Endpoint Protection

 View Only

  • 1.  Unmanage detector

    Posted Dec 13, 2011 04:19 AM

    What is Symantec unmanage detector in SEPM ? How to configure & use it ?



  • 2.  RE: Unmanage detector
    Best Answer

    Broadcom Employee
    Posted Dec 13, 2011 05:27 AM

    unmanage detector helps to find the systems that are not installed with AV or unmanaged .Any managed client in computer mode can be set to as unmanaged detector. right click on th system in SEPM consple and set to unmanaged detector

    check this article

    http://www.symantec.com/business/support/index?page=content&id=TECH104340



  • 3.  RE: Unmanage detector

    Posted Dec 13, 2011 05:47 AM

    Can I find the computers where symantec installed as unmanaged & turn them as managed client by using unmanaged detector ? HOW?



  • 4.  RE: Unmanage detector

    Trusted Advisor
    Posted Dec 13, 2011 05:48 AM

    Hello,

    UnManaged Detector.

    When a device starts up, its operating system sends ARP traffic to the network to let other computers know of the device's presence. A client that is enabled as an unmanaged detector collects and sends the ARP packet information to the SEPM. This management server searches the ARP packet for the device's MAC and IP address. The server compares these addresses to the list of existing MAC and IP addresses in the server's database. If the server cannot find an address match, the server records the device as new. You can then decide whether the device is secure. Because the client only transmits information, it does not use additional resources.

    You can configure the unmanaged detector to ignore certain devices, such as a printer. You can also set up email notifications to notify you when the unmanaged detector detects an unknown device.

    NOTE: In order to act as an unmanaged detector, SEP clients must have Network Threat Protection (NTP) enabled and be in Computer Mode. User Mode clients or clients without the firewall component (NTP) cannot act as unmanaged detectors.

     

    UnManaged Detector and Notification for UnManaged Clients serves two different purposes.

    UnManaged Detector  - where the Clients are not installed at all and 

    Notification for UnManaged Clients - when there is SEP client installed and you want the Notification on the same and want to run a batch file to make it managed.

     

    Damper - Specifies the length of the damper period, in minutes or hours, that you want to use for this notification.

    Some compliance logs and some Network Threat Protection logs use a damper period for event aggregation. Events are held on the clients for the damper period before they are aggregated into a single event and then uploaded to the console. The damper period helps to reduce events to a manageable number. The default damper setting is Auto (automatic). All types of notification have a damper setting.

     

     

    UnManaged Detector - check this Articles:

    What does it mean to set a client as an Unmanaged Detector?
     
     
    Best Practices: When to use the "Find Unmanaged Computers" or "Unmanaged Detector" features in Symantec Endpoint Protection 11.0
     
     
    Find Unmanaged Clients on a remote network location using the Unmanaged Detector
     
     
    Setting notifications when using the "Unmanaged Detector" feature in the SEPM
     
     
    Hope that helps!!