Rogue Sensor Blacklist; Rogue System Detection Policy Settings; Considerations For Policy Settings - McAfee EPOLICY ORCHESTRATOR 4.5 Product Manual

Detecting Rogue Systems

Rogue Sensor Blacklist

Rogue Sensor Blacklist
The Rogue Sensor Blacklist is the list of managed systems where you do not want sensors
installed. These can include systems that would be adversely affected if a sensor were installed
on them, or systems you have otherwise determined should not host sensors. For example,
mission critical servers where peak performance of core services is essential, such as database
servers or servers in the DMZ (demilitarized zone). Also, systems that might spend significant
time outside your network, such as laptops.
The Rogue Sensor Blacklist is different than the Exceptions list, in that systems on the Exceptions
list are those that either can't have an agent on them, or that you don't want categorized as
Rogue, such as printers or routers.

Rogue System Detection policy settings

Rogue System Detection policy settings allow you to configure and manage the instances of
the Rogue System Sensor installed throughout your network. Settings can be applied to individual
systems, groups of systems, and IP ranges.
You can configure policy settings for all sensors deployed by the server. This is similar to
managing policies for any deployed product, such as VirusScan Enterprise. The Rogue System
Detection policy pages are installed on the ePO server at installation.
Configure the sensor policy settings in the Rogue System Detection policy pages the same way
you would for any managed security product. Policy settings that you assign to higher levels
of the System Tree are inherited by lower-level groups or individual systems. For more
information about policies and how they work, see Managing your Network with Policies and
Client Tasks .
TIP: McAfee recommends that you configure policy settings before you deploy sensors to your
network. Doing so ensures that the sensors work according to your intended use. For example,
DHCP monitoring is disabled by default. As a result, if you deploy sensors to DHCP servers
without enabling DHCP monitoring during your initial configuration, those sensors report limited
information to the ePO server. If you deploy sensors before you configure your policies, you
can update them to change sensor functionality.

Considerations for policy settings

Policy settings configure the features and performance of the Rogue System Sensor. These
settings are separated into four groups:
• Communication settings
• Detection settings
• General settings
• Interface settings
Communication settings
Communication settings determine:
• Communication time for inactive sensors.
• Reporting time for active sensors.
• Sensor's detected system cache lifetime.
McAfee ePolicy Orchestrator 4.5 Product Guide 229