Showing results for 
Show  only  | Search instead for 
Did you mean: 
Level 7
Report Inappropriate Content
Message 1 of 4

No action taken on Rogue Systems

We have ePO 4.0 with patch 5. Every day, we see rogue systems, and some of them have no agent installed on them.
However, we set an automatic response on rogue systems, to deploy an agent to that system. Only, no action is taken. The system remains unmanaged and without antivirus.

A manual deploy of the agent works fine. But why no action is taken, puzzles me.
In the filter part of the automatic response rule, I copied the IP range of the DHCP.
I checked that the 'problem system' falls within that range.

Can anyone help in solving this mystery? Many thanks.
3 Replies
Level 7
Report Inappropriate Content
Message 2 of 4

RE: No action taken on Rogue Systems

In the logging I see action IS taken... time to investigate why some systems remain agent-less...!
Level 7
Report Inappropriate Content
Message 3 of 4

RE: No action taken on Rogue Systems

This must be in (major) bug in EPO... when I look at the detected system details it shows:

Source: Rogue System Sensor (Broadcast)
Exception: No
Rogue Action: Agent Deployment in Progress
Rogue State: No Agent

When reading this, everything looks fine. But nothing happens on that system. No agent is deployed. I've looked through the EPO logs but couldn't find anything.
Also the event log on the system shows nothing.

When I manually deploy an agent, using the same credentials, it is almost immediately deployed.
Time for patch 6?
Level 7
Report Inappropriate Content
Message 4 of 4

Re: RE: No action taken on Rogue Systems

Trying to bump this post to the top of the list

We still have an issue with PC's that have been re-installed (using the same name).

EPO still sees there is an agent on the system, although the agent cannot be contacted. In fact, since the system was reinstalled there is no agent and no VSE present.

The system does come up as rogue, but no action is taken.

The detected system properties are as follows.

Rogue Action:
Rogue State:Inactive Agent
Last Agent Communication:12/9/09 4:26:01 PM
Agent Version:

Nothing seems to happen and the only thing I can do is push the agent manually (which works perfectly).

There must be a way to automate this... any ideas?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community