TechnologyLabs 0 Posted October 6, 2021 Posted October 6, 2021 Hi, I have a number of laptops that have the ESET Protect agent installed and is working properly as it is showing up on my console. I can also perform tasks and assign policies on those laptops. All of these laptops have two network cards, the wired one and the wireless one. When these laptops switch to wireless, the Roque Detection sensor does not recognize them anymore as authorized endpoints but rather I start getting entries in the rogue detection list which after investigation turn out to be these laptops. I did see a article where someone suggested to add them to the mac exception list, but I can only enter the prefix of the vendor, not the whole mac address. In my opinion, this creates an security issue for me as if we get a rogue machine on the network that is of the same brand we use, it won't be reported and missed. What would be the proper way to resolve this issue where legit machines are being reported as rogue??? Thank you.
ESET Staff Solution MartinK 384 Posted October 8, 2021 ESET Staff Solution Posted October 8, 2021 Unfortunately there is probably no proper solution for now, so I would recommend to file a support request or contact your ESET distributor/partner so that is it tracked. From technical standpoint, machine is shown as rogue in console when: MAC address or machine itself is detected in the network using RogueDetectoinSensor (passive detection of all present devices) MAC address of detected machine is not one of MAC addresses reported by ESET Management Agent, where only active interfaces are reported in this way, and this is the problem - when devices are switched to secondary interface, original one is no longer active = no longer reported, and thus considered as "unknown".
Recommended Posts