Endpoint Protection

 View Only

  • 1.  Unmanaged Detectors

    Posted Mar 10, 2016 04:35 PM

    I have searched on this, and most of the hits have been from several looong years ago, in most cases, at least 4 years old are most of the hits I get.  So, I thought I'd bring it up again and see where it goes.....

    I have a SEP client, running Win 10, and I have ensured the following (from a Symantec KB article) are all done;

    • -The Symantec Endpoint Protection (SEP) client on this machine must have Network Threat Protection and Firewall installed and enabled.
    • -The computer must be in computer mode.
    • -The machine must be on all the time.

    and also from the same article (I did not save the KB, but I had copied the info to a text document))

    **To enable the Unmanaged Detector:

    1.) Open "Symantec Endpoint Protection Manager".
    2.) Click Clients.
    3.) Select the group which contains the client chosen to be an Unmanaged Detector.
    4.) Click the Clients tab.
    5.) Right click the client and select "Enable as Unmanaged Detector".

    Is there anything I am missing?  I know for a fact that there are some unmanaged clients on this subnet - we are currently testing a different AV product on them.  All traces of SEP on the clients (that should be detected) have been removed using CleanWipe.

    When I check "View Details" on the HOME "Security Status" tab, nothing is listed.  It has been a few days.  I have rebooted the unmanaged clients a few times.  I have rebooted the Unmanaged Detector a few times.  We are currently running 12.1.6 MP2 on everything in our environment (except of course, the systems that I am expecting to be detected).



  • 2.  RE: Unmanaged Detectors

    Posted Mar 10, 2016 05:15 PM
    And have all traces of those clients been removed from SEPM?


  • 3.  RE: Unmanaged Detectors

    Posted Mar 11, 2016 11:45 AM

    "Delete clients that have not connected for a specified time" is set to 7 days (and these clients have been unmanaged for much longer than that).

    As far as deleting the clients from SEPM, that is not completely possible, AD OUs are imported into the SEP groups, and the particular OU that contains the unmanaged clients (as well as many other unmanaged clients, throughtout all the SEPM groups, I'm sure) are all part of a larger OU.  Clients in an AD imported OU are not capable of being deleted from SEPM, are they?

    Database indexes have been rebuilt, that happens once a week on Sunday.



  • 4.  RE: Unmanaged Detectors
    Best Answer

    Posted Mar 15, 2016 12:11 PM

    It is working now.  No changes made from what I said I did in the first post.  Not sure how long, exactly, it took, but it appears that it just needs some time to gather the data....  picking up a few more machines (or devices - it detects EVERYTHING), every day now.