Rogue System Sensor Status - McAfee EPOLICY ORCHESTRATOR 4.0.2 Product Manual

Detecting Rogue Systems
Rogue System Detection states
are most likely systems that are shut down or disconnected from the network, for example, a
laptop or retired system. The default time period for marking systems as inactive is 45 days.
Managed
Managed systems have an active McAfee Agent that has communicated with the ePO server in
a specified time. The majority of detected systems on your network should be managed to
ensure security.
NOTE: Systems on your network that have an active agent installed are displayed in this list,
even before you deploy sensors to the subnets that contain these systems. When the agent
reports to the ePO database, the system is automatically listed in the Managed category.
Rogue
Rogue systems are systems that are not managed by your ePO server. There are three rogue
states:
• Alien agent — These systems have a McAfee Agent that is not in the local ePO database.
• Inactive agent — These systems have a McAfee Agent in the ePO database that has not
communicated in a specified time.
• Rogue — These systems don't have a McAfee Agent.
Systems in any of these three rogue states are categorized as Rogue systems.

Rogue System Sensor status

Rogue System Sensor status is the measure of how many sensors installed on your network
are actively reporting to the ePO server, and is displayed in terms of health. Health is determined
by the ratio of active sensors to missing sensors on your network. Sensor states are categorized
into these groups:
• Active
• Missing
• Passive
Active
Active sensors report information about their broadcast segment to the ePO server at regular
intervals, over a fixed time. Both the reporting period and the active period are user-configured.
A sensor becomes passive when the active period lapses, at which time the next passive sensor
to report in is made active.
Missing
Missing sensors have not communicated with the ePO server in a user-configured time. These
sensors could be on a system that has been turned off or removed from the network.
Passive
Passive sensors check in with the ePO server, but do not report information about detected
systems. They wait for instructions from the ePO server to replace other sensors that become
passive.
194 McAfee ePolicy Orchestrator 4.0.2 Product Guide