Knowledge Center

How to configure a Rogue System Detection Query Agent
Technical Articles ID:   KB91544
Last Modified:  5/22/2019


McAfee Rogue System Detection (RSD) 5.0.x


Running Query Agent within the Detected Systems page of ePO must be configured to allow the device to remotely report its condition. This article provides the steps to ensure that the Query Agent completes successfully.

The Agent query functionality is specifically for environments which have multiple ePO servers in the network. 

The above functionality is for clients that have McAfee Agent installed on other ePO servers in the network. These devices are shown as 'rogues' in the other ePO servers that reside in the same network. The query is also for administrators who need to know which ePO server these devices are connected to; it also reports the system name, agentguid, and agent version.
For Query Agent to work:

From the ePO server where you are actioning the agent query:
  1. Add the alternative ePO IP address in Server settingsDetected System ComplianceePO Servers.
  2. If the agent wakeup port is not the default, the new port must be added to Server settings, Detected System Matching, Alternative McAfee Agent ports. Further details below:

    To retrieve the agent wakeup comm port stored in the ePO database, use the following SQL command:

    @ [dbo].[EPOServerInfo].[AgentHTTPPort]

    NOTE: If you do not use the Agent Port (8081), the following command looks up the agent port from the ePO database to use in the command-line string above.

    select AgentHTTPPort from EPOServerInfo
From the ePO server that manages the device being queried:
  1. Verify the Remote Access log is enabled in the agent policy.
  2. Ensure that the following option is disabled: Accept connections from this ePO.

Rate this document

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.