Besides ESET on the endpoints, we also use Tenable as a network security scanner. A number of our endpoints detect and block this scan, putting up scary warnings to the end users: "Network threat blocked; TCP Port Scanning attack; Firewall has blocked an attack attempt to keep your computer protected."
I would like to whitelist the scanner IPs so that we don't get these messages. I thought I figured out how, but it doesn't seem to be working, or not consistently.
I went into Policies > Settings > Firewall > Advanced > IDS Exceptions and added an exception that included the IP addresses of the scanners, telling it to not block and not notify.
Is that the right place for this? Is there some other place I should be whitelisting this scan? Or if that is the right place, am I having a problem with policy delivery or precedence?
thanks.
