cancel
Showing results for 
Search instead for 
Did you mean: 
gmc_za
Level 7
Report Inappropriate Content
Message 1 of 3

After upgrading EPO to 4.5 RSD think's all my machines are rogue

I've recently upgraded from EPO 4.0 to 4.5 - all the RSD were upgraded from v2.0 to 4.5 as well.

I've got a automated task running where if  a rogue machine is detected a mail is sent off and the agent is then pushes to the rogue machine.

I noticed after I upgraded EPO 4.5 now thinks all my machines (or a large percentage)  are now rogue - with the automated task enabled I get thousands of email alerts about rogue machines. I've checked in EPO on some of the machines are they are present in EPO and the last communication time was a few hours ago.

Any ideas - how come EPO thinks they are rogue when they are clearly not?

About to open a case with McAfee but before they give me the run around is there something I'm missing?

I've got RSD's on all the DHCP servers as well as other 2003 servers in each subnet.

2 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: After upgrading EPO to 4.5 RSD think's all my machines are rogue

RSD uses MAC address as its primary matching mechanism. Do the affected machines connect your network via VPN? VPN clients will often report the same MAC address (the MAC address of the VPN concentrator rather than the actual MAC address of the client) so that could explain it. You can change how RSD matches clients in the Menu | Configuration | Server Settings | Detected System Matching page of the EPO console.

Re: After upgrading EPO to 4.5 RSD think's all my machines are rogue

also check out KB52949 which could be helpful...

KB57886 describes the logic behind this as well.

Andrew

Message was edited by: andymease on 1/8/10 3:08:08 PM GMT-05:00