Ross 0 Posted July 18, 2018 Share Posted July 18, 2018 Besides ESET on the endpoints, we also use Tenable as a network security scanner. A number of our endpoints detect and block this scan, putting up scary warnings to the end users: "Network threat blocked; TCP Port Scanning attack; Firewall has blocked an attack attempt to keep your computer protected." I would like to whitelist the scanner IPs so that we don't get these messages. I thought I figured out how, but it doesn't seem to be working, or not consistently. I went into Policies > Settings > Firewall > Advanced > IDS Exceptions and added an exception that included the IP addresses of the scanners, telling it to not block and not notify. Is that the right place for this? Is there some other place I should be whitelisting this scan? Or if that is the right place, am I having a problem with policy delivery or precedence? thanks. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted July 18, 2018 Administrators Share Posted July 18, 2018 That is correct. You can also make an exception directly via the link in the warning window. Link to comment Share on other sites More sharing options...
Ross 0 Posted July 18, 2018 Author Share Posted July 18, 2018 Hm. If I've whitelisted it right, why is it still alerting? I see the link to set a personal exception, but 1) that won't help the other 1,000 customers at the company, and 2) it seems to require admin rights escalation to do it, which won't work for most of them. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted July 19, 2018 Administrators Share Posted July 19, 2018 Please gather logs with ESET Log Collector from that machine and drop me a private message with the generated zip archive attached. Link to comment Share on other sites More sharing options...
Recommended Posts