Endpoint Protection

 View Only
  • 1.  Unmanaged detector

    Posted Apr 23, 2013 05:04 AM

    Hi all,

    Im working with unmanaged detectors on several subnets on my network.
    My unmanaged detectors found a lot of clients that where unprotected, i fixed this and installed SEP.

    Im still getting a daily list of unmanaged machines, some are routers / switches / non windows machines and trying to exclude those ips / macs.
    However the unmanaged detector also finds a lot of machines that are currently protected... Is this normal behaviour? How can i fix this?

     

    Thanks,

     

    LEVD

     



  • 2.  RE: Unmanaged detector

    Posted Apr 23, 2013 05:09 AM

    Hello,

    Is this machine are reflect SEPM console ?



  • 3.  RE: Unmanaged detector

    Posted Apr 23, 2013 05:09 AM

    no, i did not try this. Will try it now good idea.
    Will reply back here.

    LEVD



  • 4.  RE: Unmanaged detector

    Posted Apr 23, 2013 05:11 AM

    Might be sending the cached data? not a solution but have you tried deleting unmanged detector and creating a new one again?

     

    P.S: For ex; When you run the scan from SEP 11.0.6:

    It will find all the machines that DON'T have version 11.0.6 installed.  So, if they have 11.05 or les or nothing they wil show up.

    The same thing with 12.1:

    12.1 will discover all cleints on the network running a version less than 12.1.  So it will find all 11.0.6 clients as well.



  • 5.  RE: Unmanaged detector

    Posted Apr 23, 2013 05:11 AM

    Hi Levd,

     

    When you run the scan from SEP 11.0.6:

    It will find all the machines that DON'T have version 11.0.6 installed.  So, if they have 11.05 or les or nothing they wil show up.

    The same thing with 12.1:

    12.1 will discover all cleints on the network running a version less than 12.1.  So it will find all 11.0.6 clients as well.



  • 6.  RE: Unmanaged detector

    Posted Apr 23, 2013 05:28 AM

    Hi Rafeeq,

    Im running a mix of 11.0.7 and 12.1 clients i do not recognize the behaviour you are describing, but maybe thats the problem.

    Can i simply use a 11.0.7 and a 12.1 unmanaged detector on every subnet? or is the unmanaged detector simply not usable on a mixed environment?

    LEVD 



  • 7.  RE: Unmanaged detector

    Posted Apr 23, 2013 05:43 AM

    You can use it but both will show the same report (12.1 will show 11.7 as unmanaged and vice versa) 

    Create 12.1 Unmanged detector

    find out the machines which already has SEP 11.7 installed. Make those ips as exclusions. 

     

    How do I configure exceptions for the "unmanaged detector" from Symantec Endpoint Protection Manager (SEPM)?

     

    http://www.symantec.com/business/support/index?page=content&id=TECH95592



  • 8.  RE: Unmanaged detector

    Posted Apr 23, 2013 07:40 AM

    ok thanks!

    But its not really usable when you run 2 different versions of SEP...
    I have over 1000 clients.. i think i first need to focus on getting all clients on 12.1

     

    LEVD



  • 9.  RE: Unmanaged detector
    Best Answer

    Posted Apr 23, 2013 08:11 AM

    Yes thats the main priority... :) 



  • 10.  RE: Unmanaged detector

    Posted Apr 23, 2013 08:41 AM

    If the unmanaged detector is detecting clients which already have SEP installed, then check to see if those clients are showing up in the SEPM.

    The unmanaged detector is a nice feature, it just needs to be developed a little more with more options.to be able to manage it better. I usually think of it more as a quick and dirty method to find unmanaged clients.



  • 11.  RE: Unmanaged detector

    Posted Apr 23, 2013 10:55 AM

    Brian, Rafeeq,

    First i will get all my clients to 12.1 , i used the unmanaged detector and found a lot of unprotected machines, right now i still get a daily report of about 100 unprotected machines, but allmost all of these machines are protected :) so i guess thats the 12.1 -> 11.0.7 issue, when i check some of these machines they are in the console, or not reachable..

    Thanks!

    LEVD