Video Screencast Help

How to clear the Unkown Device Failures list

Created: 31 Aug 2010 • Updated: 08 Oct 2010 | 20 comments
This issue has been solved. See solution.

How can I clear the Uknown Device Failures list?  An Unmanaged Device Detector was accidently set and it brought in all of our routers and printers and other network devices which has caused an "attention needed" red notice on the main SEPM window.

Thanks

Comments 20 CommentsJump to latest comment

Vikram Kumar-SAV to SEP's picture

This is how to create it..
So just remove this notification
http://service1.symantec.com/SUPPORT/ent-security....
However you can also create exceptions for your routers and printer in this notification
http://www.symantec.com/connect/forums/unknown-device-failure

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

MishaUa's picture

Is there any easy way to just delete the devices that it currently found?  I don't plan on using an unmanaged device detector and we have almost 400 unmanaged devices.  Excluding a device via mac did not seem to remove it from the list.  Do you need to exclude it on the dector that found it?  What if that detector has been disabled already?

Vikram Kumar-SAV to SEP's picture

Follow the 1st link

  1. Open and login to the Symantec Endpoint Protection Manager
  2. Click on Monitors Tab
  3. Click on Notifications

Delete Unmanaged Detector notification

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

MishaUa's picture

The Notification\Notification Conditions tab is empty.  It must be a builtin notification?

Vikram Kumar-SAV to SEP's picture

Now you won't see any more of it as Detector is disabled or Notification is removed.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

MishaUa's picture

The thing is I still see it.  There were no notifications to remove.

Vikram Kumar-SAV to SEP's picture

On the Home Page in the Bottom Left cornet..Due you still see no. of Unknown Device Failure
Can you send us the screenshot aswell

If its showing Under Security Status only then it might be old notification..
Try restarting SEPM and Database service and check if it goes away

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

MishaUa's picture

They only appear under the Security Status.  I am pretty sure that the notifications are old ones because I set another computer as an Unmanaged Detector for a test and it brought in new devices.  When I disabled it those new unmanaged devices went away.  I will attempt your suggestion to restart the SEPM and th Database services.

VKalani's picture

If restarting SEPM and database does not resolve it, try to repair SEPM, from Add/Remove programs.

-VKalani

AravindKM's picture

In SEPM Home page click on preferences--->Home and monitors ,select notification as "only show my notification" and see....

If not helps provide a screen shot to us...

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

MishaUa's picture

None of the suggested fixes have yielded any results thus far.  I am hesitant do a repair install because it doesn't seem like that drastic of a measure needs to be taken to clear a security warning.  Here are the screenshots

Rafeeq's picture

have you set any unmanged detector in your SEPM?
if so remove it and make it again with exclusions..

MishaUa's picture

I set an unmanaged detector temporarly as a test.  It started pulling in devices but when I disabled it all the devices that it found went away.  The previous Unmanaged Detector has been disabled for quite some time now but the devices it found wont go away.

Rafeeq's picture

the system which you set as an unmanged detector ; move it to a test group
restart the service of the client
make sure its no more a detector :)
 

Vikram Kumar-SAV to SEP's picture

Try this

Sweeping SEPM log data from the database manually

http://service1.symantec.com/support/ent-security.nsf/docid/2008070913131048?Open&seg=ent

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

MishaUa's picture

I have not attempted to sweep the logs manually.  Originally though I didn't I have enough access to do that.  I checked this morning and I do have enough access but it seems that it will not be necessary.  The Security status shows the status of Good and is all green this morning.  The problematic Unmanaged Detector does not show up any more.  It also does not show up in clients.  Is there a setting in SEPM that removes clients if they have not phoned home in a while?  Thanks to everyone for the help.  I think in a normal situation if the Detector is left on most of the time,  disabling it as a detector would clear the devices it found.  I my case the device had not been on the network for a long period of time and that is why I think it would not clear.  Thanks to everyone for the input.

Rafeeq's picture

its under
admin
servers
right click on local site
click properties
you will find the delete client if not connected for such and such days
the default is 30 days
i think disabling it unmanged should have fixed the issue.
the db sweep of sepm might took some time

AravindKM's picture

If a client is not reported to the server for a period(By default it is 30 days but you can configure it in SEPM-->admin-->servers--->local site-->edit local site properties-->general).You can also configure the log age in SEPM-->admin-->servers--->local site-->edit local site properties-->Database 

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

MishaUa's picture

I think Ideally if a client is connecting normally to the SEPM server,  disabling it as an Unmanaged Detector should clear out the logs immediately.  In my case the computer had stopped connecting to the SEPM server a while back.  I disabled it as an Unmanaged Detector but it cleared the logs only after the client was deleted by the SEPM policy.  Basically my problem is solved.  Ultimately I think the thing that fixed it was disabling Unmanaged Detector on the client from SEPM.

Thanks

SOLUTION
Hear4U's picture

Hi all,

If you're not familiar with the contest, please take a look at this blog post, which will help users understand how they can win prizes every week over the next several weeks!

https://www-secure.symantec.com/connect/blogs/secu...

Solve the threads included in the contest, and you could be "King for a Week!"

Best,

Eric

check out the community at www.infoblox.com/community