Loading...

Knowledge Center


How to deploy Rogue System Detection sensors to a single system in each subnet
Technical Articles ID:   KB83947
Last Modified:  4/7/2017
Rated:


Environment

McAfee Rogue System Detection (RSD) 5.x, 4.x

Summary

McAfee recommends that you deploy a single RSD sensor to each subnet. This article provides a solution to identify managed systems that are in different subnets.

Solution

Use the following steps to deploy RSD sensors to a single system in each subnet:
  1. Create a list containing a single system name per subnet:
    1. Click Menu, Queries & Reports, Actions, New.
    2. On the Result Type page, select System Management, Managed Systems and click Next.
    3. On the Chart page, select Multi-group Summary Table.
    4. For the first selection box under Labels are, select Subnet Address.
    5. For the second selection box under Labels are, select System Name.
    6. On the line for System Name, click the checkbox and specify that the Maximum items should be 1. Click Next.
    7. On the Columns page, select to have only the System Name column included, and click Next.
    8. On the Filter page, set Last Communication to Is within the last 1 Days.
    9. Click Run and then save the query with a new name. Note that in the query output, only a single system is listed per subnet.
    10. Run the query again and select Options, Export Data.
    11. Select Chart data only for What to export.
    12. Select the CSV file format option.
    13. Click Export and save the output file to the local system.
    14. Open the output file in Excel or a text editor and remove all columns except the System Name column.
    15. Remove the System Name column label. The resulting file should be a list of system names, for example:
       
      host1
      host2
        
  2. Apply a tag to the systems in the list from step 1:
    1. Create a new tag using the ePO Tag Catalog. No criteria is needed for the tag because it will be used later as part of a server task.
    2. Click Menu, Automation, Server Tasks, Actions, New Task.
    3. Name the task and click Next.
    4. Select Load Systems by File for Actions.
    5. Copy the output file from step 1o to a local folder on the ePO server.
    6. Specify the folder and file path in the File Location of the server task.
    7. Select Apply Tag for Sub-Actions and select the tag created in step 2a.
    8. Run the server task to apply the tag to the systems contained in the file. The server task may be set to disabled at this point because it needs to run only this one time.
       
  3. Install RSD on the systems tagged in step 2:
    1. Click Menu, System Tree and click the root node My Organization.
    2. Click Actions, New Client Task Assignment.
    3. Select Rogue System Detection for Product.
    4. Select Install RSD for Task Name.
    5. For Tags, select Send this task to only computers which have the following criteria and select the tag created in step 2a. Click Next.
    6. Schedule the client task to run and click Save.
    7. Wait for the client task to complete and verify on a few systems that the RSD sensor is displayed as installed on the System Details page.
 

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.