Endpoint Protection

Hi all,

I will be very happy if someone can help me to fix this issues. Is that possible to scan my network and send SEP agent on computers without SEP agent.

Thanks for your prompt feedback.

Yes, you can use an unmanaged detector. You can setup a SEP client to act as one to scan your subnets and report back on unmanaged devices. Do know that the SEP client needs to have NTP installed and you need one on every subnet.

Once you find these machines you can push the client from the SEPM. It will not happen automatically.

Configuring a client to detect unmanaged devices

You can also use the client deployment wizard:

https://www-secure.symantec.com/connect/articles/client-deployment-wizard-sep-121

Yes, unmanaged detector

http://www.symantec.com/business/support/index?page=content&id=TECH105722

that will scan your network to find the machine which does not have SEp installed.

you can later using the deployment method and install it

however it will not automatically install once it finds it.

Ok thanks but it is a long process because i manage more than 1300 computers distributed in several cities. SEPM could have done better. Thanks for your answers.

It could be tough to manage with that many clients. The unmanaged detector will also report back all devices without SEP, which will include routers, switches, firewalls, etc. You will also need to add exclusions for these.

This is only a quick and dirty way. You would need to invest in something else such as NAC.

Unmanged detector will list all the machines which broadcase ARP. You can always have check with your AD , what you  have installed and what machines are pending.

Or you have to use some client management software like Microsoft SCCM or Altiris.

Regards, 

mkeil

Hello,

You could use the Unmanaged Detector feature from SEPM.

When a device starts up, its operating system sends ARP traffic to the network to let other computers know of the device's presence. A client that is enabled as an unmanaged detector collects and sends the ARP packet information to the SEPM. This management server searches the ARP packet for the device's MAC and IP address. The server compares these addresses to the list of existing MAC and IP addresses in the server's database. If the server cannot find an address match, the server records the device as new. You can then decide whether the device is secure. Because the client only transmits information, it does not use additional resources.

Check this Article:

What does it mean to set a client as an Unmanaged Detector?

http://www.symantec.com/docs/TECH183746

Check this Thread: https://www-secure.symantec.com/connect/forums/unmanaged-detectors-user-mode

Hope that helps!!

Hi,

Thank you for posting in Symantec community.

It's not an automated process. You will have to to do this job manually.

SEPM can only tell the list of machine where SEP client is not installed if unmanaged detector is configured.

You can configure the Notification condition for unmanaged detector & then SEPM will shoot an email with more details.

Email alert can be a quick way to identify and deploy SEP client on those machine.

Thanks all for your answers.

Hi All and many thank

I tried the unmanaged detector, it's working fine, notifications are arriving by email for machines without sep agent. it just remain to add exceptions for printers, routers, etc...

Kind Regards. :)

Charry N.