Endpoint Protection

 View Only

  • 1.  Unmanage Detector is not woking

    Posted Nov 24, 2009 12:47 PM
    hello, I am configuring the unmanage detector. I have several groups and set up the detectors in the server group, but no workstation is displayed. I was experimenting and let a machine without SEP installed, the network for 4 days, and it was not displayed. Neither the home page or the notification that was set. My SEP Manager is in a VMWare ESX Server. Can someone help me?


  • 2.  RE: Unmanage Detector is not woking

    Posted Nov 24, 2009 01:01 PM

    Title: 'Best Practices: When to use the "Find Unmanaged Computers" or "Unmanaged Detector" features in Symantec Endpoint Protection 11.0'
    Document ID: 2008030514404548
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2008030514404548?Open&seg=ent



    Title: 'Setting notifications when using the "Unmanaged Detector" feature in the SEPM'
    Document ID: 2008050813205048
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2008050813205048?Open&seg=ent


  • 3.  RE: Unmanage Detector is not woking

    Posted Nov 24, 2009 01:03 PM

    http://seer.entsupport.symantec.com/docs/330968.htm
    To configure the client as an unmanaged detector, you must do the following actions:

    Also The computers should be in same subnet as the Unmanaged detector so is the client tht you have left without SEP is in the same subnet as Unmanaged detector ?


    Best Practices: When to use the "Find Unmanaged Computers" or "Unmanaged Detector" features in Symantec Endpoint Protection 11.0
    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/237ca58329dbaf81c1257403004b2470?OpenDocument

     

    Find Unmanaged Clients on a remote network location using the Unmanaged Detector

    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/6970e5f4ae20b52149257635005543c4?OpenDocument



  • 4.  RE: Unmanage Detector is not woking

    Posted Nov 24, 2009 02:02 PM
    Apparently the means SEP uses to detect unmanaged computers is not a routable protocol - as like you say, it MUST reside on the SAME subnet.
    I've got one of the SEM/P servers acting as a detector on one subnet  -the server subnet here.
    Then we've got over 30 other subnets and I enable one here and there randomly on occasion as there are also a great number of false alerts - it finds access points, and other items as being computers running XP with no SEP, and occasionally reports a valid SEP computer as unmanaged. So it's a tool only, use it in conjunction with other things, not as the only means to find such holes.
    In the land of VMWare and ESX and virtual switches and virtual NICs, it's going to cause you frustration.......... and it keeps showing me unmanaged machines, all with the VM MAC addresses, and there are no such machines running any Windows OS.


  • 5.  RE: Unmanage Detector is not woking

    Posted Nov 25, 2009 07:16 AM
    if I have a network that will x.x.0.x ate x.x.19.x and the servers that I activated the detector is in this range. So, it should be working, right?


  • 6.  RE: Unmanage Detector is not woking
    Best Answer

    Posted Nov 25, 2009 08:17 AM
    The detector was additive on 2 servers that were VMs .. is likely that the ARP is not working properly ... I turned the switch on a client station and started to generate the report. Thank you all ..