Endpoint Protection

I have several unmanaged dectors in my network (one per subnet).  I'm having one unmanaged detector WIN 2003 12.MR1 MP1 giving me 5 IP addresses that I know SEP is already installed on those 5 machines (XP SP2) with all features enabled and with green dots on the SEPM with the latest policies.  Both computers also have the latest definitions and are in computer mode and managed by a SEPM in the same subnet.

alos all this systems showing in SEPM console, then why i got logs in SEPM Unmanaged detector.

We found same issue in 11 all version still found 12 version !!! What exactly is the unmanaged detector looking for?????

Also i found diff MAC add of same IP compare to SEPM database

pls find below snap..

HI,

Are you using Image OS ?

SEP 12.1: How to prepare a Symantec Endpoint Protection 12.1 client for cloning (image)

http://www.symantec.com/business/support/index?page=content&id=HOWTO54706
  

Configuring Symantec Endpoint Protection client for deployment as part of a drive image (SEP 11)
http://www.symantec.com/business/support/index?page=content&id=TECH102815

Check your thread

http://www.symantec.com/connect/forums/symantec-unknown-device-failures-list

thanks for repaly

we are not using image OS..

Configure SEPM to remove clients which have not connected within a specific number of days.

1. Open SEPM and select the Admin panel.
2. Click on Servers
3. Right click on the Site where your management servers are located and choose Edit Properties
4. Check "Delete Clients that have not connected for __ Days"
5. Enter a value for Days.
6. Click OK.

NOTE: In version 12.1 of the SEPM, the location for adjusting the setting to delete clients which have not connected for X number of days has moved:

1. In the SEPM, go to the Admin page.
2. Select Domains.
3. Under Tasks, select Edit Domain Properties. 
4. In the Edit Domain Properties window, on the default General tab, note the option to "Delete clients that have not connected for specified time."

Configuring a low value for this setting would clear up the duplicates more quickly. 

already set on 7 days. its removed automaticly.

any solution for why MAC showing diff SEPM logs and UD logs..

hi,

Both of client are online and updated Latest Defination ?

yes its update and online

HI,

Try to remove Hardware id both system and check ,

How to repair duplicate IDs on cloned Symantec Endpoint Protection 12.1 clients

http://www.symantec.com/business/support/index?page=content&id=TECH163349

tried but not sucess

Hi,

What happend if you have delete one host name in SEPM console ?

its reflect some after tym with same id

HI,

 both machine host name are different ?

Have you configure Manually IP address.

I think same Ip address are available two ifferent machine.

Hello,

I would suggest you to follow the steps below:

1. Disable Unmanaged detector on the machine sending the wrong report.
2. If the firewall is not installed on the machine configured as a unmanaged detector
    a) Install firewall component on the client.
    b) Reboot the machine after installation.
3. If the firewall is installed on the machine configured as a unmanaged detector
    a) Repair the client.
    b) Reboot the machine
4. Verify if the firewall (teefer) driver is running.
    To verify if the driver is running
      a) Start > Run
      b) Open cmd.
      c) Type in sc query teefer2.
5. Once the driver has been verified as running, re-enable the client as an unmanaged detector.

Hope that helps!!