Jump to content

Computer with agent installed shows up in Rogue Detection Scan

Go to solution Solved by MartinK,

Recommended Posts


I have a number of laptops that have the ESET Protect agent installed and is working properly as it is showing up on my console.
I can also perform tasks and assign policies on those laptops. All of these laptops have two network cards, the wired one and the
wireless one. When these laptops switch to wireless, the Roque Detection sensor does not recognize them anymore as authorized
endpoints but rather I start getting entries in the rogue detection list which after investigation turn out to be these laptops.

I did see a article where someone suggested to add them to the mac exception list, but I can only enter the prefix of the vendor,
not the whole mac address. In my opinion, this creates an security issue for me as if we get a rogue machine on the network that
is of the same brand we use, it won't be reported and missed.

What would be the proper way to resolve this issue where legit machines are being reported as rogue???

Thank you.

Link to comment
Share on other sites

  • ESET Staff
  • Solution

Unfortunately there is probably no proper solution for now, so I would recommend to file a support request or contact your ESET distributor/partner so that is it tracked.

From technical standpoint, machine is shown as rogue in console when:

  • MAC address or machine itself is detected in the network using RogueDetectoinSensor (passive detection of all present devices)
  • MAC address of detected machine is not one of MAC addresses reported by ESET Management Agent, where only active interfaces are reported in this way, and this is the problem - when devices are switched to secondary interface, original one is no longer active = no longer reported, and thus considered as "unknown".
Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...