cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 11
Report Inappropriate Content
Message 1 of 5

Rogue systems / Exceptions

So why is it that when I put a system in exceptions it always ends up back in rogue systems? I have all our cisco switches to a category in Exceptions and for some reason they have come back? What is the point of having exceptions if they always come back to a rogue state? What needs to be done for it to stay in the exception list even though it is still there?

4 Replies
Highlighted
Level 9
Report Inappropriate Content
Message 2 of 5

Re: Rogue systems / Exceptions

I have the same issue with blocking exceptions with OUIs. We have a bunch of shoretel phones I don't want showing up, so I added the OUI to the exception list under system configuration but they are still being added. I can run a query to show only the number of Windows computers that are rogues, but I'd like to be able to see this through the Detected Systems page.

We're running EPO server 4.6 and VSE 8.8. Both are fully updated.

Message was edited by: noah on 4/4/11 12:45:56 PM CDT
Highlighted

Re: Rogue systems / Exceptions

Well, i think they will always be rogue, but with the exception state turned on.  Are you seeing them rogue in a report or in the rsd console?  Perhaps you have a task that is removing the exception state on them?  I automate exceptions all the time, around 50 being run and I do nto have this problem.

Highlighted
Level 11
Report Inappropriate Content
Message 4 of 5

Re: Rogue systems / Exceptions

I personally don'thave any task that deal with exceptions. All are done by hand. I go to detected systems and they show up there.

Highlighted

Re: Rogue systems / Exceptions

I believe it may have something to do with the criteria for matching detected systems.

See Menu/Configuration/Server Settings/Detected System Matching/Matching Detected Systems.

No clear documentation on what these do.

Each sensor reporting the system provides the detected details to EPO, it has to identify them as a match to identify as the "same" system.

Seems to get it wrong in different ways, depending on your settings there.

Can anyone clarify those settings and what they do?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community