Unmanaged Detector functionality
Unmanaged detector is a good feature .It is simple to use and effective however it lacks some basic features . Currently as per my experience ,It does mention about the new IP Addresses which are not protected however it doesn't go in further details and report all of them as Windows XP . As per Symantec Support ,It will just use the host ip address based on the ping test and will report it as Windows Xp by default which is totally wrong .My Suggestions are
a) It should be able to do some TCP Port checking for the detected IP Address in order to identify the most likely Operating System e.g it should check ports 21,22 ,25,80,445 etc.
b) If Possible ,it should be able generate one consolidated notification for one subnet . currently it generates one notification per IP Address which ends up by hundreds in my case due to Cisco IP Phones .
Comments 7 Comments • Jump to latest comment
I am using the unmanaged detector and I am forced to use it as a basic tool. You cannot specify groups from where to receive these reports but the most painful problem is when a visitor laptop is detected as unmanaged computer.
That laptop will never come back to my office but I am getting swamped with false reports that keep appending. The only way around is to delete the notification condition and later on to create a new one.
I have the same problem (both in RU5 and RU6a) and have found that a quick disable and re-enable of the detector clears this state. Disable/re-enable does keep all your exceptions, so you don't lose any settings.
Is there anything on the radar to make the unmanaged detector work a little better, i.e., proper OS detection, easier exceptions (especially for MAC addresses), etc. It is a nice tool now, helps out a good deal, but it could be a lot better.
...and ignoring visitors that came once to your office and the message repeats weeks after that. With other words a way of clearing that log without being forced each time to delete the notification condition and create a new one a day after.
For this, there needs to be an intelligence within the product to undestand that its the visitors machine. A logic say it automatically delete entries from the list of unprotected systems which SEP was able to see online only for some hours/days.
-Anshuman
I have suggested some more options here.
https://www-secure.symantec.com/connect/idea/more-...
There is always area of improment and unmanaged detector needs refurbishing
Would you like to reply?
Login or Register to post your comment.