Video Screencast Help

Unmanaged Detector SEPM 12.1.2 does not display information

Created: 11 Apr 2013 | 10 comments
soporte.itc's picture

Hello.

I am using the Umanaged Detector feature of the Symantec 12.1.2, to detect that teams not being administered from the console.

Enable this service on a client computer on my network, following the instructions in the KB http://www.symantec.com/business/support/index?pag... and but I can not have data on these computers.

Someone can tell me that can happen, or do I do to make this work.

The computer that is running as Unmanaged Detector is Windows 7 and the antivirus client version is 12.1.2015

Thanks for your help.

Operating Systems:

Comments 10 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello,

When a device starts up, its operating system sends ARP traffic to the network to let other computers know of the device's presence. A client that is enabled as an unmanaged detector collects and sends the ARP packet information to the SEPM. This management server searches the ARP packet for the device's MAC and IP address. The server compares these addresses to the list of existing MAC and IP addresses in the server's database. If the server cannot find an address match, the server records the device as new. You can then decide whether the device is secure. Because the client only transmits information, it does not use additional resources. 

http://www.symantec.com/docs/TECH105722

http://www.symantec.com/docs/HOWTO27421

When you are uninstalling the managed SEP client from the machine, the MAC address and SEP client entry is still remaining in the Database as well as on the SEPM.

I would suggest you to try to delete the SEP client entry from the SEPM manually and try performing this step:

  1. In the SEPM, go to the Admin page.
  2. Select Domains.
  3. Under Tasks, select Edit Domain Properties
  4. In the Edit Domain Properties window, on the default General tab, note the option to "Delete clients that have not connected for specified time."

Setting this value to 1 or 2 will likely cause this clients to be removed over the period of 1 to 2 days.

Secondly, To configure the client as an unmanaged detector, you must do the following actions:

  •  Enable Network Threat Protection.
  •  Switch the client to computer mode.
  •  Install the client on a computer that runs all the time.
  •  Enable only Symantec Endpoint Protection clients as unmanaged detectors.
  • A Symantec Network Access Control client cannot be an unmanaged detector.

Reference: https://www-secure.symantec.com/connect/articles/unmanaged-detector-sep-121

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

.Brian's picture

Do you have NTP installed? It's required in order for unmanaged detector to work?

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

soporte.itc's picture

Hi Mitun.

I ran this proceducure in Symantec Console, but i not see information over client unmanaged. how to I can to view if umananaged detector is working?

 

Mithun Sanghavi's picture

Hello,

Could you please let us know - 

1) What is the OS of the SEP client machine which is set as a Unmanaged Detector?

2) Is the fresh client machine which is connected to the network running any antivirus?

3) Are these fresh client machine connected within your network?

Check these Articles:

What does it mean to set a client as an Unmanaged Detector?

http://www.symantec.com/docs/TECH105722

Configuring a client to detect unknown devices

http://www.symantec.com/docs/HOWTO27421

Check these Threads with similar issue:

https://www-secure.symantec.com/connect/forums/unmanaged-detector-why-isnt-working

https://www-secure.symantec.com/connect/articles/unmanaged-detector-sep-121

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

soporte.itc's picture

Hi Mithun.

1) What is the OS of the SEP client machine which is set as a Unmanaged Detector?

++WIndows 7 Professional SP1 and WIndows XP SP 3 Professional

2) Is the fresh client machine which is connected to the network running any antivirus?

++Yes

3) Are these fresh client machine connected within your network?

++Yes

Mithun Sanghavi's picture

Hello,

In your case, could you try assigning the Unmanaged Detector to a machine running a Server OS?

Secondly, the fresh client machine which is connected to the network running which antivirus? Could you try  uninstalling the Antivirus and check?

Hope that helps!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

soporte.itc's picture

Hi.

Do i can to use SEMP server as Unmanaged detector?

Regards,

.Brian's picture

If the SEPM has SEP installed and with the NTP client you can. I wouldn't recommend it due to the other resource constraints but it is certainly achievable.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SameerU's picture

Hi

We have found that unmanaged detector is giving wrong information as its showing clients which are managed.

Regards

 

SameerU's picture

Hi

Can you please check whether NTP is installed

Regards