Endpoint Protection

 View Only

  • 1.  Rogue Machine Detection and Remediation

    Posted Jan 12, 2015 12:50 PM

    Hello all,

      Forgive me if these area a little basic as I am a new Admin to this system and learning:

     

    • Need of a solution for Rogue Machine Detection and Remediation.
    • Running 12.1 RU5 with an Enterprise of 7K+ Clients
    • One location with over 3K machines on set domain and 4k+ field units running in multiple locations.
    • I am a little confused on some specifics and any help is greatly appreciated. I understand HI controls service packs and itterational requirements for software.
    • Also understand that NAC is now "built in" to SEPM RU5.

     

    Besides the tedious task of setting up Hundreds of ‘Unmanaged Detectors’:

     

    1. Is there a better option for Rogue machine detection? As in Host Integrity or NAC, etc?

    2. Reference the prior question: Does the new RU SNAC integration with SEP and HI work to control rogue machines at all?

    3. Or is this need filled by Network Enforcer?

     

    Thanks again for any assistance or guidance on this!



  • 2.  RE: Rogue Machine Detection and Remediation

    Posted Jan 12, 2015 01:59 PM

    When you say rogue, you mean unmanaged clients? NAC is built-in to 12.1.5 but it is host NAC so clients need the agent on it to enforce policy.

    Unmanaged detectors work fine however you need one on every subnet so it can be tedious.

    Have a look at this script:

    https://gallery.technet.microsoft.com/scriptcenter/Symantec-Endpoint-8e47c450

    Works great!



  • 3.  RE: Rogue Machine Detection and Remediation

    Posted Jan 12, 2015 03:52 PM

    Yes unmanaged machines,

    I like the idea of that script for a backup, thanks Brian. I am looking at it now.

    We however have a lot of vendors coming in and out of the building along with unmanaged laptops from field offices neededing updated clients, sometimes the client itself, etc. and are trying to determine if the best bet for Network Access Control would may be best deployed with SEP or at the Network layer through the racks.

     

    If SEP can automate detection and remediation that would be, well..... Awesome!



  • 4.  RE: Rogue Machine Detection and Remediation

    Posted Jan 13, 2015 11:02 AM

    SEP can only do NAC if the client is installed on the machine. For what you need, you'll need NAC in the racks.



  • 5.  RE: Rogue Machine Detection and Remediation

    Trusted Advisor
    Posted Jan 14, 2015 03:56 AM

    The Powershell script looks useful, but there is an comment posted on it, saying that with v12.1.5, the filename has been changed so I suspect the script needs updating for it to work.

    Just an FYI.