Found there are two ways to find out unmanaged computers. One is unmanaged detector, the other is client deployment wizard. In client deployment wizard, click Search Network -> Find computers -> IP address range. The result include managed/unmanaged SEP clients and some other network devices,like router. How the searching engine work? according to ping and nslookup result?
There is an article says the searching result by Client deployment wiard, also can be found in DB sem5 dbo.network_scan_result. Does it mean the searching engine is working automatically and record the search result into DB on schedule?

Check this

http://www.symantec.com/connect/articles/client-deployment-wizard-sep-121

you can exclude the printers and routers from unamanaged detector.

searched results are stored in this table.

Hi My questions focus on "How does the searching engine in Client Deploymentwizard work? according to ping and nslookup result?" and "Does searching engine work automatically and record the search result into DB on schedule?" Seems I cannot find answer from your posts. Thanks

this should answer ytour questin

When a device starts up, its operating system sends ARP traffic to the network to let other computers know of the device's presence. A client that is enabled as an unmanaged detector collects and sends the ARP packet information to the SEPM. This management server searches the ARP packet for the device's MAC and IP address. The server compares these addresses to the list of existing MAC and IP addresses in the server's database. If the server cannot find an address match, the server records the device as new. You can then decide whether the device is secure. Because the client only transmits information, it does not use additional resources.

You can configure the unmanaged detector to ignore certain devices, such as a printer. You can also set up email notifications to notify you when the unmanaged detector detects an unknown device.

NOTE: In order to act as an unmanaged detector, SEP clients must have Network Threat Protection (NTP) enabled and be in Computer Mode. User Mode clients or clients without the firewall component (NTP) cannot act as unmanaged detectors.

http://www.symantec.com/business/support/index?page=content&id=TECH105722

Hi Pete_4u2002,

But it is the techinical info of Unmanaged detector. What I what to know is how the searching engine in Client Deployment wizard works. It is different technique. As I know that unmanaged detector is better than Client Depolyment wizard, because searching engine in Client Deployment wizard cannot detect client with Firewall enabled. That is why I want to know how it works. Appreciated if you can find an answer.

can you post the screenshot for the information you looking at? is it pushing the client package or searching the client for pushing the package?

About client deployment methods

Deploying clients by using Remote Push

its basically ICMP pingout time to look for clients for deploying the client package.