Video Screencast Help

What is Unmanaged Detector?

Created: 08 Jan 2008 • Updated: 21 May 2010 | 10 comments
I've been looking through the admin guides and cant find anything on this option.  You can enable a client as an unmanaged detector.

Comments 10 CommentsJump to latest comment

Paul Murgatroyd's picture

the unmanaged detector works on a local network and looks at ARP traffic on that subnet to determine whether or not a client is running SEP. If its not running SEP, we report it back to the SEPM and it will appear in the security report (you can also configure notifications for this). Two things to bear in mind:

1. This works on a per subnet basis - you need a detector in each subnet your company has to guarantee coverage
2. This won't detect clients that have SEP installed but are not managed by your SEPM (either "unmanaged" SEP clients or other companies SEP clients because we look to see if SEP is *installed* There are things we can potentially do in the future, depending on how the feature evolves and what customers request.

hth, if you need any more information please ask - I will double check the docs and if this truly isn't present I'll raise a defect for the documentation to be updated.

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

Glitch's picture
I have needed more information about this feature as well. I have found the place to enable a managed computer to an "Unmanaged detector" but I still havent found out where exactly to see what it reports back.
 
In the Endpoint protection FAQ it says you configure inside Clients menu and then its says something with Audit. Then I get get the information its should be under reports menu somewhere and still havent found it. I have also enabled that I should get emailed when it detects non managed computers. It should detect a computer as unmanaged when it runs SAV 10 right ?
 
Also I would really like a feature where you could enable, if it detects an unmanged computer it should force install a managed SEP client on the computer ofc only those that are inside the right OU container in Active directory.
jcp001's picture
Sorry - I don't see where this reports back to either. 
Bent Boisen's picture

I cant find the report that shows me the clients which not is updated to SEP... Right now I am only testing it on 10 machines - the rest of our 500 boxes is still on SAV 10.x....  Should the "detector" report on this ?

 

What do you exactly need to configure for this to work ? I have only enabled the feature on some clients (on diffrent subnets) - do I need to configure anything else ?

RickJDS's picture

I don't know if there is a report (couldn't find it), but found that after I added an unmanaged detector, SEPM automatically created a notification for me for unmanaged computers.  I found an old post that shows how to enable that notification:

 

Open and login to the SEPM

Click Monitors

Click Notifications

Click Notification Conditions

Click Add

Select Unmanaged computers

Glitch's picture

It could be nice if it was possible to exclude some MAC addresses from the Unmanage detector, to excluse all Routers and Switches from being scanned and being noticed about.

RickJDS's picture

You can do this!  Click on Clients, find your unmanaged detector, click on it, then in tasks, click on configure unmanaged detector, click add, then you can exclude by IP address range or MAC address.

Bent Boisen's picture

Thanks Rick - But I still dont get any information....

 

Could someone explain more tehcnical how this Unmanaged Detector is working ?

 

Is the whole package of the SEP client needed for the feature to work ?

Stefan_'s picture

Glitch wrote:

...
Also I would really like a feature where you could enable, if it detects an unmanged computer it should force install a managed SEP client on the computer ofc only those that are inside the right OU container in Active directory.

This is EXACTLY what I want too.

Glitch: Have you found any good way to deploy SEP clients to your computers?