Video Screencast Help

Is it possible with SEPM to discover the machines without SEP in the network

Created: 30 Dec 2012 • Updated: 30 Dec 2012 | 5 comments

Is it possible with SEPM to discover the machines without SEP in the network

Comments 5 CommentsJump to latest comment

pete_4u2002's picture

yes, unmanaged detector will identify

What does it mean to set a client as an Unmanaged Detector?
http://www.symantec.com/docs/TECH105722

Find Unmanaged Clients on a remote network location using the Unmanaged Detector
http://www.symantec.com/docs/TECH96234

Setting notifications when using the "Unmanaged Detector" feature in the SEPM
http://www.symantec.com/docs/TECH104897

.Brian's picture

Unmanaged detector works fine but you need to ensure NTP is installed and you need to have one on every subnet as it uses ARP requests.

The other problem you will run into is the unmanaged detector will also detect on routers, switches, hubs, etc. You need to be able to set exclusions and decipher which devices are which. It is not a very user friendly process.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Shairaj's picture

Thank You Pete and Brian...

Am having over hundred machines without AV in my network. I need to find out those machines and need to push the SEP client from the console remotely. Is it possible to identify the machine and push the client package in 12.1 like the way we do it in 11.x version. because in 11.x version we can specify the subnet range, domain name etc. and get the list of machines without AV, select the particular machine and push the SEP client remotely by using find unmanaged computers under client tab.

.Brian's picture

Yes, check this article on how to use for 12.1

https://www-secure.symantec.com/connect/articles/c...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Chetan Savade's picture

Hi,

When a device starts up, its operating system sends ARP traffic to the network to let other computers know of the device's presence. A client that is enabled as an unmanaged detector collects and sends the ARP packet information to the SEPM. This management server searches the ARP packet for the device's MAC and IP address. The server compares these addresses to the list of existing MAC and IP addresses in the server's database. If the server cannot find an address match, the server records the device as new. You can then decide whether the device is secure. Because the client only transmits information, it does not use additional resources.

You can configure the unmanaged detector to ignore certain devices, such as a printer. You can also set up email notifications to notify you when the unmanaged detector detects an unknown device.

NOTE: In order to act as an unmanaged detector, SEP clients must have Network Threat Protection (NTP) enabled and be in Computer Mode. User Mode clients or clients without the firewall component (NTP) cannot act as unmanaged detectors.

Reference article: SEP 12.1 - What does it mean to set a client as an Unmanaged Detector?

http://www.symantec.com/docs/TECH183746

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<