Endpoint Protection

 View Only

  • 1.  Scheduled report question about PCs on network without SEP

    Posted Jan 27, 2012 08:59 AM

    We have about 600 PCs on the network that should have SEP installed on them however some PCs get deployed without it. To find them, we have to perform a "Find unmanaged computers" operation and provided the IP ranges for SEP to scan. This is time consuming and the results cannot be exported to another file. Is it possible to schedule this as a weekly or monthly job? 

    Basically, I want to create a task that finds unmanaged computers on the network and email me a report. Is this possible?



  • 2.  RE: Scheduled report question about PCs on network without SEP

    Broadcom Employee
    Posted Jan 27, 2012 09:51 AM

    you can schedule the unmanaged computer notification.

    http://www.symantec.com/business/support/index?page=content&id=HOWTO55128



  • 3.  RE: Scheduled report question about PCs on network without SEP

    Trusted Advisor
    Posted Jan 27, 2012 09:53 AM

    Hello,

    There is a feature of "Unmanaged Detector", check these Articles:

    What does it mean to set a client as an Unmanaged Detector?

    http://www.symantec.com/docs/TECH105722

    Best Practices: When to use the "Find Unmanaged Computers" or "Unmanaged Detector" features in Symantec Endpoint Protection 11.0

    http://www.symantec.com/docs/TECH104340

    Find Unmanaged Clients on a remote network location using the Unmanaged Detector

    http://www.symantec.com/docs/TECH96234

    Setting notifications when using the "Unmanaged Detector" feature in the SEPM

    http://www.symantec.com/docs/TECH104897

     

    Hope that would help you !!!


  • 4.  RE: Scheduled report question about PCs on network without SEP

    Posted Jan 27, 2012 05:04 PM

    Thanks. How exactly does the unamanged detector work? Does it scan IP ranges at random times of unmanaged PCs? Can I schedule those times?



  • 5.  RE: Scheduled report question about PCs on network without SEP

    Posted Jan 30, 2012 12:55 AM

    Iam also expecting..can u explain little bit?



  • 6.  RE: Scheduled report question about PCs on network without SEP

    Posted Jan 30, 2012 01:29 AM

    the unmanaged detector works on a local network and looks at ARP traffic on that subnet to determine whether or not a client is running SEP. If its not running SEP, we report it back to the SEPM and it will appear in the security report (you can also configure notifications for this). Two things to bear in mind:

    1. This works on a per subnet basis - you need a detector in each subnet your company has to guarantee coverage
    2. This won't detect clients that have SEP installed but are not managed by your SEPM (either "unmanaged" SEP clients or other companies SEP clients because we look to see if SEP is *installed* There are things we can potentially do in the future, depending on how the feature evolves and what customers request.

     

     

    https://www-secure.symantec.com/connect/forums/what-unmanaged-detector

    https://www-secure.symantec.com/connect/forums/unmanaged-detector-usage

    https://www-secure.symantec.com/connect/forums/unmanaged-detector-why-isnt-working

    http://www.anti-malware.ru/pda/index.php?act=attach&type=post&id=3530



  • 7.  RE: Scheduled report question about PCs on network without SEP

    Posted Feb 01, 2012 03:14 AM

    Thanks for your info...