Sarvesh Singh 1 Posted February 9, 2016 Share Posted February 9, 2016 One of our clients using VLan and connected with Point 2 Point connection over lease line. There are around 550 workstations & 30 VLans configured with different IP range such as 10.0.1.1, 10.0.2.1, 10.0.3.1 and so on.They have installed ERAS 6.3 on 10.0.3 network and RD Sensor is able to detect workstations from the same IP range but not for other IP range.Server is able to ping client workstation from different IP range and vice-versaSo kindly let me know if we can add IP range in the setting or anywhere in ERAS so that RD Sensor can detect other workstations too from different IP range. Link to comment Share on other sites More sharing options...
j-gray 37 Posted February 9, 2016 Share Posted February 9, 2016 This is one of my biggest complaints with the RD sensor; it only works on the subnet where it's located. You would need to install an RD sensor on each unique subnet where you want to detect rogue systems. Link to comment Share on other sites More sharing options...
Sarvesh Singh 1 Posted February 10, 2016 Author Share Posted February 10, 2016 So in this case I have to install Win Pcap and RD Sensor on 30 workstations and after taking the data from detectedMachines.log I have to upload same on the ERAS, am I right? Also need suggestion from Moderator. Link to comment Share on other sites More sharing options...
ESET Staff MartinK 383 Posted February 10, 2016 ESET Staff Share Posted February 10, 2016 Problem is that current implementation relies on ARP messages and therefore it's passive detection is limited to current subnet. So in this case I have to install Win Pcap and RD Sensor on 30 workstations and after taking the data from detectedMachines.log I have to upload same on the ERAS, am I right? Also need suggestion from Moderator. Technically you have to install RDSensor (+AGENT) into each subnet. List of detected machines will be sent to ERA server automatically (through AGENT installed on the same machine as RDSensor) and merged on ERA server into one list as if detected by one sensor. Link to comment Share on other sites More sharing options...
Sarvesh Singh 1 Posted February 11, 2016 Author Share Posted February 11, 2016 (edited) This is again the manual task to do installation on 30 systems of Agent, RD sensor as well as Win Pcap. Which requires manual intervention and consumes lot of time. Version 6 is new but its totally different and tricky than version 5. There should be any automated solution for this issue as available in version 5Due to this lack of this feature, we have lost 550 user license PO. Edited February 11, 2016 by Sarvesh Singh Link to comment Share on other sites More sharing options...
Sarvesh Singh 1 Posted March 16, 2016 Author Share Posted March 16, 2016 can anyone answer? Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted March 16, 2016 ESET Staff Share Posted March 16, 2016 Answer has been provided by MartinK already: As of now, RD sensor has to be installed in every subnet, to be able to detect computers. Your requirement will be tracked as an improvement request. Link to comment Share on other sites More sharing options...
ESET Insiders BDeep 7 Posted March 16, 2016 ESET Insiders Share Posted March 16, 2016 Answer has been provided by MartinK already: As of now, RD sensor has to be installed in every subnet, to be able to detect computers. Your requirement will be tracked as an improvement request. I'm seeing in 6.3 that I have to run the Rogue Detection report in order to get the client list. They are not automatically populating in the Rogue Computers group in the ERA console. Is this a bug (new thread) or intended results? Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted March 16, 2016 ESET Staff Share Posted March 16, 2016 What is the "Rogue Computers Group" in ERA console? If you mean "lost and found" this was never the case. You always need to import the outputs from the rogue detection sensor manually. You can do this by either running the report, or by using the dashboard element "rogue computers ratio" => you click on the rogue ones, and drill down into the list. From there you can commence the import. Link to comment Share on other sites More sharing options...
ESET Insiders BDeep 7 Posted March 16, 2016 ESET Insiders Share Posted March 16, 2016 What is the "Rogue Computers Group" in ERA console? If you mean "lost and found" this was never the case. You always need to import the outputs from the rogue detection sensor manually. You can do this by either running the report, or by using the dashboard element "rogue computers ratio" => you click on the rogue ones, and drill down into the list. From there you can commence the import. I don't mean Lost and Found. The static group that was included in the deployment of ERA 6 virtual appliance that says "Rogue Computers". For some reason I thought it pre-populated. It's been a little while since I messed with it. Manually running the report and importing from the generated report works fine. Link to comment Share on other sites More sharing options...
Recommended Posts