Protecting your networks with McAfee Rogue System Detection Unprotected systems, known as rogue systems, are often the weak spot of any security strategy, creating entry points that viruses and other potentially harmful programs can use to access your network. McAfee® Rogue System Detection provides near real-time discovery of rogue systems by using Rogue System Sensors installed throughout your network. These sensors use various passive and active network discovery techniques to detect systems connected to the network. When a sensor detects a system on the network, it sends a message to McAfee® ePolicy Orchestrator® (McAfee® ePO™) ). McAfee ePO then checks whether the detected system has an active McAfee® Agent installed. If the detected system is unknown to the server, Rogue System Detection provides information to McAfee ePO to allow you to take remediation steps, which include alerting administrators and automatically deploying a McAfee Agent to the system. Benefits of Rogue System Detection Asset management, including Rogue System Detection, is an important part of overall organization security. Rogue systems and your networkRogue systems access your network, but are not managed by McAfee ePO. Even in a managed network environment, some systems might not have an active McAfee Agent on them. Rogue System Detection statesRogue System Detection uses different states to categorize systems, sensors, and subnets, making it easier to monitor and manage your network. How rogue systems are detected To configure and manage Rogue System Detection, it is important to understand which components are used and how the rogue systems are detected. Types of Rogue System Detection It is important to understand that Rogue System Detection server and sensor configuration varies depending on the type of systems and subnets being listened to and how they appear on the Detected Systems page. How the Rogue System Sensor worksRogue System Sensors detect devices that are connected to your network, then gather information about the devices and forward it to the McAfee ePO server. Passive listening to layer-2 trafficTo detect systems on the network, the sensor uses WinPCap, a packet capture library. Systems that host sensorsInstall sensors on systems that are likely to remain on and permanently connected to the network, such as servers. If you don’t have a server running in a given broadcast segment, install sensors on several workstations to ensure that at least one sensor is always connected to the network. Rogue System Sensor statusRogue System Sensor status measures how many of the sensors installed on your network are actively reporting to the McAfee ePO server, and is displayed in terms of health.