SEPM Unmanaged detector provides false and inaccurate information. Enough for IT professionals to consider not getting any information is better than actually using this "Feature"
- the unmanaged detector should detect in each scan the devices that are currently connected and if it has SEP installed or not.
- Never report or send notification on some historical log.
Example
- a device X is connected to the network. The unmanaged detector detects a device without SEP and reports it. Great it seems to work. Once the information is received the solution is the device X is an unauthorized device that is then removed from the network. But guess what, the unmanaged detector will keep that device on some list forever until SEP is installed. That is a huge assumption on Symantec's part because not necessarily installing SEP is a solution. Removing the "unwanted" device is also a very good solution. I want it to alert of unmanaged devices but cannot force us to make it a managed device. We don't want to managed unwanted unauthorized devices. We want them removed from premises.....
- laptops move around..... this is their nature. So why would it report a fully managed SEP Client laptop as unmanaged just because it moved to a different building, city ? Yes its the same laptop with a different IP address. But once again I don't want a historical report I want an actual report stating this device is currently connected and it does not have SEP installed. I DO NOT want a list of IPs that have been used in the past and are now unreachable. unreachable does not equal unmanaged. Especially when reporting a laptop that is fully managed with its "home" IP address. Machine A usually uses 10.1.1.10 IP address. It traveled to another city which used 10.5.5.10 lets say. When it travels back to original office and picks up its original 10.1.1.10, that automatically sets off a trigger in SEPM to assume that 10.5.5.10 is unmanaged. Completely false..........
- Same scenario as above but laptops that may connect using a vpn client.
- Same scenario as #2 with laptops that use a docking station? Why report the docking station if I can't install SEP on it. and NO adding the docking station MAC to exclusions is not a solution.
- More and more machines are using USB - NIC dongles...... using various "dongles" with one machine also triggers a myriad of false alerts.