Table of Contents
Advertisement
Rogue Sensor Blacklist
The Rogue Sensor Blacklist is the list of managed systems where you do not want sensors installed.
These can include systems that would be adversely affected if a sensor were installed on them, or
systems you have otherwise determined should not host sensors. For example, mission critical servers
where peak performance of core services is essential, such as database servers or servers in the DMZ
(demilitarized zone). Also, systems that might spend significant time outside your network, such as
laptops.
The Rogue Sensor Blacklist is different than the Exceptions list, in that systems on the Exceptions list
are those that either can't have an agent on them, or that you don't want categorized as Rogue, such
as printers or routers.
Rogue System Detection policy settings
Rogue System Detection policy settings allow you to configure and manage the instances of the Rogue
System Sensor installed throughout your network. Settings can be applied to individual systems,
groups of systems, and IP ranges.
You can configure policy settings for all sensors deployed by the server. This is similar to managing
policies for any deployed product, such as VirusScan Enterprise. The Rogue System Detection policy
pages are installed on the McAfee ePO server at installation.
Configure the sensor policy settings in the Rogue System Detection policy pages the same way you
would for any managed security product. Policy settings that you assign to higher levels of the System
Tree are inherited by lower-level groups or individual systems. For more information about policies and
how they work, see Managing your Network with Policies and Client Tasks.
McAfee recommends that you configure policy settings before you deploy
sensors to your network. Doing so ensures that the sensors work
according to your intended use. For example, DHCP monitoring is
disabled by default. As a result, if you deploy sensors to DHCP servers
without enabling DHCP monitoring during your initial configuration, those
sensors report limited information to the McAfee ePO server. If you
deploy sensors before you configure your policies, you can update them
to change sensor functionality.
Considerations for policy settings
Policy settings configure the features and performance of the Rogue System Sensor. These settings
are separated into four groups:
•
Communication settings
•
Detection settings
•
General settings
•
Interface settings
Communication settings
Communication settings determine:
•
Communication time for inactive sensors.
•
Reporting time for active sensors.
•
Sensor's detected system cache lifetime.
The communication time for inactive sensors determines how often passive sensors check in with the
server.
®
®
McAfee
ePolicy Orchestrator
Detecting Rogue Systems
What are rogue systems
4.6.0 Software Product Guide
21
269
Advertisement
Chapters
Table of Contents
