Endpoint Protection

 View Only
Expand all | Collapse all

How to clear the Unkown Device Failures list

  • 1.  How to clear the Unkown Device Failures list

    Posted Aug 31, 2010 01:06 PM

    How can I clear the Uknown Device Failures list?  An Unmanaged Device Detector was accidently set and it brought in all of our routers and printers and other network devices which has caused an "attention needed" red notice on the main SEPM window.

    Thanks


  • 2.  RE: How to clear the Unkown Device Failures list

    Posted Aug 31, 2010 01:21 PM
    This is how to create it..
    So just remove this notification
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008082614485548
    However you can also create exceptions for your routers and printer in this notification
    http://www.symantec.com/connect/forums/unknown-device-failure


  • 3.  RE: How to clear the Unkown Device Failures list

    Posted Aug 31, 2010 01:52 PM

    Is there any easy way to just delete the devices that it currently found?  I don't plan on using an unmanaged device detector and we have almost 400 unmanaged devices.  Excluding a device via mac did not seem to remove it from the list.  Do you need to exclude it on the dector that found it?  What if that detector has been disabled already?


  • 4.  RE: How to clear the Unkown Device Failures list

    Posted Aug 31, 2010 01:56 PM
    Follow the 1st link

    1. Open and login to the Symantec Endpoint Protection Manager
    2. Click on Monitors Tab
    3. Click on Notifications
    Delete Unmanaged Detector notification


  • 5.  RE: How to clear the Unkown Device Failures list

    Posted Aug 31, 2010 03:13 PM
    The Notification\Notification Conditions tab is empty.  It must be a builtin notification?


  • 6.  RE: How to clear the Unkown Device Failures list

    Posted Aug 31, 2010 03:28 PM
    Now you won't see any more of it as Detector is disabled or Notification is removed.


  • 7.  RE: How to clear the Unkown Device Failures list

    Posted Aug 31, 2010 05:16 PM
    The thing is I still see it.  There were no notifications to remove.


  • 8.  RE: How to clear the Unkown Device Failures list

    Posted Aug 31, 2010 05:33 PM
    On the Home Page in the Bottom Left cornet..Due you still see no. of Unknown Device Failure
    Can you send us the screenshot aswell

    If its showing Under Security Status only then it might be old notification..
    Try restarting SEPM and Database service and check if it goes away


  • 9.  RE: How to clear the Unkown Device Failures list

    Posted Aug 31, 2010 06:00 PM

    They only appear under the Security Status.  I am pretty sure that the notifications are old ones because I set another computer as an Unmanaged Detector for a test and it brought in new devices.  When I disabled it those new unmanaged devices went away.  I will attempt your suggestion to restart the SEPM and th Database services.


  • 10.  RE: How to clear the Unkown Device Failures list

    Posted Sep 01, 2010 12:06 AM
    If restarting SEPM and database does not resolve it, try to repair SEPM, from Add/Remove programs.


  • 11.  RE: How to clear the Unkown Device Failures list

    Posted Sep 01, 2010 12:34 AM
    In SEPM Home page click on preferences--->Home and monitors ,select notification as "only show my notification" and see....

    If not helps provide a screen shot to us...


  • 12.  RE: How to clear the Unkown Device Failures list

    Posted Sep 01, 2010 12:14 PM

    None of the suggested fixes have yielded any results thus far.  I am hesitant do a repair install because it doesn't seem like that drastic of a measure needs to be taken to clear a security warning.  Here are the screenshots




  • 13.  RE: How to clear the Unkown Device Failures list

    Posted Sep 01, 2010 12:20 PM
    have you set any unmanged detector in your SEPM?
    if so remove it and make it again with exclusions..


  • 14.  RE: How to clear the Unkown Device Failures list

    Posted Sep 01, 2010 01:23 PM

    I set an unmanaged detector temporarly as a test.  It started pulling in devices but when I disabled it all the devices that it found went away.  The previous Unmanaged Detector has been disabled for quite some time now but the devices it found wont go away.


  • 15.  RE: How to clear the Unkown Device Failures list

    Posted Sep 01, 2010 01:42 PM

    the system which you set as an unmanged detector ; move it to a test group
    restart the service of the client
    make sure its no more a detector :)
     



  • 16.  RE: How to clear the Unkown Device Failures list

    Posted Sep 01, 2010 01:45 PM
    Try this



    Sweeping SEPM log data from the database manually

    http://service1.symantec.com/support/ent-security.nsf/docid/2008070913131048?Open&seg=ent



  • 17.  RE: How to clear the Unkown Device Failures list

    Posted Sep 07, 2010 10:26 AM
    I have not attempted to sweep the logs manually.  Originally though I didn't I have enough access to do that.  I checked this morning and I do have enough access but it seems that it will not be necessary.  The Security status shows the status of Good and is all green this morning.  The problematic Unmanaged Detector does not show up any more.  It also does not show up in clients.  Is there a setting in SEPM that removes clients if they have not phoned home in a while?  Thanks to everyone for the help.  I think in a normal situation if the Detector is left on most of the time,  disabling it as a detector would clear the devices it found.  I my case the device had not been on the network for a long period of time and that is why I think it would not clear.  Thanks to everyone for the input.


  • 18.  RE: How to clear the Unkown Device Failures list

    Posted Sep 07, 2010 10:37 AM
    its under
    admin
    servers
    right click on local site
    click properties
    you will find the delete client if not connected for such and such days
    the default is 30 days
    i think disabling it unmanged should have fixed the issue.
    the db sweep of sepm might took some time


  • 19.  RE: How to clear the Unkown Device Failures list

    Posted Sep 07, 2010 10:39 AM
    If a client is not reported to the server for a period(By default it is 30 days but you can configure it in SEPM-->admin-->servers--->local site-->edit local site properties-->general).You can also configure the log age in SEPM-->admin-->servers--->local site-->edit local site properties-->Database 


  • 20.  RE: How to clear the Unkown Device Failures list
    Best Answer

    Posted Sep 07, 2010 10:58 AM
    I think Ideally if a client is connecting normally to the SEPM server,  disabling it as an Unmanaged Detector should clear out the logs immediately.  In my case the computer had stopped connecting to the SEPM server a while back.  I disabled it as an Unmanaged Detector but it cleared the logs only after the client was deleted by the SEPM policy.  Basically my problem is solved.  Ultimately I think the thing that fixed it was disabling Unmanaged Detector on the client from SEPM.

    Thanks


  • 21.  RE: How to clear the Unkown Device Failures list

    Posted Sep 07, 2010 12:05 PM
    Hi all,

    If you're not familiar with the contest, please take a look at this blog post, which will help users understand how they can win prizes every week over the next several weeks!

    https://www-secure.symantec.com/connect/blogs/security-solutions-contest-be-king-week

    Solve the threads included in the contest, and you could be "King for a Week!"

    Best,

    Eric