1 of 1 people found this helpful
This sounds like a tricky situation
Firstly, we can ignore the system matching settings - these are only applicable to Rogue System Detection, which is not in use.
What's happening here is all down to how ePO treats the first connection from the client machine - if both the agent GUID and the MAC address have changed since the last communication, then unfortunately you're going to get a new entry. (These are the only two checks that ePO does when an agent communicates.) From what you describe, this is what's happening - the machine is being reinstalled, which means the agent is reinstalled and so is getting a new GUID, and the connection is made via a different network adapter so the MAC address is different as well.
However there is a new feature in MA 4.8 and ePO 5 which might help: it's not designed for exactly this situation but in theory it should work. If you install MA 4.8 in VDI mode, this should hopefully be able to survive the reinstall/change of mac address, and reconnect with the existing entry in ePO. I haven't tried this as yet - if I get a chance I will test it. If anyone else has tried this I'd be interested to hear your results.
This was unclear to me. I thought that the "Matching Detected Systems" where applicable on detected rogue systems and "Matching Managed Systems" applicable to other managed or new systems (added by Agent install).
Maybe some extra information in the McAfee epo_product_guide would be helpfull.
It is than still not clear what's the difference than between:
Detecting System Matching -> Matching Detected Systems
Detecting System Matching -> Matching Managed Systems
Apologies for the confusion - I agree this could be better documented.
The difference here is this: a detected system is one that has been previously detected by a sensor, and a managed system is one that is already in the ePO database. So for example imagine a machine with two network cards that is not controlled by ePO: the first card would be detected, and when the second card was detected the Matching Detected Systems settings allow RSD to determine that this is the same machine.
Matching Managed Systems on the other hand allows RSD to determine if a detected system is already in the ePO database. Most people have the settings for the two sections the same, but you don't have to.