Jump to content

ERA Rogue Detection Sensor - Additional Information?


LocknetSSmith
 Share

Recommended Posts

Just checking - is there any documentation out there describing more specifically how the rogue detection sensor works?  The ERA user guide is pretty generic on the matter, and I was unable to find anything substantial on the Knowledge Base.  

 

We're asking simply so we can determine why it picks up certain devices that are "false positives," such as printers.  

 

Specifically, how does it look for rogues, or maybe the better question, what is is looking for and where?  

 

Thanks. 

Link to comment
Share on other sites

  • ESET Staff

Just checking - is there any documentation out there describing more specifically how the rogue detection sensor works?  The ERA user guide is pretty generic on the matter, and I was unable to find anything substantial on the Knowledge Base.  

 

We're asking simply so we can determine why it picks up certain devices that are "false positives," such as printers.  

 

Specifically, how does it look for rogues, or maybe the better question, what is is looking for and where?  

 

Thanks. 

 

Hello,

 

technically it listens for network traffic on all available ethernet-based network interfaces (=passive detection) and once network peer is detected, attempt to detect operating system is performed using similar methods than nmap detection uses. What operating system it detects for mentioned false-positives? is it correctly detected? In case you are using predefined report template Rogue computers you may try to clone or modify it so that used filtering will exclude false-positives.

 

EDIT: just realized you can create configuration policy for ESET Rogue Detection Sensor and configure exclusions in Filters section. In case you have many devices from the same vendor, it would be quite easy using MAC prefix.

Edited by MartinK
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...