Since McAfee Support suggested this might be caused AOS, I decided to install Patch 3 today...but without any results. Still the RSSensor.exe causes the lsass.exe to use 100% CPU.
Update: Case is transfered to Tier 3.
I'm seeing identical behavior, and just finished applying the April Microsoft patches. Same McAfee versions as poster, but running in VMware VM.
Any resolution from McAfee yet?
I'm sorry to inform you (and all others) that we do not have a solution. After more then twelve hours of trouble shooting (Tier 1 - 4 hours, Tier 2 - 5 hours and Tier 3 -3 hours and several hours finding out ourselfs what caused it) we decided that the costs were becoming to high and a solution was far away, because they didn't have a clue what was causing it (after first saying it was impossible that RSsensor.exe could cause this kind of behaviour). We also had the same problem on VMware two weeks ago and uninstalled the rogue sensor. Untill a fix or update for the Rogue Sensor is posted, we will not even try again. If you feel like putting in a lot of hours, be my guest. You can refer to call: 3-832609673. If McAfee wants to contact me, that's fine. If you find a solution please post it here. Good luck!
I have same issue.
Can you check up records in your System Eventlog? I have there multiple periodical event 36886 (10 times per second) "No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this".
RSSensor.exe connects to ldaps port (10 times per second) to localhost (that causes generation of this event and lsass.exe CPU load).
RDS is installed on domain controller (W2K8 R2+) on VMWare ESXi 4.1 host.
When I stop RDS service the generation of events also stops.
Do you have a similar behaviour?
How about uninstalling the sensor from your DC, that would be my first step. Install somewhere else and troubleshoot from there.
On other DCs we don't have any problems.