cancel
Showing results for 
Search instead for 
Did you mean: 
mcamon
Level 8
Report Inappropriate Content
Message 1 of 14

Rogue Sensor not installing on test workstation

Jump to solution

Hello,

I am trying to push Rogue Sensor to a workstation and getting the following logs. Can somebody help me find what I am doing wrong. Although the logs says the sensor installed successfully, I cannot find it in my program install nor in the detected system in ePO. I need to your assistant with finding a way to push the Rogue Sensor automatically from ePO.

Agent Subsystem    9/6/2011    3:23:45 PM    Info    Next policy enforcement in 5 minutes   

Agent Subsystem    9/6/2011    3:23:45 PM    Info    Agent finished Enforcing policies   

Management    9/6/2011    3:23:45 PM    Info    Enforcing Policies for EPOAGENT3000   

Management    9/6/2011    3:23:45 PM    Info    Enforcing Policies for EPOAGENT3000META   

Management    9/6/2011    3:23:45 PM    Info    Enforcing Policies for VIRUSCAN8800   

Management    9/6/2011    3:23:45 PM    Info    Enforcing Policies for McAfee Agent   

Agent Subsystem    9/6/2011    3:23:45 PM    Info    Agent Started Enforcing policies   

Agent Subsystem    9/6/2011    3:22:32 PM    Info    Agent communication session closed   

Agent Subsystem    9/6/2011    3:22:32 PM    Info    No package received from ePO Server   

Agent Subsystem    9/6/2011    3:22:32 PM    Info    Agent is connecting to ePO server   

Agent Subsystem    9/6/2011    3:22:32 PM    Info    Agent communication session started   

Agent Subsystem    9/6/2011    3:22:32 PM    Info    Sending the next batch of 1 data channel items   

Scheduler    9/6/2011    3:22:30 PM    Info    The task Testing Rogue Install is deleted (ID={3A12468F-EE20-4C92-832D-13E51BB41AAE})   

Scheduler    9/6/2011    3:22:30 PM    Info    Scheduler: Task [Testing Rogue Install] is finished   

Scheduler    9/6/2011    3:22:30 PM    Info    The task Testing Rogue Install is successful   

Updater    9/6/2011    3:22:16 PM    Info    Update Finished   

Updater    9/6/2011    3:22:15 PM    Info    Loading update configuration from: catalog.xml   

Updater    9/6/2011    3:22:15 PM    Info    Extracting catalog.z.   

Updater    9/6/2011    3:22:15 PM    Info    Verifying catalog.z.   

Updater    9/6/2011    3:22:15 PM    Info    Downloading catalog.z.   

Updater    9/6/2011    3:22:15 PM    Info    Initializing update...   

Updater    9/6/2011    3:22:15 PM    Info    Checking update packages from repository ePO_DSECHBSS01THN.   

Scheduler    9/6/2011    3:22:15 PM    Info    Scheduler: Invoking task [Testing Rogue Install]...   

Agent Subsystem    9/6/2011    3:22:02 PM    Info    Agent communication session closed   

Agent Subsystem    9/6/2011    3:22:02 PM    Info    No package received from ePO Server   

Agent Subsystem    9/6/2011    3:22:02 PM    Info    Agent is connecting to ePO server   

Agent Subsystem    9/6/2011    3:22:02 PM    Info    Agent communication session started   

Agent Subsystem    9/6/2011    3:22:02 PM    Info    Sending the next batch of 1 data channel items   

Scheduler    9/6/2011    3:22:00 PM    Info    Added a new task Testing Rogue Install to Scheduler's task list    

Agent Subsystem    9/6/2011    3:21:50 PM    Info    Agent communication session closed   

Agent Subsystem    9/6/2011    3:21:50 PM    Info    No package received from ePO Server   

Agent Subsystem    9/6/2011    3:21:49 PM    Info    Agent is connecting to ePO server   

Agent Subsystem    9/6/2011    3:21:49 PM    Info    Agent communication session started   

Agent Subsystem    9/6/2011    3:21:49 PM    Info    Sending the next batch of 1 data channel items   

Agent Subsystem    9/6/2011    3:21:47 PM    Info    Agent communication session closed   

Agent Subsystem    9/6/2011    3:21:47 PM    Info    Package uploaded to ePO Server successfully   

Agent Subsystem    9/6/2011    3:21:47 PM    Info    Agent is connecting to ePO server   

Agent Subsystem    9/6/2011    3:21:47 PM    Info    Agent communication session started   

Agent Subsystem    9/6/2011    3:21:17 PM    Info    Agent is looking for events to upload   

Agent Subsystem    9/6/2011    3:18:45 PM    Info    Next policy enforcement in 5 minutes   

Agent Subsystem    9/6/2011    3:18:45 PM    Info    Agent finished Enforcing policies   

Management    9/6/2011    3:18:45 PM    Info    Enforcing Policies for EPOAGENT3000   

Management    9/6/2011    3:18:45 PM    Info    Enforcing Policies for EPOAGENT3000META   

Management    9/6/2011    3:18:45 PM    Info    Enforcing Policies for VIRUSCAN8800   

Management    9/6/2011    3:18:45 PM    Info    Enforcing Policies for McAfee Agent   

Agent Subsystem    9/6/2011    3:18:45 PM    Info    Agent Started Enforcing policies   

Thanks in advance.

