4 Replies Latest reply on Jul 16, 2008 6:08 AM by w4rdyp

    Rogue System Detection sensors not working

      I've installed Rogue System Detection but the sensors don't appear to be working.

      I've successfully deployed the Sensor to two test servers but nothing is reporting back into the console (shows as no sensors on-line).

      When I look at the agent log on the server, it seems that everything installed OK, but I get an error:

      Failed to get path for Plugin <SNOWCAP_1000> error=-64

      Does anybody know what this is or why I get this error?

      Cheers

      Mike
        • 1. RE: Rogue System Detection sensors not working
          Right - looks like it was just a hang over from a previous release. Removed and reinstalled the new sensor and it's OK.

          One question though surrounding policies - how do I set them up correctly because I can't wuite work it out front the documentation?

          Do I create separate policies for each group of subnets I want to detect? And then do I place this policy on a server in that subnet?

          Basically - do I put the subnets I want to detect into the "Only listen on interfaces whose IP addresses are included in the following networks" box ?

          Hope that makes sense!

          Mike
          • 2. RE: Rogue System Detection sensors not working
            I'm relatively new to RSD, but I think the simplest way to deploy is on your DHCP server(s). Then your sensor will start reporting as it receives DHCP requests from each subnet.
            • 3. RE: Rogue System Detection sensors not working
              Thanks for the reply Jeff.

              That's OK if you use DHCP. We have 152 subnets and only a handful of them are using DHCP.

              I've managed to find a list of subnets and I'm deploying the sensor to two machines in each subnet.

              It appears to be working as they are all now appearing in the RSD console.

              On a few machines that I've deployed the sensor to, I've also had to upgrade the McAfee Agent to 4.0 (from 3.6).
              • 4. RE: Rogue System Detection sensors not working
                Little note of caution when using RSD 2.0. We found that if you've got a server that's teaming NICs and your using old broadcom NIC drivers you can have problems.

                RSD 2.0 installs caused blue screens on our servers, sending them into a continual reboot cycle. We upgraded our NIC drivers to the latest and it all worked fine.

                Been on to McAfee and they say they're putting together a KS article on it.

                Cheers

                Ward