB schema information. however if it is must you can take a backup of db and then insert the query.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Would you like to reply?
Login or Register to post your comment.