SEP Client UnManaged Detector sending wrong logs.

book

Article ID: 156546

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

The Symantec Endpoint Protection (SEP) client UnManaged Detector sending wrong logs.

  • Machine with Apipa address getting listed (169.254.0.1 through 169.254.255.254).
  • Broadcast address 0.0.0.0  getting listed.
  • One Mac ID getting associated with multiple ip address.

Cause

  • SEP UnManaged Detector incorrectly configured.
  • Firewall driver not installed or not functioning properly.

Resolution

1. Disable the SEP client UnManaged Detector on the machine sending the wrong report.
2. If the firewall is not installed on the machine configured as a UnManaged Detector
    a) Install firewall component on the client.
    b) Reboot the machine after installation.
3. If the firewall is installed on the machine configured as a UnManaged Detector
    a) Repair the SEP client via the Control panel Add/Remove Programs applet.
    b) Reboot the machine
4. Verify the SEP client firewall (teefer) driver is running.
    To verify if the driver is running
      a) Start > Run
      b) Open cmd.
      c) Type in sc query teefer2.
5. Once the driver has been verified as running, re-enable the SEP client as an UnManaged Detector.


Applies To

Symantec Endpoint Protection 12.1

Attachments