4 Replies Latest reply on Jul 2, 2010 6:23 AM by Attila Polinger

    Rogue Systems vs. Systems without Agents in the System Tree

    epository

      We are trying to distinguish between certain items on our domain.

       

      First is systems that are we will not deploy agents to because they are special, these are moved into their own group under the ePo System Tree.  We then apply a special tag to all of these.

       

      Second is the legitimate Rogue Systems that should have an agent, but do not and the printers switches routers.....etc.

       

      Question is, once we move these systems into the tree, will they still be listed as Rogues under the Network Tab?

       

      Queries based on Detected Systems do not seem to allow us to filter on Tags or on Assignment Path values, queries based on Managed Systems will.

       

      We are seeing most of these disappearing from the Rogue designation once they are moved into the ePo System Tree, but not all.

       

      Then there are the systems that show up twice under Rogue under the Network Tab with the same IP, name, MAC.....etc, but just 2 entries for the same system.

       

      Any ideas?

        • 1. Re: Rogue Systems vs. Systems without Agents in the System Tree

          Was your issue ever resolved on this post? Please let me know which product this pertains to and I will move the thread accordingly.

          • 2. Re: Rogue Systems vs. Systems without Agents in the System Tree
            epository

            Not resolved.

             

            This is part of ePo and how it reports items.

             

            Basically, you can tag items, but cannot filter on those tags when doing a Detected Systems query.

            • 3. Re: Rogue Systems vs. Systems without Agents in the System Tree
              scoutt

              epository wrote:

               

              Question is, once we move these systems into the tree, will they still be listed as Rogues under the Network Tab? 

               

               

               

              I would also like to know the answer to this. sometimes moving doesn't work. Can they also be in Exceptions and system tree?

              • 4. Re: Rogue Systems vs. Systems without Agents in the System Tree
                Attila Polinger

                Hi,

                 

                epository wrote:

                 

                We are trying to distinguish between certain items on our domain.

                 

                First is systems that are we will not deploy agents to because they are special, these are moved into their own group under the ePo System Tree.  We then apply a special tag to all of these.

                 

                 

                is it necessary to keep hosts in System Tree even when you do not want them to have McAfee Agent? If they can be grouped together by say IP address, DNS or Computer Name, then you could write a RSD response to make them exceptions and delete from Detected System. (You can move them to the Tree also, though, if it is necessary)

                 

                Question is, once we move these systems into the tree, will they still be listed as Rogues under the Network Tab?

                 


                I'm not sure that "moving" means "copy to tree+delete from source" but with the response you could also delete the system explicitly after you moved into the Tree.

                 

                Then there are the systems that show up twice under Rogue under the Network Tab with the same IP, name, MAC.....etc, but just 2 entries for the same system.

                 

                Any ideas?

                If you here refer to two systems one of which is managed and the other is not, then please look into this thread: http://community.mcafee.com/message/137704#137704 where a similar problem was referred to, together with workaround and cause.

                 

                Attila