Distributing Rogue System Sensors; Deploying Rogue System Sensors - McAfee EPOLICY ORCHESTRATOR 3.6 - WALKTHROUGH GUIDE Manual

®
ePolicy Orchestrator 3.6 Walkthrough Guide

Distributing Rogue System sensors

Deploying Rogue System sensors

The sensor reports only on detections occurring within its local broadcast segment. You
must install at least one sensor per broadcast segment in your network for coverage.
Depending on your network configuration, a broadcast segment may or may not be
the same as a subnet.
Note
If your organization is large, installing sensors manually on individual systems
throughout your network could require more of your time than you can afford. Although
you can install sensors manually on managed systems, consider using ePolicy
Orchestrator to deploy sensors to appropriate systems throughout your network.
Before distributing sensors, configure the settings on the
pages.
You deploy (send and install) Rogue System sensors from the
install sensors to managed systems (systems that are running an ePolicy Orchestrator
agent).
In the future, network access sensors will be deployed from the
Note
You can allow sensor host systems to be selected automatically based on specific
criteria, or you can manually select them. As part of the sensor deployment, a
System Sensor Install
client task is created for the host systems. This task allows you to
uninstall the sensor or upgrade it to a newer version.
If you allow Rogue system Detection to pick systems automatically on the subnet, you
can specify criteria for choosing systems. You can specify any or all of the criteria listed
here when configuring automatic sensor deployment:
Table 5-3 Automatic sensor deployment criteria
Criteria
Most Recent ePO Agent
Communication
Server OS
Hostname
Most Memory
Fastest CPU
Rogue System Sensor
Description
Most recent agent-server communications indicates a
system is more likely to be connected and up-to-date at any
given time.
Servers are more likely than workstations to remain on and
connected to the network at all times. Selecting this criterion
can help ensure continuous coverage.
ePolicy Orchestrator can select systems based on a text
string you use in the DNS name. For example, if you add an
"SRV" prefix to the names of your server systems, you could
deploy a sensor to a system with "SRV" in its DNS name.
Hostname Selected criteria
If you add to the
string that appears in your server DNS names in the
Hostname
text box.
Although the sensor is not a memory-intensive application,
you can ensure resource efficiency by choosing the criterion.
Although the sensor is not a processor-intensive application,
you can ensure resource efficiency by choosing the criterion.
57
Rogue System Detection
Distributing Rogue System sensors
policy
Subnet List
. You can only
Subnet List
.
Rogue
list, type the text
5