1 2 Previous Next 12 Replies Latest reply on Nov 1, 2011 7:44 AM by DC-SG

    RSD issue in EPO 4.5

      After an upgrade from epo 4.0p5 to epo4.5p3, rogue system detection has not been functioning properly.  I have since applied p4 to epo4.5 but no difference. EPO server is running windows 2003 sp2 only ipv4 installed.

       

      In EPO4.5 under detected systems i have

      • 2 sensors active (windows 2003 SP2, ipv4 only, RSD 4.5.0.1082 installed, Agent 4.5p2 VSE8.7p4)
      • Even though i have 2 sensors, i have 3 subnets covered for some odd reason.
      • 2 of the subnets are the local subnets of the sensors and the 3rd is what looks like a ipv6 subnet 0000:0000:0000:0000:0000:0000:0000:0000
      • The rogue's picked up by the sensors appear under the 0000:0000:0000:0000:0000:0000:0000:0000 subnet

       

      I am unsure where this 0000:0000:0000:0000:0000:0000:0000:0000 subnet has appeared from or why all the rogues appear under this subnet and not the local subnet the sensor is actually in.

       

      Has anyone come across this issue before or have any suggestions.

       

      Thanks

        • 1. Re: RSD issue in EPO 4.5
          robby07

          Since you only have two sensors, I recommend you uninstall them and deploy new ones.  Also, double check the RSD policy.  Make sure it wasn't affected by the update.

          • 2. Re: RSD issue in EPO 4.5

            HI

             

            Forgot to mention that i had alrqaddy done that, i did have about 20 sensors and ended up uninstalling all of them.  I then resinstalled  on these 2 sensors via EPO and with no luck.  RSD policy also looks fine, although i have 2 policies,

            1. "McAfee Default" read only applied to "global root" and
            2. "my default" applied to "my organization"
            • 3. Re: RSD issue in EPO 4.5
              robby07

              The "my Default" policy is the one getting applied to all your sensors so make sure the configuration looks ok for your company.

               

              I remember seeing some IPv6 traffic the first time.  I deleted them and they haven't popped back ever since.  Why the "garbage" data beats me.   So if you are sure your company is not using IPV6, delete them too.  If there is something in the network using it, they will be redetected.

              • 4. Re: RSD issue in EPO 4.5

                After speaking to Mcafee Support, they advised that this issue can be corrected by deleting the subnet from the db - dbo.RSDSubnetProperties, the cause (currently) remains unknown.

                 

                After deleting the 0000.0000.0000.0000.0000.0000.0000.0000  subnet my RSD is now functioning correctly.

                 

                 

                 

                • 5. Re: RSD issue in EPO 4.5

                  Can you please post the command that you used to delete the subnet from the databaese

                  • 6. Re: RSD issue in EPO 4.5

                    I Have same problem afte upgrade ePO Patch 3 and 4.

                    This solution to delete ipv6 subnet from ePO Database can resolve this issue?

                    If yes post the command to perform this.

                    • 7. Re: RSD issue in EPO 4.5

                      Hi, Yes deleting the subnet entry from the database did help resolve my issue.

                       

                      Database entry is deleted from  whatever database you are using, i was using sql2005 full, however i am no databse admin, so i ended up getting our sql admin to delete the subnet entry.  If he is around i will ask him for the command, however if you are unsure on how to remove entries from a database i would suggest talking to your database admin, probably safer.

                      • 8. Re: RSD issue in EPO 4.5
                        DC-SG

                        Hello ALL,

                         

                        I have a similar situation regarding RSD in ePO 4.5.  My RSD had worked very fine until one day, it just spinned and finally reported 0 Covered, 0 Contain Rogues, 0 Uncovered. All are not true because I have 114 covered subnets and many subnets with Rogues. 

                         

                        I opened a ticket with McAfee and McAfee asked me to produce an Output of   RSDSubnetProperties table.  I found dbo.RSDSubnetProperties table. But, I do not know what an output of RSDSubnetProperties table looks like.


                        I appreciate every help you could provide.

                         

                        Best Regards,

                        DC-SG.

                        • 9. Re: RSD issue in EPO 4.5

                          Hi Guys,

                           

                          I have the same issue, deleting the entry in the SQL DB does not resolve. i.e. the problem comes back almost immediately.

                           

                          Could some setting in the RSD sensor settings/policy maybe contribute?

                           

                          Regards

                          J

                          1 2 Previous Next