I've recently upgraded from EPO 4.0 to 4.5 - all the RSD were upgraded from v2.0 to 4.5 as well.
I've got a automated task running where if a rogue machine is detected a mail is sent off and the agent is then pushes to the rogue machine.
I noticed after I upgraded EPO 4.5 now thinks all my machines (or a large percentage) are now rogue - with the automated task enabled I get thousands of email alerts about rogue machines. I've checked in EPO on some of the machines are they are present in EPO and the last communication time was a few hours ago.
Any ideas - how come EPO thinks they are rogue when they are clearly not?
About to open a case with McAfee but before they give me the run around is there something I'm missing?
I've got RSD's on all the DHCP servers as well as other 2003 servers in each subnet.
RSD uses MAC address as its primary matching mechanism. Do the affected machines connect your network via VPN? VPN clients will often report the same MAC address (the MAC address of the VPN concentrator rather than the actual MAC address of the client) so that could explain it. You can change how RSD matches clients in the Menu | Configuration | Server Settings | Detected System Matching page of the EPO console.
also check out KB52949 which could be helpful...
KB57886 describes the logic behind this as well.
AndrewMessage was edited by: andymease on 1/8/10 3:08:08 PM GMT-05:00