The Symantec Endpoint Protection Manager appears to only be capable of storing information about four network interfaces per endpoint in the database. Endpoints that have five or more NICs can cause the Unmanaged Detector feature to falsely report them as unmanaged endpoints, since their address is not in SEPM's database. It is common for high-availability clusters and Hyper-V servers to have multiple NICs to support multiple paths to networks and iSCSI storage.
More discussion is on this thread:
https://www.symantec.com/connect/forums/sepm-missing-info-causes-false-positives-unmanaged-detection