Release Notes for McAfee® Rogue System Detection 2.0

Important information about this release

Thank you for using McAfee® Rogue System Detection software version 2.0. This document contains important information about this release. We strongly recommend that you read the entire document.

CAUTION: McAfee does not support automatic upgrading of a pre-release version of the software. To upgrade to a production release of the software, you must first uninstall the existing version of the software.

McAfee strongly recommends that you do not use beta software in your production environment.

Installing and Updating Your Software

Use these tasks to get started using the Rogue System Detection 2.0 beta software.

Tasks

Before you begin beta testing Rogue System Detection, you must install ePolicy Orchestrator 4.0 Patch 2.

NOTE: Ensure that the ePO global administrator account that you are going to upgrade has a password consisting of numbers and letters. The installer does not support “special” characters in your ePolicy Orchestrator password (although using ePolicy Orchestrator through the console does support special characters).

Updating ePolicy Orchestrator 4.0

Upgrading from ePolicy Orchestrator 4.0 RTW or RTM

Use this task to upgrade to ePolicy Orchestrator Patch 2 if you already have ePolicy Orchestrator 4.0 RTW or RTM installed.

Task
  1. Extract the contents of the ePolicy Orchestrator 4.0 Patch 2 zip file into a temporary folder.
  2. From the temporary folder, run Setup.exe, then click Next.
  3. Supply the credentials of an ePO global administrator accounts and click Next.
  4. Set the ports for your Sensor-to-Server communication listen port and your Event Parser-to-Application Server communication port, then click Next. If either of the ports you selected are not available, the installer prompts you to choose new ports.
  5. When you are sure of your settings, click Next.
  6. Wait for the automated installer to complete its actions, then click Finish when the installation is completed successfully.

Upgrading from ePolicy Orchestrator 4.0 Patch 1

Use this task to upgrade to ePolicy Orchestrator 4.0 Patch 2 if you already have ePolicy Orchestrator 4.0 Patch 1 installed.

Task
  1. Extract the contents of the ePolicy Orchestrator 4.0 Patch 2 zip file into a temporary folder.
  2. From the temporary folder, run Setup.exe, then click Next.
  3. Supply the credentials of an ePO global administrator accounts and click Next.
  4. Set the port for your Sensor-to-Server communication listen port, then click Next. If the port you have selected is not available, the installer prompts you to choose a new port.
  5. When you are sure of your settings, click Next.
  6. Wait for the automated installer to complete its actions, then click Finish when the installation is completed successfully.

Updating your beta software

If you are installing Rogue System Detection for the first time, skip this section and proceed to the section titled Installing Rogue System Detection after you have updated your ePolicy Orchestrator. If you are updating your beta software you must completed each of these tasks before proceeding to the Installing Rogue System Detection section:

Uninstalling the Rogue System Sensor

Use this task to uninstall Rogue System Sensors from your network.

Task
  1. Go to Systems | System Tree and navigate to the systems where the sensors are installed.
  2. Select the systems that you want to remove sensors from, then click More Actions and click Rogue Sensor Remove.
  3. In the Action pane, click OK.
  4. Select the systems that you removed the sensors from, then click More Actions and click Wake Up Agents.

Deleting the default Rogue System Detection queries

Use this task to delete Rogue System Detection Queries from your ePO server.

Task
  1. Go to Reporting | Queries and from My Queries select the default RSD query.
  2. Click Delete, then in the Action pane click OK.
    NOTE: You must repeat this step for each of the six default RSD queries:
    • RSD: Active Sensor Response (Last 24 Hours).
    • RSD: Passive Sensor Response (Last 24 Hours).
    • RSD: Rogue Systems, By Domain (Last 7 Days).
    • RSD: Rogue Systems, by OS (Last 7 Days).
    • RSD: Rogue Systems, by OUI (Last 7 Days).
    • RSD: Subnet Coverage

Uninstalling Rogue System Detection

Use this task to uninstall Rogue System Detection from your ePO server.

