Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Unmanaged Server / workstation detector daily report ?

Created: 16 Sep 2012 • Updated: 11 Nov 2012 | 13 comments
This issue has been solved. See solution.

Hi,

Is it possible to generate report for all unmanaged Windows Server and Workstation that is connected to my network as weekly report ?

Because recently I just found one of my Windows Server is not installed with SEP client ?

Thanks.

Comments 13 CommentsJump to latest comment

John Santana's picture

How to do this ? I beliece that I have selected my Laptop in the office as the unmanaged detector, but in the VLAN that is only for my workstation.

DO I have to select one server as unmanaged detector in each VLAN or is there any script for me to do this to query any workstation/server with no AV installed ?

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

pete_4u2002's picture

yep, check these links

What does it mean to set a client as an Unmanaged Detector?

http://www.symantec.com/docs/TECH105722

Find Unmanaged Clients on a remote network location using the Unmanaged Detector

http://www.symantec.com/docs/TECH96234

Setting notifications when using the "Unmanaged Detector" feature in the SEPM

http://www.symantec.com/docs/TECH104897

Chetan Savade's picture

Hi,

Q. DO I have to select one server as unmanaged detector in each VLAN or is there any script for me to do this to query any workstation/server with no AV installed ?

---> SEP client must be installed on the machine which is acting as a unmanged detector.

Any SEP client can act as a unmanaged detector.

When a client is set as an Unmanaged Detector, it locates unmanaged clients on its own local network segment and reports them to Symantec Endpoint Protection Manager. An Unmanaged Detector cannot detect unmanaged clients on network segments other than its own.

How to find which client acting as a unmanged detector.

Reference: http://www.symantec.com/docs/HOWTO55020

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

SOLUTION
John Santana's picture

Is there any rule or caveats when I select any server in the production VLAN as the unmanaged detector ?

I wonder if the unmanaged detector server can actually forward any findings into the SEPM server across the zones (eg. between DMZ and internal zone )?

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

Ashish-Sharma's picture

Hi,

You can find unmanaged detector Specify VLAN base or any of server as a unmanaged Detector.

Unmanaged Detector in SEP 12.1

https://www-secure.symantec.com/connect/articles/unmanaged-detector-sep-121

What does it mean to set a client as an Unmanaged Detector?

http://www.symantec.com/business/support/index?page=content&id=TECH105722

Thanks In Advance

Ashish Sharma

.Brian's picture

The unmanaged detector need to have NTP component installed to work. Also, you need an unmanaged detector on every subnet unless you configure your routing in a special way. And it will pick up every device unless you set exceptions.You will see routers, switches, etc. in the report as well.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

John Santana's picture

Brian,

Many thanks for the clarification so in this case for just one particular server that I have elected as Unmanaged detector I must enable the NTP component.

I didn't know about this before because in all of my server environment I specifically turned off NTP to prevent any network issue.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

.Brian's picture

Yes, enabling a machine to be an unmanaged detector requires NTP component.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

John Santana's picture

ok, which component objects ?

IPS or the Firewall ? 

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

.Brian's picture

Firewall component, so you need to assign a FW policy.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Chetan Savade's picture

Hi,

I believe it's a firewall componenet.

Check the following note:

Reference:http://www.symantec.com/business/support/index?page=content&id=TECH105722

NOTE: In order to act as an unmanaged detector, SEP clients must have Network Threat Protection (NTP) enabled and be in Computer Mode. User Mode clients or clients without the firewall component (NTP) cannot act as unmanaged detectors.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

John Santana's picture

great, many thanks for the clarification and the update on this matter.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.