I would say the simplest approach to reduce rogues were to set up an automatic response on rogue detection with action of "install Agent". This requires an account and password to be entered in the response which has local administrator rights on the rogue clients.
An automated response allows filtering of detected hosts (i.e. what to ignore as rogues). I also recommend you frequently edit this AR and use filtering of non-EPO manageable hosts, like printers, routers, etc. You could obtain the IP ranges of such equipment if any, in your company and put them on the filter at the AR creation time (i.e. not on subsequent edits).
also, a second action of the AR could be the exclusion of such invalid detected IP ranges so next time they are not detected.
Thanks for quick response, but due to network traffic utilisation I can implement auto installation of agent .and also monitoring AR frequently ..Is there any other option or way to reduce it .
tanks in advance
Yes, you could for example run reports on rogue detections and if you see non-Windows rogues detected please filter them in the AR (whichevery action the AR otherwise takes). Also you can delete these detections and exclude them (also within AR action)
You could furthermore implement agent login script installation, the login script having a check for agent existence first (based on existence of necessary files and folders, for example).
yah , I am exactly looking for this script or batch file .if you have can you please share with me some prototype bacth or script file.
sorry for trouble .
Sorry I do not have such nor can I make the same just in 5 minutes. But that method would just the same load the network when clients log in in spikes creating a mass agent download and installation from company deplyoment points.
Are you sure you do not want to create Automatic Response? You'd better off with that..
For example if you created RSD sensor on DHCP server, client do not request IP renewal at the same time thus RSD sensor wouldn't trigger as much. RSD sensor in subnet may be more like detecting rogues..and you could set a throttle on AR as well.