Jump to content

Issue with RD Sensor.


Sarvesh Singh
 Share

Recommended Posts

One of our clients using VLan and connected with Point 2 Point connection over lease line. There are around 550 workstations & 30 VLans configured with different IP range such as 10.0.1.1, 10.0.2.1, 10.0.3.1 and so on.

They have installed ERAS 6.3 on 10.0.3 network and RD Sensor is able to detect workstations from the same IP range but not for other IP range.

Server is able to ping client workstation from different IP range and vice-versa

So kindly let me know if we can add IP range in the setting or anywhere in ERAS so that RD Sensor can detect other workstations too from different IP range.

 

Link to comment
Share on other sites

This is one of my biggest complaints with the RD sensor; it only works on the subnet where it's located. You would need to install an RD sensor on each unique subnet where you want to detect rogue systems.

Link to comment
Share on other sites

So in this case I have to install Win Pcap and RD Sensor on 30 workstations and after taking the data from detectedMachines.log I have to upload same on the ERAS, am I right?

 

Also need suggestion from Moderator.

Link to comment
Share on other sites

  • ESET Staff

Problem is that current implementation relies on ARP messages and therefore it's passive detection is limited to current subnet.

 

So in this case I have to install Win Pcap and RD Sensor on 30 workstations and after taking the data from detectedMachines.log I have to upload same on the ERAS, am I right?

 

Also need suggestion from Moderator.

 

Technically you have to install RDSensor (+AGENT) into each subnet. List of detected machines will be sent to ERA server automatically (through AGENT installed on the same machine as RDSensor) and merged on ERA server into one list as if detected by one sensor.

Link to comment
Share on other sites

This is again the manual task to do installation on 30 systems of Agent, RD sensor as well as Win Pcap.

 

Which requires manual intervention and consumes lot of time. Version 6 is new but its totally different and tricky than version 5.

 

There should be any automated solution for this issue as available in version 5

Due to this lack of this feature, we have lost 550 user license PO.

Edited by Sarvesh Singh
Link to comment
Share on other sites

  • 1 month later...
  • ESET Staff

Answer has been provided by MartinK already: As of now, RD sensor has to be installed in every subnet, to be able to detect computers.

Your requirement will be tracked as an improvement request.

Link to comment
Share on other sites

  • ESET Insiders

Answer has been provided by MartinK already: As of now, RD sensor has to be installed in every subnet, to be able to detect computers.

Your requirement will be tracked as an improvement request.

 

I'm seeing in 6.3 that I have to run the Rogue Detection report in order to get the client list. They are not automatically populating in the Rogue Computers group in the ERA console. Is this a bug (new thread) or intended results?

Link to comment
Share on other sites

  • ESET Staff

What is the "Rogue Computers Group" in ERA console? If you mean "lost and found" this was never the case.

You always need to import the outputs from the rogue detection sensor manually.

You can do this by either running the report, or by using the dashboard element "rogue computers ratio" => you click on the rogue ones, and drill down into the list. From there you can commence the import.

Link to comment
Share on other sites

  • ESET Insiders

What is the "Rogue Computers Group" in ERA console? If you mean "lost and found" this was never the case.

You always need to import the outputs from the rogue detection sensor manually.

You can do this by either running the report, or by using the dashboard element "rogue computers ratio" => you click on the rogue ones, and drill down into the list. From there you can commence the import.

 

I don't mean Lost and Found. The static group that was included in the deployment of ERA 6 virtual appliance that says "Rogue Computers".

For some reason I thought it pre-populated. It's been a little while since I messed with it. Manually running the report and importing from the generated report works fine.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...