3 Replies Latest reply on Jan 6, 2010 6:56 AM by Jpatje

    No action taken on Rogue Systems

      We have ePO 4.0 with patch 5. Every day, we see rogue systems, and some of them have no agent installed on them.
      However, we set an automatic response on rogue systems, to deploy an agent to that system. Only, no action is taken. The system remains unmanaged and without antivirus.

      A manual deploy of the agent works fine. But why no action is taken, puzzles me.
      In the filter part of the automatic response rule, I copied the IP range of the DHCP.
      I checked that the 'problem system' falls within that range.

      Can anyone help in solving this mystery? Many thanks.
        • 1. RE: No action taken on Rogue Systems
          In the logging I see action IS taken... time to investigate why some systems remain agent-less...!
          • 2. RE: No action taken on Rogue Systems
            This must be in (major) bug in EPO... when I look at the detected system details it shows:

            Source: Rogue System Sensor (Broadcast)
            Exception: No
            Rogue Action: Agent Deployment in Progress
            Rogue State: No Agent

            When reading this, everything looks fine. But nothing happens on that system. No agent is deployed. I've looked through the EPO logs but couldn't find anything.
            Also the event log on the system shows nothing.

            When I manually deploy an agent, using the same credentials, it is almost immediately deployed.
            Time for patch 6?
            • 3. Re: RE: No action taken on Rogue Systems

              Trying to bump this post to the top of the list

              We still have an issue with PC's that have been re-installed (using the same name).

              EPO still sees there is an agent on the system, although the agent cannot be contacted. In fact, since the system was reinstalled there is no agent and no VSE present.

               

              The system does come up as rogue, but no action is taken.

              The detected system properties are as follows.

               

              Rogue Action:
              Rogue State:Inactive Agent
              Last Agent Communication:12/9/09 4:26:01 PM
              Agent Version:4.0.0.1494


              Nothing seems to happen and the only thing I can do is push the agent manually (which works perfectly).

              There must be a way to automate this... any ideas?