McAfee EPOCDE-AA-BA Product Guide - Page 269
Rogue Sensor Blacklist, Rogue System Detection policy settings, Considerations for policy settings
View all McAfee EPOCDE-AA-BA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 269 highlights
Detecting Rogue Systems What are rogue systems 21 Rogue Sensor Blacklist The Rogue Sensor Blacklist is the list of managed systems where you do not want sensors installed. These can include systems that would be adversely affected if a sensor were installed on them, or systems you have otherwise determined should not host sensors. For example, mission critical servers where peak performance of core services is essential, such as database servers or servers in the DMZ (demilitarized zone). Also, systems that might spend significant time outside your network, such as laptops. The Rogue Sensor Blacklist is different than the Exceptions list, in that systems on the Exceptions list are those that either can't have an agent on them, or that you don't want categorized as Rogue, such as printers or routers. Rogue System Detection policy settings Rogue System Detection policy settings allow you to configure and manage the instances of the Rogue System Sensor installed throughout your network. Settings can be applied to individual systems, groups of systems, and IP ranges. You can configure policy settings for all sensors deployed by the server. This is similar to managing policies for any deployed product, such as VirusScan Enterprise. The Rogue System Detection policy pages are installed on the McAfee ePO server at installation. Configure the sensor policy settings in the Rogue System Detection policy pages the same way you would for any managed security product. Policy settings that you assign to higher levels of the System Tree are inherited by lower-level groups or individual systems. For more information about policies and how they work, see Managing your Network with Policies and Client Tasks. McAfee recommends that you configure policy settings before you deploy sensors to your network. Doing so ensures that the sensors work according to your intended use. For example, DHCP monitoring is disabled by default. As a result, if you deploy sensors to DHCP servers without enabling DHCP monitoring during your initial configuration, those sensors report limited information to the McAfee ePO server. If you deploy sensors before you configure your policies, you can update them to change sensor functionality. Considerations for policy settings Policy settings configure the features and performance of the Rogue System Sensor. These settings are separated into four groups: • Communication settings • Detection settings • General settings • Interface settings Communication settings Communication settings determine: • Communication time for inactive sensors. • Reporting time for active sensors. • Sensor's detected system cache lifetime. The communication time for inactive sensors determines how often passive sensors check in with the server. McAfee® ePolicy Orchestrator® 4.6.0 Software Product Guide 269