1 of 1 people found this helpful
Not sure how the numbers map, but they will probably align with this:
• Alien agent — These systems have a McAfee Agent that is not in the local ePO database, or any database associated with additional ePO servers you have registered with the local server.
• Inactive agent — These systems have a McAfee Agent in the ePO database that has not communicated in a specified time.
• Rogue — These systems don’t have a McAfee Agent.
Systems in any of these three rogue states are categorized as Rogue systems.
Thanks for the information. I have never seen an alert for an Alien Agent. I only see Inactive Agent and Rogue. I am just trying to understand these alerts because we have some anomalies in our RSD. This passed weekend is a good example of that. We have a couple people that image computers and ships them out to our remote locations and so on. Well 1 of our image guys tunrs on a PC and attaches it to the network Friday afternoon but does NOT get around to image it before he leaves for the weekend. So its online and idol from Friday afternoon until today. We received a Rogue alert about that PC Saturday at 10:57 a.m. stating it was a Rogue. Its Rogue State is -1. No one works on Saturday so this PC has just been sitting there all weekend long. So I am just trying ot figure out what caused this alert, why did it wait until an oddball time Saturday to notify us, and is there something wrong with our RSD. I am getting a lot of pressure from management to figure this out so any input would be appreciated. I figured maybe the "Rogue State" field in the alert would shed some light on this since I dont know what it means.
Please remember it's not the rogue machine sending the message to ePO, it's the rogue sensor on the same subnet as the rogue which detects network traffic from the rogue machine and then acts appropriately - normally by triggering an ePO notification and perhaps a response.
So, much depends on the sensor scanner configuration when it comes to the frequency of detection.
Had the same question regarding the Rogue State numbers. I believe the mapping goes like this:
0 - No Agent
1 - Alien Agent
2 - Inactive Agent
I find odd that in the documentation McAfee only references the labels when the Automatic Response setup requires the number for the filtering, as well the number shows up in any alert you setup too.
Hope this helps.