cancel
Showing results for 
Search instead for 
Did you mean: 
boschind
Level 9

ePO 5.3.2 - RSD 5.x - oui sensor scanning list ignored

Jump to solution

hello , i'm trying to instruct RSD sensors to not probe a list of OUIs

00000C,000048,00005E,000074,000085,000145,00016C,000187,0001E6,0001F0,000345,000349,00034A,000364,000400,00051E,000533,00074D,000830,000896,

00089B,0008A2,0008E3,0008EF,00090F,000A83,000A8A,000AB0,000AB8,000AF6,000BAB,000BBE,000C85,000D29,000D5A,000DBC,000DED,000E4B,000E7F,000F24,

000F90,000FB6,001018,001023,0010BE,0010F3,00113B,00115C,00115F,001185,001193,00127F,001280,0012AA,0012D9,0012DA,001319,001321,001348,00137F,0013C3,00

13FA,00146A,001570,001599,001708,001723,001759,00175A,001794,001795,001818,001873,001885,0018AE,0018B9,0018BA,0018FE,001906,00192F,001955,001956,

001970,0019AA,001A2F,001AD4,001B2A,001B82,001C0E,001C57,001C58,001DA2,001E13,001E37,001EBE,001EC0,001ECC,001F9E,00204A,00206B,0020BE,0020C2,

002156,00215A,0021A0,0021A1,0021D8,00220D,0022F3,002324,002333,002368,002413,002414,002477,002498,0024C4,002536,002546,0025B3,00260B,002652,

002655,002673,002698,002699,0026CA,0026CB,0027F8,00351A,00402C,00409D,0040AF,0040C1,0041D2,004268,005017,005027,005060,0050B6,0050C2,00562B,

0057D2,005F86,006003,006016,0060E9,0060EF,0062EC,006CBC,007686,008067,008087,008091,00809F,0080E5,008731,008CFA,008E73,00901E,0090C2,0090E8,

00A034,00A058,00A0B8,00A0F8,00A2EE,00AF1F,00C0EE,00CDFE,00D02D,00D089,00D0D9,00E04B,00E08A,00E0D8,00E16D,00EBD5,00FEC8,042AE2,044BED,

046C9D,04FE7F,08000E,0821EF,085B0E,0894EF,08D09F,08ECA9,08EE8B,08FD0E,0C5101,0CD746,1005CA,149A10,14B484,182666,18A6F7,18E3BC,18E728,18EF63,

1C1AC0,1C6A7A,1CE85D,204C9E,206274,242642,24B657,24DBED,285261,286336,288023,28A02B,2C3033,2C3F38,2C86D2,2CAE2B,300ED5,30E171,30F70D,34145F,

381C1A,382056,38256B,38CADA,38F23E,3CCE73,406C8F,4083DE,408805,40B395,442A60,44D3CA,481214,48137E,483C0C,484BAA,485073,48D705,4C11BF,4C4E35,

4C6641,50C8E5,549F13,54A274,5835D9,586D8F,587F57,5897BD,58F39C,5C0E8B,5CA86A,5CB901,60735C,649EF3,64A0E7,64BC0C,64E950,680571,684898,68B599,

68BC0C,6C9CED,6CFA89,705A0F,70700D,708105,70CA9B,741BB2,7467F7,74A2E6,784F43,78ACC0,78D75F,78DA6E,78F882,7C1EB3,804E81,80717A,80EA96,80EE73,

84248D,84B153,84B261,888322,88908D,88ADD2,88F031,8C1ABF,8C8EF2,901B0E,90A2DA,94E96A,98DED0,98E7F4,9C4E20,9CAFCA,9CE6E7,A08CFD,A0D795,A408EA,

A4BA76,A89FBA,A8B1D4,A8C83A,ACA016,B0C559,B0E892,B47443,B499BA,B4C799,B4E1C4,B857D8,B8621F,B8BEBF,BC5436,BC671C,BCC493,BCD1D3,BCF1F2,C01173,

C0626B,C067AF,C4143C,C4B301,C80084,C8D3FF,CC167E,CC46D6,CCC3EA,CCD8C1,D0A637,D0C282,D0D0FD,D40B1A,D81D72,D85B2A,D8CB8A,DC4A3E,DCD916,

E0F847,E4C722,EC107B,EC1F72,EC8EB5,EC9BF3,ECB1D7,ECE1A9,F025B7,F05B7B,F40F1B,F41FC2,F431C3,F84ABF,F84F57,FC0A81,FC15B4,FC3FDB,FCE998,

FCF528

in fact the sensors seems to ignore the list and still probe devices on subnets belonging to those OUIs

any suggestion ?

thanks

regards

0 Kudos
1 Solution

Accepted Solutions
boschind
Level 9

Re: ePO 5.3.2 - RSD 5.x - oui sensor scanning list ignored

Jump to solution

hello

by chance i think i fixed the problem by myself.

i was reviewing RSD policy again, and checking the prod guide.


as shown below , in the communication tab i changed from 5 to 10min the fist two fileds

then i selected "use local sensor election" and "All sensor active" as somehow suggested in the guide.

even if these changes seems not having anything in relation with the OUIs exclusion, the fact is that now the exclusion is working....

not sure if you have an explanation for this, but anyway...


thanks

regards

0 Kudos
3 Replies
boschind
Level 9

Re: ePO 5.3.2 - RSD 5.x - oui sensor scanning list ignored

Jump to solution

hello is anyone successfully implementing RSD ?

we have epo 5.3.2 agents 5.0.5 and rsd sensors 5.0.5 - but as outlined above we are in trouble in excluding a long list of OUIs that we identified as non-PC devices (printers , routers , bar code readers and other IoT devices)

thanks in advance for cooperation

0 Kudos
boschind
Level 9

Re: ePO 5.3.2 - RSD 5.x - oui sensor scanning list ignored

Jump to solution

hello - i opened a case to mcafee support on 16 jun.

they requested as usual the MER reports from one system that is acting as RSD sensor - but unfortunately they say they are not able to understand where is the problem and are requesting more....

"I checked the MER and I can only see one single line in balash.log (that's the RSD log):

18-Jun-17 04:13:42.180 (2608 : 3 : Pcap Subsystem[#1]) Sniffer.Sink.PacketSink: [Error] No thread available

Not enough information to continue troubleshooting i'm afraid..

Can you please do the following to collect more information:

1. Enable Log Level 8 on the ePO server:

McAfee Corporate KB - How to enable Log Level 8 for ePolicy ...
https://kc.mcafee.com/corporate/index?page=content&id=KB56207

2. For RSD, enable Log All messages in the policy:
Log File Settings policy configuration under the General tab > select Log all messages

3. Remove from system tree the devices that should not have been detected (any of the excluded) and wait until the issue reproduces

4. Collect MER from ePO and MER from the RSD sensor system.

5. Send us a few example names of devices that were wrongly added

We will continue the investigation once we have the complete data and get back to you with an update.
"

has anyone else in the community has this RSD setting working as designed ?

thanks in advance for cooperation

0 Kudos
boschind
Level 9

Re: ePO 5.3.2 - RSD 5.x - oui sensor scanning list ignored

Jump to solution

hello

by chance i think i fixed the problem by myself.

i was reviewing RSD policy again, and checking the prod guide.


as shown below , in the communication tab i changed from 5 to 10min the fist two fileds

then i selected "use local sensor election" and "All sensor active" as somehow suggested in the guide.

even if these changes seems not having anything in relation with the OUIs exclusion, the fact is that now the exclusion is working....

not sure if you have an explanation for this, but anyway...


thanks

regards

0 Kudos