What is Unmanaged Detector?
Created: 08 Jan 2008 | Updated: 21 May 2010 | 10 comments
I've been looking through the admin guides and cant find anything on this option. You can enable a client as an unmanaged detector.
Discussion Filed Under:
Comments 10 Comments • Jump to latest comment
the unmanaged detector works on a local network and looks at ARP traffic on that subnet to determine whether or not a client is running SEP. If its not running SEP, we report it back to the SEPM and it will appear in the security report (you can also configure notifications for this). Two things to bear in mind:
1. This works on a per subnet basis - you need a detector in each subnet your company has to guarantee coverage
2. This won't detect clients that have SEP installed but are not managed by your SEPM (either "unmanaged" SEP clients or other companies SEP clients because we look to see if SEP is *installed* There are things we can potentially do in the future, depending on how the feature evolves and what customers request.
hth, if you need any more information please ask - I will double check the docs and if this truly isn't present I'll raise a defect for the documentation to be updated.
Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint
Thank you for the clarification.
I cant find the report that shows me the clients which not is updated to SEP... Right now I am only testing it on 10 machines - the rest of our 500 boxes is still on SAV 10.x.... Should the "detector" report on this ?
What do you exactly need to configure for this to work ? I have only enabled the feature on some clients (on diffrent subnets) - do I need to configure anything else ?
I don't know if there is a report (couldn't find it), but found that after I added an unmanaged detector, SEPM automatically created a notification for me for unmanaged computers. I found an old post that shows how to enable that notification:
Open and login to the SEPM
Click Monitors
Click Notifications
Click Notification Conditions
Click Add
Select Unmanaged computers
It could be nice if it was possible to exclude some MAC addresses from the Unmanage detector, to excluse all Routers and Switches from being scanned and being noticed about.
You can do this! Click on Clients, find your unmanaged detector, click on it, then in tasks, click on configure unmanaged detector, click add, then you can exclude by IP address range or MAC address.
Thanks Rick - But I still dont get any information....
Could someone explain more tehcnical how this Unmanaged Detector is working ?
Is the whole package of the SEP client needed for the feature to work ?
This is EXACTLY what I want too.
Glitch: Have you found any good way to deploy SEP clients to your computers?
Would you like to reply?
Login or Register to post your comment.