Is it possible with SEPM to discover the machines without SEP in the network
Created: 30 Dec 2012 | Updated: 30 Dec 2012 | 5 comments
Is it possible with SEPM to discover the machines without SEP in the network
Discussion Filed Under:
Comments 5 Comments • Jump to latest comment
yes, unmanaged detector will identify
What does it mean to set a client as an Unmanaged Detector?
http://www.symantec.com/docs/TECH105722
Find Unmanaged Clients on a remote network location using the Unmanaged Detector
http://www.symantec.com/docs/TECH96234
Setting notifications when using the "Unmanaged Detector" feature in the SEPM
http://www.symantec.com/docs/TECH104897
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Unmanaged detector works fine but you need to ensure NTP is installed and you need to have one on every subnet as it uses ARP requests.
The other problem you will run into is the unmanaged detector will also detect on routers, switches, hubs, etc. You need to be able to set exclusions and decipher which devices are which. It is not a very user friendly process.
SEP Knowledge Base
Endpoint SWAT
Thank You Pete and Brian...
Am having over hundred machines without AV in my network. I need to find out those machines and need to push the SEP client from the console remotely. Is it possible to identify the machine and push the client package in 12.1 like the way we do it in 11.x version. because in 11.x version we can specify the subnet range, domain name etc. and get the list of machines without AV, select the particular machine and push the SEP client remotely by using find unmanaged computers under client tab.
Yes, check this article on how to use for 12.1
https://www-secure.symantec.com/connect/articles/c...
SEP Knowledge Base
Endpoint SWAT
Hi,
When a device starts up, its operating system sends ARP traffic to the network to let other computers know of the device's presence. A client that is enabled as an unmanaged detector collects and sends the ARP packet information to the SEPM. This management server searches the ARP packet for the device's MAC and IP address. The server compares these addresses to the list of existing MAC and IP addresses in the server's database. If the server cannot find an address match, the server records the device as new. You can then decide whether the device is secure. Because the client only transmits information, it does not use additional resources.
You can configure the unmanaged detector to ignore certain devices, such as a printer. You can also set up email notifications to notify you when the unmanaged detector detects an unknown device.
NOTE: In order to act as an unmanaged detector, SEP clients must have Network Threat Protection (NTP) enabled and be in Computer Mode. User Mode clients or clients without the firewall component (NTP) cannot act as unmanaged detectors.
Reference article: SEP 12.1 - What does it mean to set a client as an Unmanaged Detector?
http://www.symantec.com/docs/TECH183746
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Would you like to reply?
Login or Register to post your comment.