1. Is there a tool from symantec that i can use that can audit PCs for vulnerabilities as far as missing OS patches, or missing Java patches?
2. also is there a tool that can scan my network and report on devices that don't have endpoint client installed
1. You can check out Symantec Security Enterprise Manager:
https://www.symantec.com/security_response/securityupdates/list.jsp?fid=esm
2. You can use an unmanaged detector for finding devices without SEP. It is a quick and dirty method:
SNAC would be the one you would want to use. You can deny PCs without SEP from accessing your network.
Not sure what SEP Version are you using - here some more documentation to Unmanaged Detectors:
http://www.symantec.com/docs/TECH104340
https://www-secure.symantec.com/connect/articles/unmanaged-detector-sep-121
Brian,
Does Symantec Security Enterprise Manager can be trial edition or this is a part of SEPM suite ?
ESM is a differnet product::
http://www.symantec.com/security_response/securityupdates/list.jsp?fid=esm
...check the connect forum for it:
https://www-secure.symantec.com/connect/security/forums/enterprise-security-manager
ah cool,
thanks for the explanation Sebastian !