Configuring a client to detect unmanaged devices
|Article:HOWTO80763|||||Created: 2012-10-24|||||Updated: 2013-10-07|||||Article URL http://www.symantec.com/docs/HOWTO80763|
Unauthorized devices can connect to the network in many ways, such as physical access in a conference room or rogue wireless access points. To enforce policies on every endpoint, you must be able to quickly detect the presence of new devices in your network. You must determine whether the devices are secure. You can enable any client as an unmanaged detector to detect the unknown devices. Unknown devices are unmanaged devices that do not run Symantec Endpoint Protection client software. If the unmanaged device is a computer, you can install the Symantec Endpoint Protection client software on it.
When a device starts up, its operating system sends ARP traffic to the network to let other computers know of the device's presence. A client that is enabled as an unmanaged detector collects and sends the ARP packet information to the management server. The management server searches the ARP packet for the device's MAC address and the IP address. The server compares these addresses to the list of existing MAC and IP addresses in the server's database. If the server cannot find an address match, the server records the device as new. You can then decide whether the device is secure. Because the client only transmits information, it does not use additional resources.
You can configure the unmanaged detector to ignore certain devices, such as printers. You can also set up email notifications to notify you when the unmanaged detector detects an unknown device.
To configure the client as an unmanaged detector, you must do the following actions:
Enable Network Threat Protection.
Switch the client to computer mode.
Install the client on a computer that runs all the time.
Enable Symantec Endpoint Protection clients as unmanaged detectors.
A Symantec Network Access Control client cannot be an unmanaged detector.
To configure a client to detect unauthorized devices
In the console, click Clients.
Under Clients, select the group that contains the client that you want to enable as an unmanaged detector.
On the Clients tab, right-click the client that you want to enable as an unmanaged detector, and then click Enable as Unmanaged Detector.
To specify one or more devices to exclude from detection by the unmanaged detector, click Configure Unmanaged Detector.
In the Unmanaged Detector Exceptions for client name dialog box, click Add.
In the Add Unmanaged Detector Exception dialog box, click one of the following options:
Article URL http://www.symantec.com/docs/HOWTO80763