Vast

Hi, Its not the best solution but a quick workaround that I used is to create a sub-group for devices that are not computers. I have printers and IP phones. So once I established that a device is a printer I just added it to the printer subgroup. I didn't want to filter/whitelist IP address because everything is on DHCP at the moment and sort of defeats the purpose of rogue detection as I wanted to make sure the IP address linked to that device is visible incase another device/PC took its IP address. Its still a work in progress, but I have reduced the number of rogue devices that I can verify by 80%. I'm still new at ESMC and haven't had time to fully look into the filters and white/black listing. Hope this helps.