Still no further progress
I've now completely uninstalled the sensors I had in one subnet, rebooted the servers and redeployed the sensor to them. The detection is definitely working - as soon as I do this, I get a bunch of systems detected. Problem is, all these systems have an agent installed and communicating correctly, but they all still show up as rogue with a status of 'No Agent'
Also, where are the logs for sensor version v 5.0.2 located? Can't find RSDSensor_out.log anywhere on a freshly installed sensor
RSD will not work with 5.0.2 agents. It is not able to detect them (Sees all of then as rogue) and will not run on 5.0.2, It is supposed to be fix in 5.0.3 due in Q1. You can see the problem by querying the agent on port 8081:
On 5.0.2 you get:
On anything else you get an XML File back:
Is this official from McAfee? Because I can't downgrade to v 5.0.1 (it contributes to an issue with access protection, which result in clients being unable to log in)
Starting to hate McAfee with a passion - not good for someone who's been using it for 15 years in a corporate environment and wouldn't have ever used another AV until now...
So, both of these KB's claim that RSD 5.0.2 sensors work with MA5.0.2
There are no know issues documented on the MA page.
However, if you have support feel free to contact them and reference 4-11113100481. The product manager has acknowledged it as a bug.
You cant downgrade due to the changes in the syscore versions.
Hope this helps.
Thanks. I'd already seen the support matrix, but wanted to confirm they are 'officially' supported. Nice of them to acknowledge that there's an issue privately, but not publicise it to their customers (exactly the same as the issue discussed here: http://community.spiceworks.com/topic/1130868-windows-7-access-is-denied-at-logon?page=2&source=home...
I suppose I should be thankful this issue just breaks a McAfee product - rather than breaking Windows, like the issue linkid to above.
Guessing also that 'Q1 2016' in McAfee speak, means April - like P1 of the 5.0 agent this year... Sigh.
Thanks for the info