cancel
Showing results for 
Search instead for 
Did you mean: 

Re: Rogue System Detection broken after 5.3 upgrade

Still no further progress

I've now completely uninstalled the sensors I had in one subnet, rebooted the servers and redeployed the sensor to them. The detection is definitely working - as soon as I do this, I get a bunch of systems detected. Problem is, all these systems have an agent installed and communicating correctly, but they all still show up as rogue with a status of 'No Agent'

Also, where are the logs for sensor version v 5.0.2 located? Can't find RSDSensor_out.log anywhere on a freshly installed sensor

Highlighted
brinkn
Level 9
Report Inappropriate Content
Message 12 of 15

Re: Rogue System Detection broken after 5.3 upgrade

RSD will not work with 5.0.2 agents.  It is not able to detect them (Sees all of then as rogue) and will not run on 5.0.2,  It is supposed to be fix in 5.0.3 due in Q1.  You can see the problem by querying the agent on port 8081:

http://<hostname>:8081/query?type=info

On 5.0.2 you get:

403 Forbidden

On anything else you get an XML File back:

<naLog>

<ePOServerName>

SERVERNAME

</ePOServerName>

<version>----AGENT VERSION----</version>

<ComputerName>----SYSTEMNAME----</ComputerName>

<AgentGUID>----GUID----</AgentGUID>

</naLog>

Re: Rogue System Detection broken after 5.3 upgrade

Is this official from McAfee? Because I can't downgrade to v 5.0.1 (it contributes to an issue with access protection, which result in clients being unable to log in)

Starting to hate McAfee with a passion - not good for someone who's been using it for 15 years in a corporate environment and wouldn't have ever used another AV until now...

brinkn
Level 9
Report Inappropriate Content
Message 14 of 15

Re: Rogue System Detection broken after 5.3 upgrade

So, both of these KB's claim that RSD 5.0.2 sensors work with MA5.0.2

McAfee KnowledgeBase - Supported platforms, environments, and operating systems for Rogue System Det...

https://kc.mcafee.com/corporate/index?page=content&id=KB85262

There are no know issues documented on the MA page.

https://kc.mcafee.com/corporate/index?page=content&id=KB83895

However, if you have support feel free to contact them and reference 4-11113100481.  The product manager has acknowledged it as a bug.

You cant downgrade due to the changes in the syscore versions.

Hope this helps.

Re: Rogue System Detection broken after 5.3 upgrade

Thanks. I'd already seen the support matrix, but wanted to confirm they are 'officially' supported. Nice of them to acknowledge that there's an issue privately, but not publicise it to their customers (exactly the same as the issue discussed here: http://community.spiceworks.com/topic/1130868-windows-7-access-is-denied-at-logon?page=2&source=home...

I suppose I should be thankful this issue just breaks a McAfee product - rather than breaking Windows, like the issue linkid to above.

Guessing also that 'Q1 2016' in McAfee speak, means April - like P1 of the 5.0 agent this year... Sigh.

Thanks for the info

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator