Table of Contents
Advertisement
21
Detecting Rogue Systems
What are rogue systems
Active
Active sensors report information about their broadcast segment to the McAfee ePO server at regular
intervals, over a fixed time. Both the reporting period and the active period are user-configured. A
sensor becomes passive when the active period lapses, at which time the next passive sensor to
report in is made active.
Missing
Missing sensors have not communicated with the McAfee ePO server in a user-configured time. These
sensors could be on a system that has been turned off or removed from the network.
Passive
Passive sensors check in with the McAfee ePO server, but do not report information about detected
systems. They wait for instructions from the McAfee ePO server to replace other sensors that become
passive.
Subnet status
Subnet status is the measure of how many detected subnets on your network are covered. Coverage
is determined by the ratio of covered subnets to uncovered subnets on your network. Subnet states
are categorized into these groups:
•
Contains Rogues
•
Covered
•
Uncovered
Subnets must be known by the McAfee ePO server or be seen by a
sensor to fall into one of these categories. Once a subnet has been
detected, you can mark it Ignored to prevent receiving further reporting
about its status.
Contains Rogues
Subnets that contain rogue systems are listed in the Contains Rogues category to make it easier to
take action on them.
Covered
Covered subnets have sensors installed on them that are actively reporting information about detected
systems to the McAfee ePO server. The Covered subnets category also includes the systems listed in
the Contains Rogues category. For example, the Covered subnets category contains subnets A, B, and
C. Subnet B contains rogues, while A and C do not. All three are listed in the Covered category; only
subnet B is listed in the Contains Rogues category.
Uncovered
Uncovered subnets don't have any active sensors on them. Subnets that are uncovered are not
reporting information about detected systems to the McAfee ePO server. However, there might be
managed systems on this subnet that are being reported on through other means, such as
agent-server communication.
Top 25 Subnets
The Top 25 Subnets list provides the subnet list, by name or IP, for the 25 subnets that contain the
most rogue system interfaces on your network. When a top 25 subnet is selected, the rogue system
interfaces it contains are displayed in the adjacent Rogue System Interfaces by Subnet table.
®
268
McAfee
ePolicy Orchestrator
®
4.6.0 Software Product Guide
Advertisement
Chapters
Table of Contents
Related Manuals for McAfee EPOCDE-AA-BA - ePolicy Orchestrator - PC
Related Products for McAfee EPOCDE-AA-BA - ePolicy Orchestrator - PC
- MCAFEE AGENT 4.0 PATCH 2 - FOR WINDOWS S 10-03-2009
- MCAFEE ANTI-THEFT FILE PROTECTION
- McAfee AVDCDE-AA-AA - Active Virus Defense Suite
- McAfee AVDCDE-BA-CA - Active Virus Defense Suite
- McAfee AVM85M - VirusScan For Mac
- McAfee Data Loss Prevention 9.2.1
- McAfee DFFCDE-AA-DA - Endpoint Encryption For Files
- MCAFEE DR SOLOMON S ANTI-VIRUS 8.5