Jump to content
Edu

How to clean/delete "Rogue Computers" ?

Recommended Posts

Hey team,

I looked for this subject but didn't solve my issue...

In ESMC, on the botton we have the statistcs for Rogue Computers, how can I delete them ? Most of them are disable on AD, others are printers, vms...

Running:

ESET Security Management Center (Server), Version 7.2 (7.2.2233.0)
ESET Security Management Center (Web Console), Version 7.2 (7.2.221.0)

 

Share this post


Link to post
Share on other sites
3 hours ago, Edu said:

Hey team,

I looked for this subject but didn't solve my issue...

In ESMC, on the botton we have the statistcs for Rogue Computers, how can I delete them ? Most of them are disable on AD, others are printers, vms...

Running:

ESET Security Management Center (Server), Version 7.2 (7.2.2233.0)
ESET Security Management Center (Web Console), Version 7.2 (7.2.221.0)

 

A rogue computer is just a device that is connected to the network and doesn't have ESET Agent / Endpoint installed.

It is fine even if it shows you the rogue devices , it's fine , there could be an option to hide/ignore these.

Share this post


Link to post
Share on other sites
On 7/16/2020 at 8:23 PM, Nightowl said:

A rogue computer is just a device that is connected to the network and doesn't have ESET Agent / Endpoint installed.

It is fine even if it shows you the rogue devices , it's fine , there could be an option to hide/ignore these.

Yes Nightowl, but there wasn't any option to hide or even delete these IP/MAC address.

On 7/17/2020 at 5:56 AM, MartinK said:

I would recommend to use filter as available in Rogue Detection Sensor to filter out devices that are known are should not be reported:

image.png

with more details mentioned in description.

There is also a client task Rogue Detection Sensor Database Reset available in ESMC that might help.

Thanks for the suggestion MartinK. Is this policy supposed to run just on machines running ESET right? Because, I applied your suggestion for 2 printers, blacklisted the IP's and they continues showed in the Rogue report.

How to clean this number? Currently, I have 157 "ghost machines" there.

2020-07-16_16h49_34.png

Share this post


Link to post
Share on other sites
10 hours ago, Edu said:

Yes Nightowl, but there wasn't any option to hide or even delete these IP/MAC address.

Thanks for the suggestion MartinK. Is this policy supposed to run just on machines running ESET right? Because, I applied your suggestion for 2 printers, blacklisted the IP's and they continues showed in the Rogue report.

How to clean this number? Currently, I have 157 "ghost machines" there.

2020-07-16_16h49_34.png

I thinks that  task I mentioned in previous commend should perform cleanup, as it is possible that filter set in policy will affect only newly detected devices, not those already detected.

Policy should be applied at least to devices where Rogue Detection Sensor is installed.

Share this post


Link to post
Share on other sites

Funny thing.  I was just trying to figure this out.  I have put all the Rogue IPs into a static group.  The confusion that I'm  having is how to set the filter.  

If I have a static group which contains rogue ips ( that aren't really rogue), how do I set the filter such that the they are ignored and aren't displayed in the list of computers when I select "All Subgroups"?    Do I need to actually copy all those IPs to the filter list of the Policy?

Thanks

 

Share this post


Link to post
Share on other sites

I've played around with the filter list and I'm still not getting it.

If someone with experience with this part of the console can clarify it.

I have added a bunch of ips to the ipv4 list[via the "Edit IPv4 list"   Since I don't want them to be detected, I select the blacklist radio button [since as the description says:  "By enabling filter, only computers whose IP addresses are part of the whitelist in the IPv4 filter list will be detected, or only those that are not part of the blacklist."   I apply the policy to the server that has the RDS installed.

I waited for about an hour and then I went to the Status Overview page, yet the number of Rogue computers detected still includes the list of supposed systems that it should ignore.   Am I misunderstanding the function?

My confusion stems from the description and what I want to do.   I'd like the RDS to ignore rogue systems(not really rogue, since I know what they are).  So with that in mind, I add all those ips to the IPv4 list.   Now since I don't want them detected, that list should be a blacklist.

Am I correct in my setup?

Thanks

 

Edmund

 

Clipboard01.jpg

Share this post


Link to post
Share on other sites
20 minutes ago, ewong said:

I've played around with the filter list and I'm still not getting it.

If someone with experience with this part of the console can clarify it.

I have added a bunch of ips to the ipv4 list[via the "Edit IPv4 list"   Since I don't want them to be detected, I select the blacklist radio button [since as the description says:  "By enabling filter, only computers whose IP addresses are part of the whitelist in the IPv4 filter list will be detected, or only those that are not part of the blacklist."   I apply the policy to the server that has the RDS installed.

I waited for about an hour and then I went to the Status Overview page, yet the number of Rogue computers detected still includes the list of supposed systems that it should ignore.   Am I misunderstanding the function?

My confusion stems from the description and what I want to do.   I'd like the RDS to ignore rogue systems(not really rogue, since I know what they are).  So with that in mind, I add all those ips to the IPv4 list.   Now since I don't want them detected, that list should be a blacklist.

Am I correct in my setup?

Thanks

 

Edmund

 

Clipboard01.jpg

I understand exactly, I've tried filters suggested here, policies, reset the rogue, re-sync the server after each filter applied and after that, checked the Rogue report and...The IPs still there.

Thanks for share your experience with us, I'm still waiting for some update/solution from ESET team.

Need to have some options on rogue to delete or "hide" these IPs from printers, phones and others stuff.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...