cancel
Showing results for 
Search instead for 
Did you mean: 

Rogue System Detection - SNMP/telnet alerts from Switches/UPS/Hardware

Can anyone help with the following issue:

We have Rogue System Detection installed on 3 machines in a particular subnet. On this subnet and other subnets we have connected Cisco switches, routers, UPS and other hardware devices.

Daily we get a flood of SNMP alerts from these devices to warn of unauthorised access attempts on SNMP, telnet and HTTP ports, from these 3 machines that have the Rogue detection software installed.

I cannot see any where an option in EPO 4.0 to black list devices from been "probed" by this software, or any settings under the Rogue detection itself. As far as we were concerned, this software should just listen and capture frames, reporting MAC addresses to the EPO server, rather than actively seek out devices and try to access them.

Many thanks in advance if anyone can help.
4 Replies
Highlighted

RE: Rogue System Detection - SNMP/telnet alerts from Switches/UPS/Hardware

I guess you could go to the Rogue System Detection policy and under interfaces, list the ip's you don't wish to scan....

RE: Rogue System Detection - SNMP/telnet alerts from Switches/UPS/Hardware

Many thanks. I found the setting just after posting and I'm testing at the moment.

I have also had to take the tick out of the discover OS option since this was giving Event ID 50 TermDD errors and other impacts on some systems.

RE: Rogue System Detection - SNMP/telnet alerts from Switches/UPS/Hardware




What was the setting and where do you set it ?

Thanks,

Jim

RSD Woes

Hello,

I had the same issue here. This is what I did to resolve it.

1. Go to your RSD policy.
2. Go to the Detection tab
3. Under Device Details detection make sure the box "Do not run NetBios calls against devices on these networks" is enabled.
4. Add you devices with 32bit Subnet mask ex: 10.215.1.1 / 32

This alleviated our firewalls from complaining all of the time 🙂

Hope it helps!

Thank you,
-Brett
More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center