HIP = Host intrusion prevention RSD = Rogue system detection
Hi, just to funny ... I installed ePO 4.5 last Thursday. Because RSD is now shipped with it i want to try it. So first i added the pre defined rule unter Firewall Rules "Allow Rogue Machine Detection" to the firewall policy for our notebooks.
I thought this would be enough.
Then i installed an Test Sensor on My Client knowing that not much Clients are Online at this time ( Friday Afternoon)
But Notebooks which were online during the RSD scan got an intrusion warning (TCP Port Scan) with my client as host.
Then the Users clicked on blocking ...
So why this is happen?
What rules to create that they dont geht this message when the sensor is scanning?