Task
  1. From your Windows Desktop go to Start | Settings | Control Panel and open Add or Remove Programs.
  2. From the list of installed programs select McAfee Rogue System Detection Server and click Change/Remove.
  3. From the Remove McAfee Rogue System Detection screen, click Remove.
  4. In the confirmation window, click Yes.

Installing Rogue System Detection

Use this task to install Rogue System Detection.

Task

  1. Install ePolicy Orchestrator 4.0 Patch 2.
  2. Extract the contents of the Rogue System Detection 2.0 zip file into a temporary folder.
  3. From the temporary folder, run Setup.exe. The Setup Requirements page appears. If the installer indicates that there are additional required applications not installed on your system, cancel the install and obtain those applications before restarting the Rogue System Detection installation.
  4. Click Next. The Welcome page of the InstallShield Wizard for McAfee Rogue System Detection Server appears.
  5. Click Next. The McAfee Licensing page appears.
  6. Review the license agreement and click OK.The Installation Directory page appears.
  7. Click Browse to specify your desired installation location or accept the default location, then click Next. The ePolicy Orchestrator Credentials page appears.
  8. Supply the credentials of one of your ePO global administrator accounts and click Next. The Summary page appears.
  9. Click Next if you are sure that you do not need to change any of your settings.
  10. Wait for the automated installer to complete its actions, then click Finish when the install completes successfully.

Installing Rogue System Sensors on individual systems

Use this task to install Rogue System Sensors on individual systems.

Task

  1. Go to Systems | System Tree and click the Systems tab, then select the checkbox for the systems where you want to install sensors on by checking the box next to them.
    NOTE: If a system you want does not appear in the table, add it by clicking New System in the System Tree pane.
  2. Click More Actions, then click Rogue Sensor Install from the menu.
  3. In the Action pane click OK.

Installing Rogue System Sensors using a client task

Use this task to install Rogue System Sensors by creating a client task.

NOTE: Use caution if selecting this method because it deploys sensors to every system in the selected group.

Task

  1. Go to Systems | System Tree and select the group where you want to install sensors, then click the Client Tasks tab.
  2. Click New Task. The Client Task Builder wizard appears.
  3. On the Description page, specify the name for the task and any notes, then from the Type menu select Sensor Deployment (Rogue system Detection 2.0.0) and click Next. The Configuration page appears.
  4. Set the Sensor Deployment Options to Install and click Next. The Schedule page appears.
  5. Set the Schedule type to Run Immediately and click Next. The Summary page appears.
  6. Review the details of the client task, then, click Save.

Migration considerations

Migrating to Rogue System Detection 2.0 and ePolicy Orchestrator 4.0 from Rogue System Detection 1.0 and ePolicy Orchestrator 3.6 requires special consideration. The migration process retains only the Rogue System Detection 1.0 policies and server-side settings. As a result, it is important for you to document some information about your existing configuration before upgrading:
  • Compile a list of all installations of the 1.0 Sensor on your subnets.
  • Create a table or other document that shows the relationship between custom policies and the specific groups of sensors and systems where they are deployed.

This information allows you to enforce your custom policies on the same systems throughout your network after you have upgraded to Rogue System Detection 2.0 and ePolicy Orchestrator 4.0.

When your upgrade is completed, 1.0 policies are available from the ePolicy Orchestrator 4.0 Policy catalog by selecting Rogue System Detection from the product menu. The 1.0 policies will be appended with (Migrated).

NOTE: McAfee recommends that you uninstall Rogue System Detection 1.0 sensors before upgrading.

Updating the ePO help extension

Use this task to update the ePolicy Orchestrator help files to include Rogue System Detection help. This ePolicy Orchestrator help extension includes the beta version of the Rogue System Detection 2.0 help. This version does not yet have a new version number, so you must uninstall the existing ePOHelp extension before installing this new extension.

