Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Reporting unknown device attached to the LAN ?

Created: 19 Oct 2012 • Updated: 19 Nov 2012 | 3 comments
This issue has been solved. See solution.

Hi how to perform reporting capability so that the security administrator is alerted by email when there is unknown device is plugged in to the network in that day ?

Discussion Filed Under:

Comments 3 CommentsJump to latest comment

Ashish-Sharma's picture

HI,

Notification –

Show verbose Host Integrity Logging – If you check the box for show verbose Host Integrity Logging it displays the detailed information about the Host Integrity requirement in the Security Log. Once you highlight that the requirement on the Lower right hand pane of the security logs shows the detailed information which includes the conditions that the requirement checks for, such as a particular registry key. You can still view the information in the Compliance log on the Monitors page in the management server. If you uncheck this option the results of the Host Integrity check still appear in the lower left-hand pane. By default this option is Enabled/ Checked.

Display a notification message when a Host Integrity check fails- You can choose to display a notification message for the users to know that the client computer did not pass the Host Integrity check.

Display a notification message when a Host Integrity check passes after previously failing- If the Host Integrity check fails and users are send to remediate, the users will not know that the Host Integrity check ran again and it passed this time. So you can display a notification message that informs the users if the check passes after a failure.

User must log on before applications and Host Integrity notifications appear- This option is Checked/Enabled by default. Host Integrity remediation runs even if the user is not logged on. The client can remediate the client computer with operating system updates or necessary security software at any time. You can work around this issue when you write a custom requirement that uses the Run a program function. You can use this function to launch a program that uses the logged-in user context.

Reference :

What all can you do with Symantec Network Access Control?

https://www-secure.symantec.com/connect/articles/what-all-can-you-do-symantec-network-access-control

Creating and testing a Host Integrity Policy

http://www.symantec.com/business/support/index?page=content&id=HOWTO11091

Creating and testing a Host Integrity policy

http://www.symantec.com/business/support/index?page=content&id=HOWTO55759

Working with Custom HOST INTEGRITY (HI) Policy using the “CUSTOM REQUIREMENT LOGIC”

https://www-secure.symantec.com/connect/articles/working-custom-host-integrity-hi-policy-using-custom-requirement-logic

Thanks In Advance

Ashish Sharma

SOLUTION
Chuck Edson's picture

There is also the capability to have a SEP agent be an Unmanaged Detector, where it listens for an ARP broadcast when a device joins the subnet that the Unmanaged Detector is on.  The Unmanaged Detector then queries the "new" machine and sees if it gets a response from a SEP agent.  If it does not get a response, it will send this info to the SEPM, which you can configure to send you an alert.

If a post helps you, please mark it as the solution to your issue.

John Santana's picture

thanks for the solution guys !

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.