McAfee EPOCDE-AA-BA Product Guide - Page 267
Rogue System Sensor status, Exceptions, Inactive, Managed, Rogue
View all McAfee EPOCDE-AA-BA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 267 highlights
Detecting Rogue Systems What are rogue systems 21 Exceptions Exceptions are systems that don't need a McAfee Agent, such as routers, printers, or systems from which you no longer want to receive detection information. Identify these systems and mark them as exceptions to prevent them from being categorized as rogue systems. Mark a system as an exception only when it does not represent a vulnerability in your environment. Inactive Inactive systems are listed in the McAfee ePO database, but have not been detected by a detection source in a specified time, which exceeds the period specified in the Rogue category. Most likely these are systems that are shut down or disconnected from the network, for example, a laptop or retired system. The default time period for marking systems as inactive is 45 days. Managed Managed systems have an active McAfee Agent that has communicated with the McAfee ePO server in a specified time. To ensure security, the majority of detected systems on your network should be managed. Systems on your network with an installed active agent are displayed in this list, even before you deploy sensors to the subnets that contain these systems. When the agent reports to the McAfee ePO database, the system is automatically listed in the Managed category. Rogue Rogue systems are systems that are not managed by your McAfee ePO server. There are three rogue states: • Alien agent - These systems have a McAfee Agent that is not in the local McAfee ePO database, or any database associated with additional McAfee ePO servers you have registered with the local server. • Inactive agent - These systems have a McAfee Agent in the McAfee ePO database that has not communicated in a specified time. • Rogue - These systems don't have a McAfee Agent. Systems in any of these three rogue states are categorized as Rogue systems. Rogue System Sensor status Rogue System Sensor status is the measure of how many sensors installed on your network are actively reporting to the McAfee ePO server, and is displayed in terms of health. Health is determined by the ratio of active sensors to missing sensors on your network. Sensor states are categorized into these groups: • Active • Missing • Passive McAfee® ePolicy Orchestrator® 4.6.0 Software Product Guide 267