Thanks, thats how I have it set up currently. I have it installed on my DHCP servers however I am still seeing uncovered subnets while I know there is a sensor providing "coverage". So I am assuming that 4.5 is the same as 4.0 in that unless a sensor is physically on each subnet it will report as uncovered.
That's right, you'll need a Rogue Snsor under every subnet not covered by the DHC server
Okay maybe I am not explaining myself right..
DHCP Server is x.x.113.14 (Rogue Sensor Installed)
workstation is : x.x.98.45 (pulls IP from DHCP server, and no other Rogue Sensors on that subnet.)
They are On different Subnets, however the Rogue Sensor see's any rogues that send DHCP requests. So the subnet is considered "covered". x.x.98.0 still gets reported as an uncovered subnet. This is exactly what the KB refers to and says it is working properly. The KB is for ePO 4.0 I am just trying to find out if it applies to ePO 4.5 as well.
I would totally have no problem installing RSS on each subnet except in my environment all the workstations are laptops as people work from home quite a bit... so if I were to do that it would result in numerous rogues being reported as people come on and off the network.
Ups sorry, now I understand what you were talking about.
That's strange, I thought that after having installed a RSD on the DHCP server then all subnets covered by this DHCP (i.e. subnets where computers sends DHCP resquests to this server) should appear as covered.
In fact I cannot tell very much about this as I usually don't install RSD on DHCP servers even if McAfee recommends it (I had a problem with 3 DHCP-DC servers on the same customer with BSD so I didn't try it anymore) so perhaps someone else can tell if its a normal behaviour or not
McAfee hasn't updated the KB article, but I can tell you that RSD on EPO 4.5 is in the same boat. Using the RSD on DHCP option means that that sensor will listen to all the DHCP traffic and report it, but will ONLY report the actual physical network it is connected to as "Covered". To meet security requirements, we have had to backstop the RSD-DHCP sensors with additional RSD sensors within the individual physical subnets to get reported coverage.