Endpoint Protection

 View Only
Expand all | Collapse all

Unmanaged Server / workstation detector daily report ?

  • 1.  Unmanaged Server / workstation detector daily report ?

    Posted Sep 16, 2012 07:14 AM

    Hi,

    Is it possible to generate report for all unmanaged Windows Server and Workstation that is connected to my network as weekly report ?

    Because recently I just found one of my Windows Server is not installed with SEP client ?

    Thanks.



  • 2.  RE: Unmanaged Server / workstation detector daily report ?

    Posted Sep 16, 2012 07:15 AM

    How to do this ? I beliece that I have selected my Laptop in the office as the unmanaged detector, but in the VLAN that is only for my workstation.

    DO I have to select one server as unmanaged detector in each VLAN or is there any script for me to do this to query any workstation/server with no AV installed ?



  • 3.  RE: Unmanaged Server / workstation detector daily report ?



  • 4.  RE: Unmanaged Server / workstation detector daily report ?

    Broadcom Employee
    Posted Sep 16, 2012 09:19 AM

    yep, check these links

    What does it mean to set a client as an Unmanaged Detector?

    http://www.symantec.com/docs/TECH105722

    Find Unmanaged Clients on a remote network location using the Unmanaged Detector

    http://www.symantec.com/docs/TECH96234

    Setting notifications when using the "Unmanaged Detector" feature in the SEPM

    http://www.symantec.com/docs/TECH104897



  • 5.  RE: Unmanaged Server / workstation detector daily report ?
    Best Answer

    Broadcom Employee
    Posted Sep 18, 2012 01:08 PM

    Hi,

    Q. DO I have to select one server as unmanaged detector in each VLAN or is there any script for me to do this to query any workstation/server with no AV installed ?

    ---> SEP client must be installed on the machine which is acting as a unmanged detector.

    Any SEP client can act as a unmanaged detector.

    When a client is set as an Unmanaged Detector, it locates unmanaged clients on its own local network segment and reports them to Symantec Endpoint Protection Manager. An Unmanaged Detector cannot detect unmanaged clients on network segments other than its own.

    How to find which client acting as a unmanged detector.

    Reference: http://www.symantec.com/docs/HOWTO55020



  • 6.  RE: Unmanaged Server / workstation detector daily report ?

    Posted Sep 21, 2012 03:04 AM

    Is there any rule or caveats when I select any server in the production VLAN as the unmanaged detector ?

    I wonder if the unmanaged detector server can actually forward any findings into the SEPM server across the zones (eg. between DMZ and internal zone )?



  • 7.  RE: Unmanaged Server / workstation detector daily report ?

    Posted Sep 21, 2012 04:07 AM

    Hi,

    You can find unmanaged detector Specify VLAN base or any of server as a unmanaged Detector.

    Unmanaged Detector in SEP 12.1

    https://www-secure.symantec.com/connect/articles/unmanaged-detector-sep-121

     

    What does it mean to set a client as an Unmanaged Detector?

    http://www.symantec.com/business/support/index?page=content&id=TECH105722



  • 8.  RE: Unmanaged Server / workstation detector daily report ?

    Posted Sep 21, 2012 07:18 AM

    The unmanaged detector need to have NTP component installed to work. Also, you need an unmanaged detector on every subnet unless you configure your routing in a special way. And it will pick up every device unless you set exceptions.You will see routers, switches, etc. in the report as well.



  • 9.  RE: Unmanaged Server / workstation detector daily report ?

    Posted Sep 23, 2012 08:45 PM

    Brian,

    Many thanks for the clarification so in this case for just one particular server that I have elected as Unmanaged detector I must enable the NTP component.

    I didn't know about this before because in all of my server environment I specifically turned off NTP to prevent any network issue.



  • 10.  RE: Unmanaged Server / workstation detector daily report ?

    Posted Sep 23, 2012 09:30 PM

    Yes, enabling a machine to be an unmanaged detector requires NTP component.



  • 11.  RE: Unmanaged Server / workstation detector daily report ?

    Posted Sep 24, 2012 03:08 AM

    ok, which component objects ?

    IPS or the Firewall ? 



  • 12.  RE: Unmanaged Server / workstation detector daily report ?

    Broadcom Employee
    Posted Sep 24, 2012 03:34 AM

    Hi,

    I believe it's a firewall componenet.

    Check the following note:

    Reference:http://www.symantec.com/business/support/index?page=content&id=TECH105722

    NOTE: In order to act as an unmanaged detector, SEP clients must have Network Threat Protection (NTP) enabled and be in Computer Mode. User Mode clients or clients without the firewall component (NTP) cannot act as unmanaged detectors.



  • 13.  RE: Unmanaged Server / workstation detector daily report ?

    Posted Sep 24, 2012 09:25 AM

    Firewall component, so you need to assign a FW policy.



  • 14.  RE: Unmanaged Server / workstation detector daily report ?

    Posted Sep 26, 2012 09:07 PM

    great, many thanks for the clarification and the update on this matter.