cancel
Showing results for 
Search instead for 
Did you mean: 
navs
Level 8
Report Inappropriate Content
Message 1 of 13

RSD issue in EPO 4.5

Jump to solution

After an upgrade from epo 4.0p5 to epo4.5p3, rogue system detection has not been functioning properly.  I have since applied p4 to epo4.5 but no difference. EPO server is running windows 2003 sp2 only ipv4 installed.

In EPO4.5 under detected systems i have

  • 2 sensors active (windows 2003 SP2, ipv4 only, RSD 4.5.0.1082 installed, Agent 4.5p2 VSE8.7p4)
  • Even though i have 2 sensors, i have 3 subnets covered for some odd reason.
  • 2 of the subnets are the local subnets of the sensors and the 3rd is what looks like a ipv6 subnet 0000:0000:0000:0000:0000:0000:0000:0000
  • The rogue's picked up by the sensors appear under the 0000:0000:0000:0000:0000:0000:0000:0000 subnet

I am unsure where this 0000:0000:0000:0000:0000:0000:0000:0000 subnet has appeared from or why all the rogues appear under this subnet and not the local subnet the sensor is actually in.

Has anyone come across this issue before or have any suggestions.

Thanks

1 Solution

Accepted Solutions
navs
Level 8
Report Inappropriate Content
Message 5 of 13

Re: RSD issue in EPO 4.5

Jump to solution

After speaking to Mcafee Support, they advised that this issue can be corrected by deleting the subnet from the db - dbo.RSDSubnetProperties, the cause (currently) remains unknown.

After deleting the 0000.0000.0000.0000.0000.0000.0000.0000  subnet my RSD is now functioning correctly.

12 Replies
robby07
Level 7
Report Inappropriate Content
Message 2 of 13

Re: RSD issue in EPO 4.5

Jump to solution

Since you only have two sensors, I recommend you uninstall them and deploy new ones.  Also, double check the RSD policy.  Make sure it wasn't affected by the update.

navs
Level 8
Report Inappropriate Content
Message 3 of 13

Re: RSD issue in EPO 4.5

Jump to solution

HI

Forgot to mention that i had alrqaddy done that, i did have about 20 sensors and ended up uninstalling all of them.  I then resinstalled  on these 2 sensors via EPO and with no luck.  RSD policy also looks fine, although i have 2 policies,

  1. "McAfee Default" read only applied to "global root" and
  2. "my default" applied to "my organization"
robby07
Level 7
Report Inappropriate Content
Message 4 of 13

Re: RSD issue in EPO 4.5

Jump to solution

The "my Default" policy is the one getting applied to all your sensors so make sure the configuration looks ok for your company.

I remember seeing some IPv6 traffic the first time.  I deleted them and they haven't popped back ever since.  Why the "garbage" data beats me.   So if you are sure your company is not using IPV6, delete them too.  If there is something in the network using it, they will be redetected.

navs
Level 8
Report Inappropriate Content
Message 5 of 13

Re: RSD issue in EPO 4.5

Jump to solution

After speaking to Mcafee Support, they advised that this issue can be corrected by deleting the subnet from the db - dbo.RSDSubnetProperties, the cause (currently) remains unknown.

After deleting the 0000.0000.0000.0000.0000.0000.0000.0000  subnet my RSD is now functioning correctly.

Re: RSD issue in EPO 4.5

Jump to solution

Can you please post the command that you used to delete the subnet from the databaese

Re: RSD issue in EPO 4.5

Jump to solution

I Have same problem afte upgrade ePO Patch 3 and 4.

This solution to delete ipv6 subnet from ePO Database can resolve this issue?

If yes post the command to perform this.

navs
Level 8
Report Inappropriate Content
Message 8 of 13

Re: RSD issue in EPO 4.5

Jump to solution

Hi, Yes deleting the subnet entry from the database did help resolve my issue.

Database entry is deleted from  whatever database you are using, i was using sql2005 full, however i am no databse admin, so i ended up getting our sql admin to delete the subnet entry.  If he is around i will ask him for the command, however if you are unsure on how to remove entries from a database i would suggest talking to your database admin, probably safer.

DC-SG
Level 9
Report Inappropriate Content
Message 9 of 13

Re: RSD issue in EPO 4.5

Jump to solution

Hello ALL,

I have a similar situation regarding RSD in ePO 4.5.  My RSD had worked very fine until one day, it just spinned and finally reported 0 Covered, 0 Contain Rogues, 0 Uncovered. All are not true because I have 114 covered subnets and many subnets with Rogues. 

I opened a ticket with McAfee and McAfee asked me to produce an Output of   RSDSubnetProperties table.  I found dbo.RSDSubnetProperties table. But, I do not know what an output of RSDSubnetProperties table looks like.


I appreciate every help you could provide.

Best Regards,

DC-SG.

DC-SG
Level 9
Report Inappropriate Content
Message 10 of 13

Re: RSD issue in EPO 4.5

Jump to solution

Hello All,

in my situation (RSD worked, then not worked, posted on 2/16/2011), the RSD component in ePO4.5 corrected itself mysteriously. This means that RSD reported as normal  now.  I don't know why and how it worked again after a long period (1 or 2 months). 

From engineering viewpoint, I would like to know why my RSD failed and worked again. But I have too many other problems to deal with now.

If any of you know the root cause of RSD problem, please share.


Regards,

DC-SG