How to enable the Unmanaged Detector in Symantec Endpoint Protection Manager (SEPM).
 

Requirements to use a computer as an unmanaged detector

1. The Symantec Endpoint Protection (SEP) client on this machine must have both features of Network Threat Protection (NTP) installed and enabled. These two features are Firewall and Intrusion Prevention. 
2. The computer must be in computer mode.
3. The machine must be on all the time.
4. Symantec Network Access Control cannot be enabled on this client. (This can be determined by opening the SEP user interface. Network Access Control will be listed after Network Threat Protection.)

To enable the Unmanaged Detector

1. Open "Symantec Endpoint Protection Manager".
2. Click Clients.
3. Select the group which contains the client chosen to be an Unmanaged Detector.
4. Click the Clients tab.
5. Right click the client and select "Enable as Unmanaged Detector".

To see if unmanaged clients are being detected, go to the home page and click "View Details" in the Security Status area

• When the Security Status Details window appears, select "Unknown Device Failures".
• Total Detected Unknown Devices will show how many devices are unmanaged. This will include access points, routers, switches and other devices in addition to computers.
• To filter extraneous devices, go back to the clients page and right click on the Unmanaged Detector. Choose "Configure Unmanaged Detector" and add the IP or Mac addresses of the devices to be filtered.