Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Scan network and send SEP agent on computer without SEP agent

Created: 21 Aug 2013 • Updated: 21 Aug 2013 | 10 comments
This issue has been solved. See solution.

Hi all,

I will be very happy if someone can help me to fix this issues. Is that possible to scan my network and send SEP agent on computers without SEP agent.

Thanks for your prompt feedback.

Operating Systems:

Comments 10 CommentsJump to latest comment

Rafeeq's picture

Yes, unmanaged detector

http://www.symantec.com/business/support/index?page=content&id=TECH105722

that will scan your network to find the machine which does not have SEp installed.

you can later using the deployment method and install it

however it will not automatically install once it finds it.

SOLUTION
.Brian's picture

Yes, you can use an unmanaged detector. You can setup a SEP client to act as one to scan your subnets and report back on unmanaged devices. Do know that the SEP client needs to have NTP installed and you need one on every subnet.

Once you find these machines you can push the client from the SEPM. It will not happen automatically.

Configuring a client to detect unmanaged devices

Article:HOWTO80763  |  Created: 2012-10-24  |  Updated: 2013-08-20  |  Article URL http://www.symantec.com/docs/HOWTO80763

 

You can also use the client deployment wizard:

https://www-secure.symantec.com/connect/articles/c...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Charry Nsasi's picture

Ok thanks but it is a long process because i manage more than 1300 computers distributed in several cities. SEPM could have done better. Thanks for your answers.

.Brian's picture

It could be tough to manage with that many clients. The unmanaged detector will also report back all devices without SEP, which will include routers, switches, firewalls, etc. You will also need to add exclusions for these.

This is only a quick and dirty way. You would need to invest in something else such as NAC.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

Unmanged detector will list all the machines which broadcase ARP. You can always have check with your AD , what you  have installed and what machines are pending.

mkeil's picture

Or you have to use some client management software like Microsoft SCCM or Altiris.

Regards, 

mkeil

Please "Mark as Solution" if my post is useful

Mithun Sanghavi's picture

Hello,

You could use the Unmanaged Detector feature from SEPM.

When a device starts up, its operating system sends ARP traffic to the network to let other computers know of the device's presence. A client that is enabled as an unmanaged detector collects and sends the ARP packet information to the SEPM. This management server searches the ARP packet for the device's MAC and IP address. The server compares these addresses to the list of existing MAC and IP addresses in the server's database. If the server cannot find an address match, the server records the device as new. You can then decide whether the device is secure. Because the client only transmits information, it does not use additional resources.

Check this Article:

What does it mean to set a client as an Unmanaged Detector?

http://www.symantec.com/docs/TECH183746

Check this Thread: https://www-secure.symantec.com/connect/forums/unmanaged-detectors-user-mode

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Chetan Savade's picture

Hi,

Thank you for posting in Symantec community.

It's not an automated process. You will have to to do this job manually.

SEPM can only tell the list of machine where SEP client is not installed if unmanaged detector is configured.

You can configure the Notification condition for unmanaged detector & then SEPM will shoot an email with more details.

Email alert can be a quick way to identify and deploy SEP client on those machine.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Charry Nsasi's picture

Hi All and many thank

I tried the unmanaged detector, it's working fine, notifications are arriving by email for machines without sep agent. it just remain to add exceptions for printers, routers, etc...

Kind Regards. :)

Charry N.