LocknetSSmith 6 Posted January 4, 2016 Share Posted January 4, 2016 Just checking - is there any documentation out there describing more specifically how the rogue detection sensor works? The ERA user guide is pretty generic on the matter, and I was unable to find anything substantial on the Knowledge Base. We're asking simply so we can determine why it picks up certain devices that are "false positives," such as printers. Specifically, how does it look for rogues, or maybe the better question, what is is looking for and where? Thanks. Link to comment Share on other sites More sharing options...
ESET Staff MartinK 375 Posted January 5, 2016 ESET Staff Share Posted January 5, 2016 (edited) Just checking - is there any documentation out there describing more specifically how the rogue detection sensor works? The ERA user guide is pretty generic on the matter, and I was unable to find anything substantial on the Knowledge Base. We're asking simply so we can determine why it picks up certain devices that are "false positives," such as printers. Specifically, how does it look for rogues, or maybe the better question, what is is looking for and where? Thanks. Hello, technically it listens for network traffic on all available ethernet-based network interfaces (=passive detection) and once network peer is detected, attempt to detect operating system is performed using similar methods than nmap detection uses. What operating system it detects for mentioned false-positives? is it correctly detected? In case you are using predefined report template Rogue computers you may try to clone or modify it so that used filtering will exclude false-positives. EDIT: just realized you can create configuration policy for ESET Rogue Detection Sensor and configure exclusions in Filters section. In case you have many devices from the same vendor, it would be quite easy using MAC prefix. Edited January 8, 2016 by MartinK Link to comment Share on other sites More sharing options...
Recommended Posts