Jump to content

Computer with agent installed shows up in Rogue Detection Scan


Go to solution Solved by MartinK,

Recommended Posts

Hi,

I have a number of laptops that have the ESET Protect agent installed and is working properly as it is showing up on my console.
I can also perform tasks and assign policies on those laptops. All of these laptops have two network cards, the wired one and the
wireless one. When these laptops switch to wireless, the Roque Detection sensor does not recognize them anymore as authorized
endpoints but rather I start getting entries in the rogue detection list which after investigation turn out to be these laptops.

I did see a article where someone suggested to add them to the mac exception list, but I can only enter the prefix of the vendor,
not the whole mac address. In my opinion, this creates an security issue for me as if we get a rogue machine on the network that
is of the same brand we use, it won't be reported and missed.

What would be the proper way to resolve this issue where legit machines are being reported as rogue???

Thank you.

Link to comment
Share on other sites

  • ESET Staff
  • Solution

Unfortunately there is probably no proper solution for now, so I would recommend to file a support request or contact your ESET distributor/partner so that is it tracked.

From technical standpoint, machine is shown as rogue in console when:

  • MAC address or machine itself is detected in the network using RogueDetectoinSensor (passive detection of all present devices)
  • MAC address of detected machine is not one of MAC addresses reported by ESET Management Agent, where only active interfaces are reported in this way, and this is the problem - when devices are switched to secondary interface, original one is no longer active = no longer reported, and thus considered as "unknown".
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...