Before you begin

Ensure the extension file is in accessible location on the network.

Task

  1. Go to Configuration | Extensions, then in the Managed Products list select ePO_Help and click Remove.
  2. In the Actions pane click OK.
  3. Click Install Extension. The Install Extension dialog box appears.
  4. Browse to the extension (help_epo_102.zip) file, then click OK.
  5. Verify that ePO_Help appears in the Extensions list

New features

New and updated features in the current release of the software are described in these topics:

DHCP server support

Installing Rogue System Sensors on DHCP servers is now supported. Installing Rogue System Sensors on DHCP servers provides additional functionality by allowing you to cover every subnet that connects to a DHCP server with a single sensor.

Full integration with ePolicy Orchestrator

Rogue System Detection is now fully integrated with ePolicy Orchestrator 4.0. Integration into ePolicy Orchestrator 4.0 allows you to use:
  • Custom queries and dashboards.
  • Property-based sorting and tagging.
  • Role-based access control.
  • Scheduled tasks.

OS Fingerprinting

OS fingerprinting provides the ability to determine specific information about systems and other devices on your network. Information includes system type (Linux/MAC) and device type (routers/printers).

Sensor blacklist

Systems can now be added to the Rogue System Sensor Blacklist. The blacklist allows you to identify which managed systems should not have a sensor installed, and prevents accidental sensor installation on these systems.

Where to find McAfee product information

The McAfee documentation is designed to provide you with the information you need during each phase of product implementation, from evaluating a new product to maintaining existing ones. Depending on the product, additional documents might be available. After a product is released additional information regarding the product is entered into the online Knowledgebase available on McAfee ServicePortal.

Evaluation Phase

Installation Phase

Setup Phase

Maintenance Phase

How can my company benefit from this product?

Evaluation Tutorial


  • Preparing for, installing and deploying software in a test environment.
  • Detailed instructions for common tasks.

Before, during, and after installation.

Release Notes


  • Known issues in the current release.
  • Issues resolved since the last release.
  • Last-minute changes to the product or its documentation.

Installation Guide


  • Preparing for, installing and deploying software in a production environment.

Getting up-and-running with the product.

Product Guide and Online Help


  • Setting up and customizing the software for your environment.

Online Help


  • Managing and deploying products through ePolicy Orchestrator.
  • Detailed information about options in the product.

Maintaining the software.

Online Help


  • Maintaining the software.
  • Reference information.
  • All information found in the product guide.

Quick Reference Card


  • Detailed instructions for common and infrequent important tasks.

Knowledgebase (knowledge.mcafee.com)


  • Release notes and documentation.
  • Supplemental product information.

  • Workarounds to known issues.

Finding release notes and documentation for McAfee products

Use this task to go to the release notes and other product documentation for McAfee products.

  1. Go to knowledge.mcafee.com and select Product Documentation under Useful links.
  2. Select <Product Name> | <Product Version> and select the required document from the list of documents.

License attributions

CASTOR Copyright 2004-2005 Werner Guttmann Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.

You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

COPYRIGHT

COPYRIGHT

Copyright © 2008 McAfee, Inc. All Rights Reserved.

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.

TRADEMARK ATTRIBUTIONS

TRADEMARK ATTRIBUTIONS

AVERT, EPO, EPOLICY ORCHESTRATOR, FLASHBOX, FOUNDSTONE, GROUPSHIELD, HERCULES, INTRUSHIELD, INTRUSION INTELLIGENCE, LINUXSHIELD, MANAGED MAIL PROTECTION, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, MCAFEE.COM, NETSHIELD, PORTALSHIELD, PREVENTSYS, PROTECTION-IN-DEPTH STRATEGY, PROTECTIONPILOT, SECURE MESSAGING SERVICE, SECURITYALLIANCE, SITEADVISOR, THREATSCAN, TOTAL PROTECTION, VIREX, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

LICENSE INFORMATION

LICENSE INFORMATION

License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.