cancel
Showing results for 
Search instead for 
Did you mean: 
luis79
Level 7
Report Inappropriate Content
Message 1 of 8

Rogue System Sensor

Would really appreciate some help with the following issue. Computers with the rogue sensor installed are constantly attempting TCP connections an a very large number of ports to all hosts on its broadcast domain. These connection attempts look like a port scan to my security devices and, needless to say, they don't like that.

My understanding is that the rogue sensor is strictly passive and it only "listens" for traffic. That is certainly not the case in my environment. As soon as the sensor is removed from a host, it stops attempting those TCP connections.

Anybody know what this behavior is all about?
7 Replies
tonyb99
Level 13
Report Inappropriate Content
Message 2 of 8

RE: Rogue System Sensor

if this is epo 4 with rsd 2.0 do you have the additional info option checked as this shows like a port scan to security devices, if you stop this bit then it doesnt do it
luis79
Level 7
Report Inappropriate Content
Message 3 of 8

RE: Rogue System Sensor





It is epo4 with rsd 2.0. I am a newby with all this stuff. Where can I find this option?

RE: Rogue System Sensor

It's in the Detection tab for the RSD policies. Look at the settings for "Device details detection". RSD does a port scan to try to determine OS details if you have this option enabled.
luis79
Level 7
Report Inappropriate Content
Message 5 of 8

RE: Rogue System Sensor

Just wanted to let everyone know that the suggestion above did fix the problem described on the original post. Thanks so much for your help!!
epoguy
Level 7
Report Inappropriate Content
Message 6 of 8

RE: Rogue System Sensor

Now, what if you wanted to you use this feature? Is there a way to tell the managed clients to ignore this traffic?
tonyb99
Level 13
Report Inappropriate Content
Message 7 of 8

RE: Rogue System Sensor

no but in those cases they would already be managed in the DB so wouldnt rate a scan, you can set exceptions to stop the scan hitting security devices though in the exceptions bit
epoguy
Level 7
Report Inappropriate Content
Message 8 of 8

RE: Rogue System Sensor

I figured it out. I added my RSD's to the Trusted Network list. Thanks for the response!