cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Problem with Rogue System Sensor 4.7

Hello Community,

i have a Question reguardion Rogue System Sensor 4.7. We switched to McAfeee installed EPO Server (installed on Windows 2008 R2) with VSE and Rogue System Detection.

No i have a lot Errors on my Microsoft Network Policy Server Event Log. All Machines (Windows 7 Machines and Server with Windows 2008 R2) with an Rogue Sensor send Wrong RADIUS Messages throughout the Network


NPS Event ID 13:

RADIUS message was received from the invalid RADIUS client IP address xxx.xxx.xxx.xxx

Is there any Option so that the Rogue Sensors will not send those wrong RADIUS Messages?

Kind Regards

Tobias

8 Replies
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 9

Re: Problem with Rogue System Sensor 4.7

Any solution here?

We ran into the same issue when upgrading our RSD-Seonsors lately to the newest version.

Best regards
Dan
Highlighted

Re: Problem with Rogue System Sensor 4.7

No, we're ignoring the error because it dosn't inflict any problems. It just messes up the Event log. Nothing Else.

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 9

Re: Problem with Rogue System Sensor 4.7

The os identification is doing that.

You can exclude Subnets (or devices with a 31 bit mask) from being scanned in the RSD policy, Detection tab. Enable the option below and enter your subnets or devices you don't like being scanned

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 9

Re: Problem with Rogue System Sensor 4.7

Thanks for the info.

I changed the RSD-Policy and will have a look at the logfiles tomorrow.

But what do you mean by the 31bit-SNM? Whats devices will then be excluded from being scanned?

Best regards
Dan
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 6 of 9

Re: Problem with Rogue System Sensor 4.7

the option is to enter subnets, an entry with a 31 bit snm correspond to one device.

I'm making the assumption that sepcific devices are being hit with the banner scan to identify what type of device they are and that is what is causing your issue.

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 7 of 9

Re: Problem with Rogue System Sensor 4.7

Okay, now i get it.

So i would just have to exclude our DCs who receive these messages, and that should be it.

Many thanks for the help.

Much faster than McAfee gold business support.

Best regards
Dan
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 8 of 9

Re: Problem with Rogue System Sensor 4.7

correct, and then you could still scan the whole subnet....

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 9 of 9

Re: Problem with Rogue System Sensor 4.7

Just wanted to say thanks to Andre.

everything worked as you explained. Thanks for your help.

Best regards
Dan
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community