1 2 Previous Next 19 Replies Latest reply on Jul 9, 2010 6:32 AM by geek

    Rogue System basics?

      After reading the docs, installing the RSD module on the ePO server, installing a Sensor on one test client....and then reading everything I could find on this forum on RSD, I'm no further along in figuring out what's happening than I was before!

      So, I'm looking for some practical "here's how you do this" info.

      Here's what I have:
      Covered Subnets: 0%
      Covered: 0
      Contain Rogues: 0
      Uncovered: 72

      Compliant Systems: 100%
      Managed: 1,151
      Rogue: 0
      Exceptions: 0
      Inactive: 0

      No Sensors Available
      Active: 0
      Passive: 0
      Missing: 0

      So:
      How do I "turn on" the Sensor I've installed?
      How do I make it Active or Passive?
      How do I cover the subnets in our domain? I know with only one test Sensor, only it's subnet is going to be covered...correct?

      This info should get me started.
        • 1. RE: Rogue System basics?
          challiwag
          How do I "turn on" the Sensor I've installed?
          The sensor will turn on automatically once it is installed

          How do I make it Active or Passive?
          They switch between active and passive automatically, if you have more than one RSD sensor installed they take it in turns to work/rest

          How do I cover the subnets in our domain? I know with only one test Sensor, only it's subnet is going to be covered...correct?
          You can either install a couple of sensors per subnet or you could put sensors on your DHCP servers instead, as the majority of your IP based clients will be coming here.
          • 2. RE: Rogue System basics?
            Challiwag,

            I thought the Sensor would turn on automatically...but the Rogue System Sensor Status screen still shows "No Sensors Available". I've rebooted the client with the Sensor on it, but that didn't make a difference.

            I also thought the single subnet that the Sensor belongs to would show up in the Subnet Status screen...but it doesn't.

            Obviously, something is wrong, but I don't have a clue what it would be. I didn't get any error messages when I installed the RSD module. All the other ePO functions are working correctly.

            Suggestions, anyone?
            • 3. RE: Rogue System basics?
              A troubleshooting question:
              Since all my problems may be caused by the Sensor not working, I'd like to check to see that the Sensor process is running on my test client....what is the process name?
              • 4. RE: Rogue System basics?
                jmaxwell
                Are you allowing the RSS communications through any firewalls ?
                • 5. RE: Rogue System basics?
                  rwhitehill
                  Just a thought...

                  This probably isn't the solution, but after mine wasn't working (can't remember the symptoms) I found out the policy was disabled.

                  Go to Policy catalog, Rogue System Detection 2.0.0 and select the policy you are using. Then edit and see if it is set to enabled or disabled.
                  • 6. RE: Rogue System basics?
                    jmaxwell,
                    If "RSS" means "rogue system sensor", then nope, not going thru any firewalls.

                    rwhitehill,
                    Yes, I have the policy enabled.

                    But late yesterday, I thought the problem was with the Sensor installation (I had installed using a Client Task), so I checked the tags and the System Details for the client I had installed the Sensor on, and nothing shows that this client is a Sensor....so the install had not worked.

                    I then tried the install using the "More Actions" button for that client, and got this:
                    "Rogue Sensor Install deployment task create failed (Unable to add Rogue Sensor install deployment task to node "My Organization\ADM\Computers\WSUS computers\RIC" because "My Organization\ADM\Computers\WSUS computers\RIC" already contains an Rogue Sensor install deployment task) 7:05 "
                    So, I moved that client to another group, tried again, and got the same error message.

                    I then did an "uninstall the Sensor" from the "More Actions" button. That seemed to work, but none of this shows up in the server logs, so I'm not sure.

                    I'm going to try installing a sensor to a different client later today.
                    • 7. RE: Rogue System basics?
                      jmaxwell

                       

                      jmaxwell,
                      If "RSS" means "rogue system sensor", then nope, not going thru any firewalls.



                      It did indeed mean that happy - so no windows firewall settings enabled on clients then ? - I didn't just mean FirewallAppliances happy
                      • 8. RE: Rogue System basics?
                        Both, no firewall appliances and no firewall settings on the clients.

                        But here's a question about the setup:
                        I'm still trying to see if the Sensor installation is working...is there a way to confirm that from the Sensor machine itself? A process running...an indicator on the Task Bar...anything?

                        I see NO confirmation on the ePO server; it still says "No Sensors Available", "Covered Subnets 0%", and no Tags or RSD properties on the clients I've "installed" the Sensor on.
                        • 9. RE: Rogue System basics?
                          jmaxwell
                          Should see process "rssensor.exe" and a service "mcafee rogue system sensor"
                          1 2 Previous Next