Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Unmanaged detector

Created: 23 Apr 2013 • Updated: 23 Apr 2013 | 10 comments
This issue has been solved. See solution.

Hi all,

Im working with unmanaged detectors on several subnets on my network.
My unmanaged detectors found a lot of clients that where unprotected, i fixed this and installed SEP.

Im still getting a daily list of unmanaged machines, some are routers / switches / non windows machines and trying to exclude those ips / macs.
However the unmanaged detector also finds a lot of machines that are currently protected... Is this normal behaviour? How can i fix this?

Thanks,

LEVD

Operating Systems:

Comments 10 CommentsJump to latest comment

Rafeeq's picture

Might be sending the cached data? not a solution but have you tried deleting unmanged detector and creating a new one again?

P.S: For ex; When you run the scan from SEP 11.0.6:

It will find all the machines that DON'T have version 11.0.6 installed.  So, if they have 11.05 or les or nothing they wil show up.

The same thing with 12.1:

12.1 will discover all cleints on the network running a version less than 12.1.  So it will find all 11.0.6 clients as well.

W007's picture

Hello,

Is this machine are reflect SEPM console ?

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

levd's picture

no, i did not try this. Will try it now good idea.
Will reply back here.

LEVD

Rafeeq's picture

Hi Levd,

When you run the scan from SEP 11.0.6:

It will find all the machines that DON'T have version 11.0.6 installed.  So, if they have 11.05 or les or nothing they wil show up.

The same thing with 12.1:

12.1 will discover all cleints on the network running a version less than 12.1.  So it will find all 11.0.6 clients as well.

levd's picture

Hi Rafeeq,

Im running a mix of 11.0.7 and 12.1 clients i do not recognize the behaviour you are describing, but maybe thats the problem.

Can i simply use a 11.0.7 and a 12.1 unmanaged detector on every subnet? or is the unmanaged detector simply not usable on a mixed environment?

LEVD 

Rafeeq's picture

You can use it but both will show the same report (12.1 will show 11.7 as unmanaged and vice versa) 

Create 12.1 Unmanged detector

find out the machines which already has SEP 11.7 installed. Make those ips as exclusions. 

How do I configure exceptions for the "unmanaged detector" from Symantec Endpoint Protection Manager (SEPM)?

 

http://www.symantec.com/business/support/index?page=content&id=TECH95592

levd's picture

ok thanks!

But its not really usable when you run 2 different versions of SEP...
I have over 1000 clients.. i think i first need to focus on getting all clients on 12.1

LEVD

Rafeeq's picture

Yes thats the main priority... :) 

SOLUTION
.Brian's picture

If the unmanaged detector is detecting clients which already have SEP installed, then check to see if those clients are showing up in the SEPM.

The unmanaged detector is a nice feature, it just needs to be developed a little more with more options.to be able to manage it better. I usually think of it more as a quick and dirty method to find unmanaged clients.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

levd's picture

Brian, Rafeeq,

First i will get all my clients to 12.1 , i used the unmanaged detector and found a lot of unprotected machines, right now i still get a daily report of about 100 unprotected machines, but allmost all of these machines are protected :) so i guess thats the 12.1 -> 11.0.7 issue, when i check some of these machines they are in the console, or not reachable..

Thanks!

LEVD