Endpoint Protection

I have configured few un-managed detectors per group. However the Un-managed detector's list out Computer's with SEP client already installed however reporting to a different SEPM.

What could be the reason for this ? Also un-managed detector's detecting the same IP's repeatedly which give a false count.

Some one please explain what's causing this and how to use this feature effectively to find out Computer's without SEP installed (ONLY).

Because those clients are reporting to a different SEPM - that's why.

If they were reporting to the other SEPM, they wouldn't be reported. The other SEPM has no record of them so it thinks those clients are unmanaged.

Technical Information
When a device starts up, its operating system sends ARP traffic to the network to let other computers know of the device's presence. A client that is enabled as an unmanaged detector collects and sends the ARP packet information to the SEPM. This management server searches the ARP packet for the device's MAC and IP address. The server compares these addresses to the list of existing MAC and IP addresses in the server's database. If the server cannot find an address match, the server records the device as new. You can then decide whether the device is secure. Because the client only transmits information, it does not use additional resources.

ref: http://www.symantec.com/docs/TECH105722

if the machines IP and MAC are not in SEPM DB then its unmanaged.

You need to take the unmanaged report from both SEPM and then do a vlookup.

Thank you Brian & Rafeeq ! 

You're welcome.