Rogue System Detection states

Rogue System Detection uses different states to categorize systems, sensors, and subnets, making it easier to monitor and manage your network.

These states determine the following:

  • Overall system status
  • Rogue System Sensor status
  • Subnet status

The Detected Systems page displays information about each of these states through corresponding status monitors. This page also displays the 25 subnets with the most rogue system interfaces in the Top 25 Subnets list and the adjacent Detected System Interfaces by Subnet table.

Figure 1. Detected Systems page

The Top 25 Subnets list and Detected System Interfaces by Subnet table are linked together. The list on the left, Top 25 Subnets, is the top 25 most rogue-infested subnets. It is a not a complete list because you can have many more subnets with rogue systems. In the list, you can click Ignore to ignore a subnet. This action doesn't delete the subnet, but means that I know I can get detections on this subnet, but I don’t want to see them.

Tip: McAfee recommends that you do not choose to ignore subnets. If you ignore subnets, you have decided that a subnet can have rogue systems connected.

The Detected System Interfaces by Subnet table allows you to monitor and take actions on the detected interfaces. For example, you can:

  • Monitor the Last Detected Time to determine when the system NIC was last detected on the McAfee managed network. A system whose interface has not been detected for a long time might have been disconnected from the network.
  • Click the system row to display the Detected Systems Details page and see all interfaces associated with this system.
  • Select a system and click Actions to add the system interface to the Exceptions List, add the system to the System Tree, deploy agents, and more.