I'm biting the bullet and enabling the Unmanaged Detector feature on Symantec Endpoint Protection. Aside from the pain of manually adding every device on the subnet that isn't a computer, I'm encountering an issue where it is reporting some false positives.
So far in each case, the client being falsely accused has multiple network interfaces. One was a laptop with a wired and wireless adapter. The detector was reporting the wireless NIC as unmanaged. The strange part is that I couldn't even ping the wireless address, and ipconfig showed that it was offline. Perhaps it was on temporarily on. That computer has since cleared up and isn't alerting. The other computer is a server with 5 adapters which I am able to ping. Both clients were running version 12.1.6860.6400.
When I checked the computer properties in SEP Manager, the MAC and IP pairs being reported were missing from SEPM's list of addresses which is why it thinks they're unmanaged. These clients are configured for a 10-minute heartbeat. The server has been on for weeks and the NIC configuration has not changed recently.
I'm wondering if anyone has encountered this, and if they have any workarounds. I realize that I can add the MAC address as an exception, but I'd like to avoid that if possible.
Does anyone know if/how often this client information gets refreshed? Why wouldn't some NICs be reported in the client properties?
Thanks.