Hello,
I agree with Pete's Comment above. "Thumbs Up"
To enforce policies on every endpoint, you must be able to quickly detect the presence of new devices. Unknown devices are the devices that are unmanaged and that do not run the client software. You must determine whether the devices are secure. You can enable any client as an unmanaged detector to detect the unknown devices.
When a client is set as an Unmanaged Detector, it locates unmanaged clients on its own local network segment and reports them to Symantec Endpoint Protection Manager.
The unmanaged detector works on a local network and looks at ARP traffic on that subnet to determine whether or not a client is running SEP. If it's not running SEP, we report it back to the SEPM and it will appear in the security report (you can also configure notifications for this). Two things to bear in mind:
1. This works on a per subnet basis - you need a detector in each subnet your company has to guarantee coverage
2. This won't detect clients that have SEP installed but are not managed by your SEPM (either "unmanaged" SEP clients or other companies SEP clients because we look to see if SEP is *installed* There are things we can potentially do in the future, depending on how the feature evolves and what customers request.
Reference:What does it mean to set a client as an Unmanaged Detector?
http://www.symantec.com/docs/TECH105722
Hope that helps!!