4 Replies Latest reply on Apr 8, 2011 3:15 PM by andublin

    Rogue systems / Exceptions

    scoutt

      So why is it that when I put a system in exceptions it always ends up back in rogue systems? I have all our cisco switches to a category in Exceptions and for some reason they have come back? What is the point of having exceptions if they always come back to a rogue state? What needs to be done for it to stay in the exception list even though it is still there?

        • 1. Re: Rogue systems / Exceptions

          I have the same issue with blocking exceptions with OUIs. We have a bunch of shoretel phones I don't want showing up, so I added the OUI to the exception list under system configuration but they are still being added. I can run a query to show only the number of Windows computers that are rogues, but I'd like to be able to see this through the Detected Systems page.

           

          We're running EPO server 4.6 and VSE 8.8. Both are fully updated.

           

          Message was edited by: noah on 4/4/11 12:45:56 PM CDT
          • 2. Re: Rogue systems / Exceptions
            Dvanmeter

            Well, i think they will always be rogue, but with the exception state turned on.  Are you seeing them rogue in a report or in the rsd console?  Perhaps you have a task that is removing the exception state on them?  I automate exceptions all the time, around 50 being run and I do nto have this problem.

            • 3. Re: Rogue systems / Exceptions
              scoutt

              I personally don'thave any task that deal with exceptions. All are done by hand. I go to detected systems and they show up there.

              • 4. Re: Rogue systems / Exceptions

                I believe it may have something to do with the criteria for matching detected systems.

                See Menu/Configuration/Server Settings/Detected System Matching/Matching Detected Systems.

                No clear documentation on what these do.

                 

                Each sensor reporting the system provides the detected details to EPO, it has to identify them as a match to identify as the "same" system.

                Seems to get it wrong in different ways, depending on your settings there.

                 

                Can anyone clarify those settings and what they do?