ビデオヘルプ
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Unmanaged Detector in SEP 12.1

作成: 04 Feb 2012 • 更新: 08 Feb 2012 | コメント数: 16
各国語の翻訳
pete_4u2002 の写真
+10 得票数:10
ログインして投票

To configure the client as an unmanaged detector, you must do the following actions:

  •  Enable Network Threat Protection.
  •  Switch the client to computer mode.
  •  Install the client on a computer that runs all the time.
  •  Enable only Symantec Endpoint Protection clients as unmanaged detectors.
  • A Symantec Network Access Control client cannot be an unmanaged detector.

To configure a client to detect unauthorized devices

1 In the console, click Clients.

2 Under View Clients, select the group that contains the client that you want to enable as an unmanaged detector.

3 On the Clients tab, right-click the client that you want to enable as an unmanaged detector, and then click Enable as Unmanaged Detector.

4 To specify one or more devices to exclude from detection by the unmanaged detector, click Configure Unmanaged Detector.

5 In the Unmanaged Detector Exceptions for client name dialog box, click Add.

6 In the Add Unmanaged Detector Exception dialog box, click one of the following options:

Exclude detection of an IP address range, and then enter the IP address range for several devices.

Exclude detection of aMACaddress, and then enter the device's MAC address.

7 Click OK.

8 Click OK.

To display the list of unauthorized devices that the client detects

1 In the console, click Home.

2 On the Home page, in the Security Status section, click More Details.

3 In the Security Status Details dialog box, scroll to the Unknown Device Failures table.

4 Close the dialog box.

コメント コメント数: 最新のコメントを表示

Swapnil khare の写真

Nice one

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

+1
ログインして投票
  • アクション
pete_4u2002 の写真
0
ログインして投票
  • アクション
Jakesty の写真

I have added exlusions, but they still show up in the list.  I'm using the IP address range to block monitoring things like network printers, etc.

What else is missing?

thanks, Jake

0
ログインして投票
  • アクション
sadelphin の写真

Is there a way to add multiple mac address to exclude ? like importing from a file

0
ログインして投票
  • アクション
pete_4u2002 の写真

you can multiple MAC address one by one. we cannot import a file to exclude.

0
ログインして投票
  • アクション
sadelphin の写真

What if i have 400 mac id's to exlude?..

0
ログインして投票
  • アクション
pete_4u2002 の写真

may be we can add it as an IDEA, going to add it in sometime.

0
ログインして投票
  • アクション
sadelphin の写真

say if i add some mac address in exclusion list.. Where it will be saved?. in sepm or client. If it's saved in a file somewhere can we edith that ?

0
ログインして投票
  • アクション
pete_4u2002 の写真
0
ログインして投票
  • アクション
sadelphin の写真

Thanks pete for directing me in the right direction.

But it seems in the database the ip address range is hashed somehow.

I've excluded some ip address range in console by configure unmanaged detector. when i query in database i dont see the actual ip address mentioned, only some random number is there... attached screen shot for your reference

Exclude ip range.PNG
+1
ログインして投票
  • アクション
Will C. の写真

Does your network use the 172.x.x.x range?  It looks like these are just your IP addresses represented by a 4-byte integer.

For instance, if I plug the first entry "2887716761" into my decimal to hex calculator, I get AC 1F 0F 99.  Break this up into the components, and convert them back to decimal: AC=172, 1F=31, 0F=15, 99=153.  So it looks like this is 172.31.15.153.

There are various tools to do this on the Internet, as well as some code examples.

http://www.developmentnow.com/g/96_2005_8_0_0_580868/Convert-Decimal-to-IP.htm
http://www.geektools.com/geektools-cgi/ipconv.cgi

I'm tempted to insert some into our database as well.  This is a good feature, but is just about useless on mixed networks of any size without having a better user interface, especially when you have numerous printers and IP phones to contend with.

+1
ログインして投票
  • アクション
pete_4u2002 の写真

can you check this

Monitors > Notification > View Notifications from Symantec Endpoint Protection Manager you see IP addresses in the report that were excluded.does that help?

0
ログインして投票
  • アクション
sadelphin の写真

Instaed of adding the mac address/ip address one by one i'm thinking of adding those directly  to the database.

0
ログインして投票
  • アクション
pete_4u2002 の写真

its not recommended to directly insert into DB without DB schema information. however if it is must you can take a backup of db and then insert the query.

0
ログインして投票
  • アクション
John Santana の写真

cool, thanks man !

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

0
ログインして投票
  • アクション
AjinBabu の写真

Nice One Pete

0
ログインして投票
  • アクション