Unmanaged detector finding WinCE based Thin Clients as Unmanged WinXP PC's
Updated: 21 May 2010 | 3 comments
This issue has been solved. See solution.
I've just recently activated a couple of unmanaged detectors on our network. I've found I'm getting a LOT more responses than I wanted though. The issue seems to be that SEP is finding all of our WinCE thin clients as unmanaged pc's, and it says they are running WinXP.
Is my only option to go through and block all of our thin clients from the detector by mac? Since our environment is at about a 3:1 thin client to pc ratio, this would probably mean it's not worth the effort to make UD work properly.
discussion Filed Under:
Comments
Unmanaged Detector Basics
Hi,
Unmanaged Detector Basics
Upon booting, a computer sends out Address Resolution Protocol (ARP) traffic to identify itself on a network. Once enabled, the Unmanaged Detector listens for gratuitous ARP traffic and collects Internet Protocol (IP) and Machine Address (MAC) data from traffic passing it on the local network. This data is then forwarded to the Unmanaged Detector’s SEPM which compares the IP address and MAC address of detected systems against its known list of managed endpoint clients and reports on the unmanaged endpoint clients.
An unmanaged detector is configured by right-clicking a managed SEP client in the Clients page of the SEPM console, and selecting "Make unmanaged detector".
Use Unmanaged Detector when you want to:
Be proactively notified (by setting a notification for "unmanaged computers". Also under the Security Status details from Home page in Symantec Endpoint Protection Manager).
Coverage over time and not a "snapshot" of systems currently connected to the network.
See the following document for information on how to find out if a computer has been discovered using the Unmanaged Detector feature:
Title: 'Setting notifications when using the "Unmanaged Detector" feature in the SEPM'
Document ID: 2008050813205048
> Web URL: http://service1.symantec.com/SUPPORT/ent-security....
Find Unmanaged Computer Basics
A network range is scanned based on the range that is configured for computers that are not running Symantec Endpoint Protection.
To use this feature, click "Find Unmanaged Computers" in the Clients page of the SEPM console.
Use the Find Unmanaged Computer feature when you want to:
Check a network segment at a particular point in time.
Get a snapshot of systems connected to the network when run.
Deploy a client package to unmanaged systems by deploying Symantec Endpoint Protection client (with login credentials).
Thanks & Regards Sandip C Sali
Bottom line - it's not very
Bottom line - it's not very accurate. Oh, it will catch unmanaged computers or those with NO SEP, but it will find wireless access points, routers, scanners, etc. and report them all as running XP or some other OS.
If you have such a setup, I propose doing the check via a login script that looks for the running service or a registry key.
I've got a script posted here in the files area you could modify - it sends an email if a computer user logs in and the SEP service is not running.
Your other option - manually enter all those mac addresses.............
My sites - http://theamcpages.com & http://antique-engines.com
Toy:
Shadow:
ShadowPapa is very correct
ShadowPapa is very correct the number of False positive will be on a higher side when using Unmanaged-Detector and here's the Script posted by him
https://www-secure.symantec.com/connect/downloads/script-report-installed-applications
Which you might find it helpful.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Would you like to reply?
Login or Register to post your comment.