1 Solution

Accepted Solutions
mcamon
Level 8
Report Inappropriate Content
Message 13 of 14

Re: Rogue Sensor not installing on test workstation

Jump to solution

Thanks for all your help.

I finally figured it out. well not really. All I did was re-installed the ePO and SQL database server. It appears everytime I update to the McAfee Agent 4.6, I would have the Rogue deployment issues.

Everything works fine with the original 4.5 agent. Seem to be some misconfiguration. Whatever it is, I finally got the Rogue System Detection to deployed to my test workstation using ePO.

13 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 14

Re: Rogue Sensor not installing on test workstation

Jump to solution

There should be an install log on the machine - it will be called something like RSD450EN-Install-MSI.log or RSD460EN-Install-MSI.log.  Can you zip it and post it here and we can take a look?

Thanks -

Joe

mcamon
Level 8
Report Inappropriate Content
Message 3 of 14

Re: Rogue Sensor not installing on test workstation

Jump to solution

Hey Joe. Thanks for responding to my post. I am all new to ePolicy and wanted to know what is the correct way to installing the Rogue System Detection (RSD) before I zip up the log and post it.

Initially I installed the Rogue System Detection 4.6.0 on the server manually using the Setup in the SNOWCAP_2000 folder.

I then wanted to install the Rogue Detection system on my workstation for testing and wanted to push it using ePO instead of installing it manually on the desktop. I am confused if the system detection can be pushed out using ePO say to another server or workstation. Is there a difference between the Rogue System Detection and Senor?  My ultimate question is where should the Rogue System Detection be installed? Currently I am testing 1 active sensor installed on one of my subnet. Additionally, Can the Rogue Detection setup files be pushed out to a workstation/server using ePO other than manually installing it using the Setup in SNOWCAP_2000 folder.

Thanks.

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 14

Re: Rogue Sensor not installing on test workstation

Jump to solution

Hi...

If you haven't already done so, can I suggest you have a look at the "Detecting Rogue Systems" section of the ePO 4.6 Product Guide: it covers most things

In a nutshell, though:

RSD is made up of two components: the server end, and the sensor(s). The server component is installed as part of ePO during the install, so you don't need to do anything extra at the server.

The sensors are pushed out from ePO to target systems via the ePO - you choose a machine (which needs to have an agent installed already) and then send the sensor to it.

HTH -

Joe

Re: Rogue Sensor not installing on test workstation

Jump to solution

Beside reading the documents on how to do this I think if you look under detection tab you will find the systems detected by the sensor on the epo server and selecting those systems will give you an option of installing the sensors I think

mcamon
Level 8
Report Inappropriate Content
Message 6 of 14

Re: Rogue Sensor not installing on test workstation

Jump to solution

okay I now have a clear understanding of RSD. However it seem that I still cannot push the sensor to my own computer for testing using the "Actions" tab which currently has the McAfee Agent installed and is a managed system in the "system tree" tab. I checked the server task log every  time I try pushing out the Rogue Sensor and it says completed but when I go directly to my computer and check program, it is nor listed nor installed.Nor do I see it in the Rogue System Sensor Status in the "Detected Systems" tab. I am not sure what I am doing wrong for the sensor to not automatically deploy from ePO to my computer.

Re: Rogue Sensor not installing on test workstation

Jump to solution

Ensure that your policy is configured and the port is enabled for traffice  from that work stations by adding a firelwall rule in to your HIPS component for the RSD service

I would check also to see if the traffic is not blocked by a FW switch on your network on the RSD port to your ePO server

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 14

Re: Rogue Sensor not installing on test workstation

Jump to solution

Okay - do you have the install log that I mentioned earlier?

Thanks -

Joe

mcamon
Level 8
Report Inappropriate Content
Message 9 of 14

Re: Rogue Sensor not installing on test workstation

Jump to solution

Hey Joe,

I didn't find the file you've reference but found this file instead RSDSEN450-Install-MSI. Please see attachment.

Please keep in mind that after unsuccessfully pushing out the Rogue Sensor, I manually installed it on my workstation using the setup file in the snowcap folder.

Thanks.

on 9/9/11 10:36:48 AM CDT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 10 of 14

Re: Rogue Sensor not installing on test workstation

Jump to solution

Ah - unfortunately that will have hidden the logs that we're looking for

Uninstall it via add/remove programs, then send the install again from the console. Do we get a new log created?

Thanks -

Joe