How do the two features in Symantec Endpoint Protection 11.0 that allow Administrators to find computers compare to one another, and when would each be used?
Unmanaged Detector Basics Upon booting, a computer sends out Address Resolution Protocol (ARP) traffic to identify itself on a network. Once enabled, the Unmanaged Detector listens for gratuitous ARP traffic and collects Internet Protocol (IP) and Machine Address (MAC) data from traffic passing it on the local network. This data is then forwarded to the Unmanaged Detector’s SEPM which compares the IP address and MAC address of detected systems against its known list of managed endpoint clients and reports on the unmanaged endpoint clients.
An unmanaged detector is configured by right-clicking a managed SEP client in the Clients page of the SEPM console, and selecting "Make unmanaged detector".
Use Unmanaged Detector when you want to:
Be proactively notified (by setting a notification for "unmanaged computers". Also under the Security Status details from Home page in Symantec Endpoint Protection Manager).
Coverage over time and not a "snapshot" of systems currently connected to the network.
See the following document for information on how to find out if a computer has been discovered using the Unmanaged Detector feature: