Through informal conversations with our support vendor, I've been told this is a known issue within Mcafee, where the ePO server doesn't acknowledge it's OWN agents, nor exceptions, so anything that is detected as ALIEN AGENT, or INACTIVE agent is basically a false positive, and any automated tasks that are set to automatically install the agent on new discoveries will basically spend it's time re-installing the agent on existing (and known) boxes.
What I was told was that an updated AGENT as well as a patch to ePO 4.5 would be needed (both together), to fix this behavior, and both are expected in January 2011.
I'm not so sure that what you suspect applies in this situation.
This KVM has been classified as an exception for at least 2.5 years with out an issue until last week.
It is one of a three hundered exceptions (IP-KVMs, switches, routers, printers etc) and the only device that keeps showing up like this. We have around 800 managed agents in the network and none of them are exhibiting this behavior either.
I have opened up a support incident on this issue a few days ago. I'm already several emails deep & have provided screen shots, the support rep is still not able to grasp the nature of the issue or understand what an IP KVM is....</facepalm>
The KVM is still being detected several times a day as a rogue. I current have 9 separate detections for the same device in my rogue detection display.10.10.199.12810.10.199.1281/4/11 10:58:49 AM10.10.199.12810.10.199.1281/4/11 11:23:22 AM10.10.199.12810.10.199.1281/4/11 1:23:23 PM10.10.199.12810.10.199.1281/4/11 3:23:24 PM10.10.199.12810.10.199.1281/5/11 6:46:55 AM10.10.199.12810.10.199.1281/5/11 7:23:35 AM10.10.199.12810.10.199.1281/5/11 9:23:25 AM10.10.199.12810.10.199.1281/5/11 10:58:48 AM10.10.199.12810.10.199.1281/5/11 11:23:23 AM
So after numerous calls and finally getting past tier 1 support, the only resolution was to add the "static IP address" criteria as a matching attribute so it would exclude this as a rogue based on IP addres. Not really a solution, per say, but it does prevent this device from being detected constantly.