Unmanaged Server / workstation detector daily report ?
Created: 16 Sep 2012 | Updated: 11 Nov 2012 | 13 comments
This issue has been solved. See solution.
Hi,
Is it possible to generate report for all unmanaged Windows Server and Workstation that is connected to my network as weekly report ?
Because recently I just found one of my Windows Server is not installed with SEP client ?
Thanks.
Discussion Filed Under:
Comments 13 Comments • Jump to latest comment
How to do this ? I beliece that I have selected my Laptop in the office as the unmanaged detector, but in the VLAN that is only for my workstation.
DO I have to select one server as unmanaged detector in each VLAN or is there any script for me to do this to query any workstation/server with no AV installed ?
Kind regards,
John Santana
IT Professional
--------------------------------------------------
Please be nice to me as I'm newbie in this forum.
Yes you can configure
Unmanaged Detector in SEP 12.1
https://www-secure.symantec.com/connect/articles/unmanaged-detector-sep-121
SEP 12.1 - What does it mean to set a client as an Unmanaged Detector?
http://www.symantec.com/business/support/index?page=content&id=TECH183746
Check this thread
How to Find SEP Clients that are designated as Unmanaged Detectors
https://www-secure.symantec.com/connect/forums/how-find-sep-clients-are-designated-unmanaged-detectors
https://www-secure.symantec.com/connect/forums/symantec-endpoint-protection-121-and-find-unmanaged-computers
https://www-secure.symantec.com/connect/forums/sep-121-unmanaged-detector-fixed-limited-admins
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
yep, check these links
What does it mean to set a client as an Unmanaged Detector?
http://www.symantec.com/docs/TECH105722
Find Unmanaged Clients on a remote network location using the Unmanaged Detector
http://www.symantec.com/docs/TECH96234
Setting notifications when using the "Unmanaged Detector" feature in the SEPM
http://www.symantec.com/docs/TECH104897
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Hi,
Q. DO I have to select one server as unmanaged detector in each VLAN or is there any script for me to do this to query any workstation/server with no AV installed ?
---> SEP client must be installed on the machine which is acting as a unmanged detector.
Any SEP client can act as a unmanaged detector.
When a client is set as an Unmanaged Detector, it locates unmanaged clients on its own local network segment and reports them to Symantec Endpoint Protection Manager. An Unmanaged Detector cannot detect unmanaged clients on network segments other than its own.
How to find which client acting as a unmanged detector.
Reference: http://www.symantec.com/docs/HOWTO55020
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Is there any rule or caveats when I select any server in the production VLAN as the unmanaged detector ?
I wonder if the unmanaged detector server can actually forward any findings into the SEPM server across the zones (eg. between DMZ and internal zone )?
Kind regards,
John Santana
IT Professional
--------------------------------------------------
Please be nice to me as I'm newbie in this forum.
Hi,
You can find unmanaged detector Specify VLAN base or any of server as a unmanaged Detector.
Unmanaged Detector in SEP 12.1
https://www-secure.symantec.com/connect/articles/unmanaged-detector-sep-121
What does it mean to set a client as an Unmanaged Detector?
http://www.symantec.com/business/support/index?page=content&id=TECH105722
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
The unmanaged detector need to have NTP component installed to work. Also, you need an unmanaged detector on every subnet unless you configure your routing in a special way. And it will pick up every device unless you set exceptions.You will see routers, switches, etc. in the report as well.
SEP Knowledge Base
Endpoint SWAT
Brian,
Many thanks for the clarification so in this case for just one particular server that I have elected as Unmanaged detector I must enable the NTP component.
I didn't know about this before because in all of my server environment I specifically turned off NTP to prevent any network issue.
Kind regards,
John Santana
IT Professional
--------------------------------------------------
Please be nice to me as I'm newbie in this forum.
Yes, enabling a machine to be an unmanaged detector requires NTP component.
SEP Knowledge Base
Endpoint SWAT
ok, which component objects ?
IPS or the Firewall ?
Kind regards,
John Santana
IT Professional
--------------------------------------------------
Please be nice to me as I'm newbie in this forum.
Firewall component, so you need to assign a FW policy.
SEP Knowledge Base
Endpoint SWAT
Hi,
I believe it's a firewall componenet.
Check the following note:
Reference:http://www.symantec.com/business/support/index?page=content&id=TECH105722
NOTE: In order to act as an unmanaged detector, SEP clients must have Network Threat Protection (NTP) enabled and be in Computer Mode. User Mode clients or clients without the firewall component (NTP) cannot act as unmanaged detectors.
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
great, many thanks for the clarification and the update on this matter.
Kind regards,
John Santana
IT Professional
--------------------------------------------------
Please be nice to me as I'm newbie in this forum.
Would you like to reply?
Login or Register to post your comment.