Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Unmanaged Detector functionality

Created: 20 Jan 2010 | 7 comments
Subhani's picture
11 Agree
1 Disagree
+10 12 Votes
Login to vote

Unmanaged detector is a good feature .It is simple to use and effective however it lacks some basic features . Currently as per my experience ,It does mention about the new IP Addresses which are not protected however it doesn't go in further details and report all of them as Windows XP . As per Symantec Support ,It will just use the host ip address based on the ping test and will report it as Windows Xp by default which is totally wrong .My Suggestions are

a)  It should be able to do some TCP Port checking for the  detected IP Address in order to identify the most likely Operating System e.g it should  check ports 21,22 ,25,80,445 etc.

b) If Possible ,it should be able  generate one consolidated  notification for one subnet . currently it generates one notification per IP Address which ends up by hundreds in my case due to Cisco IP Phones .

Comments 7 CommentsJump to latest comment

Conestoga Rovers's picture

I am using the unmanaged detector and I am forced to use it as a basic tool. You cannot specify groups from where to receive these reports but the most painful problem is when a visitor laptop is detected as unmanaged computer.
That laptop will never come back to my office but I am getting swamped with false reports that keep appending. The only way around is to delete the notification condition and later on to create a new one.

+1
Login to vote
justin_g's picture

I have the same problem (both in RU5 and RU6a) and have found that a quick disable and re-enable of the detector clears this state. Disable/re-enable does keep all your exceptions, so you don't lose any settings.

+1
Login to vote
nadonl's picture

Is there anything on the radar to make the unmanaged detector work a little better, i.e., proper OS detection, easier exceptions (especially for MAC addresses), etc.  It is a nice tool now, helps out a good deal, but it could be a lot better.

+1
Login to vote
Conestoga Rovers's picture

...and ignoring visitors that came once to your office and the message repeats weeks after that. With other words a way of clearing that log without being forced each time to delete the notification condition and create a new one a day after.

0
Login to vote
Anshuman's picture

For this, there needs to be an intelligence within the product to undestand that its the visitors machine. A logic say it automatically delete entries from the list of unprotected systems which SEP was able to see online only for some hours/days.

-Anshuman

0
Login to vote
Anshuman's picture

I have suggested some more options here.
https://www-secure.symantec.com/connect/idea/more-...

0
Login to vote
Gurupreet's picture

There is always area of improment and unmanaged detector needs refurbishing

+1
Login to vote