Having antivirus on all machines is paramount in any security posture. We are using Symantec Endpoint Protection as endpoint protection solution. In our environment there are hundreds of branch offices and every 5-6 months a new office is opened. Considering dynamic environment we don't have masters of all IP segments.
For discovery at last mile level to detect any machine in network without SEP client we largly depend on wonderful feature of SEPM called 'Unmanaged Detector' or UD in short
1. Using network ARP packets UD detects machine in 'local network' which are not already present in SEPM.
2. We can see UD report in SEPM Console Home/ View Details/ Unknown Device Failures. This list will include lots of IPs from network devices like printers, scanners, CCTVs etc.
Tricky Part: Now task in hand is to filter out laptop/desktop IPs from list of IPs from step 2. We use utility named 'pinginfo', here we can upload complete list of IPs and check if IPs are getting resolved to hostname. In our case, IPs of desktop/laptops resolve to machine hostname and IPs of network devices donot resolve. Then just sort and copy-paste list of IPs in excel, these are the machines which don't have SEP installed. (You can build a powershell script leveraging dns resolution to do same activity)
3. Important point is your all IP segments must have at least one unmanaged detector. Attached is SQL script made to know IP segments where we dont have Unmanaged Detector configured.
Suggest improvements.