Endpoint Protection

 View Only

  • 1.  Is it possible with SEPM to discover the machines without SEP in the network

    Posted Dec 30, 2012 09:06 AM

    Is it possible with SEPM to discover the machines without SEP in the network



  • 2.  RE: Is it possible with SEPM to discover the machines without SEP in the network

    Broadcom Employee
    Posted Dec 30, 2012 09:16 AM
    yes, unmanaged detector will identify What does it mean to set a client as an Unmanaged Detector? http://www.symantec.com/docs/TECH105722 Find Unmanaged Clients on a remote network location using the Unmanaged Detector http://www.symantec.com/docs/TECH96234 Setting notifications when using the "Unmanaged Detector" feature in the SEPM http://www.symantec.com/docs/TECH104897


  • 3.  RE: Is it possible with SEPM to discover the machines without SEP in the network

    Posted Dec 30, 2012 09:26 AM

    Unmanaged detector works fine but you need to ensure NTP is installed and you need to have one on every subnet as it uses ARP requests.

    The other problem you will run into is the unmanaged detector will also detect on routers, switches, hubs, etc. You need to be able to set exclusions and decipher which devices are which. It is not a very user friendly process.



  • 4.  RE: Is it possible with SEPM to discover the machines without SEP in the network

    Posted Dec 30, 2012 12:30 PM

    Thank You Pete and Brian...

    Am having over hundred machines without AV in my network. I need to find out those machines and need to push the SEP client from the console remotely. Is it possible to identify the machine and push the client package in 12.1 like the way we do it in 11.x version. because in 11.x version we can specify the subnet range, domain name etc. and get the list of machines without AV, select the particular machine and push the SEP client remotely by using find unmanaged computers under client tab.



  • 5.  RE: Is it possible with SEPM to discover the machines without SEP in the network

    Posted Dec 30, 2012 06:34 PM

    Yes, check this article on how to use for 12.1

    https://www-secure.symantec.com/connect/articles/client-deployment-wizard-sep-121



  • 6.  RE: Is it possible with SEPM to discover the machines without SEP in the network

    Broadcom Employee
    Posted Dec 31, 2012 05:00 AM

    Hi,

    When a device starts up, its operating system sends ARP traffic to the network to let other computers know of the device's presence. A client that is enabled as an unmanaged detector collects and sends the ARP packet information to the SEPM. This management server searches the ARP packet for the device's MAC and IP address. The server compares these addresses to the list of existing MAC and IP addresses in the server's database. If the server cannot find an address match, the server records the device as new. You can then decide whether the device is secure. Because the client only transmits information, it does not use additional resources.

    You can configure the unmanaged detector to ignore certain devices, such as a printer. You can also set up email notifications to notify you when the unmanaged detector detects an unknown device.

    NOTE: In order to act as an unmanaged detector, SEP clients must have Network Threat Protection (NTP) enabled and be in Computer Mode. User Mode clients or clients without the firewall component (NTP) cannot act as unmanaged detectors.

    Reference article: SEP 12.1 - What does it mean to set a client as an Unmanaged Detector?

    http://www.symantec.com/docs/TECH183746