Jump to content

How to whitelist security scanner


Ross
 Share

Recommended Posts

Besides ESET on the endpoints, we also use Tenable as a network security scanner. A number of our endpoints detect and block this scan, putting up scary warnings to the end users: "Network threat blocked; TCP Port Scanning attack; Firewall has blocked an attack attempt to keep your computer protected."

I would like to whitelist the scanner IPs so that we don't get these messages. I thought I figured out how, but it doesn't seem to be working, or not consistently.

I went into Policies > Settings > Firewall > Advanced > IDS Exceptions and added an exception that included the IP addresses of the scanners, telling it to not block and not notify.

Is that the right place for this? Is there some other place I should be whitelisting this scan? Or if that is the right place, am I having a problem with policy delivery or precedence?

thanks.

Link to comment
Share on other sites

Hm. If I've whitelisted it right, why is it still alerting? I see the link to set a personal exception, but 1) that won't help the other 1,000 customers at the company, and 2) it seems to require admin rights escalation to do it, which won't work for most of them.

Link to comment
Share on other sites

  • Administrators

Please gather logs with ESET Log Collector from that machine and drop me a private message with the generated zip archive attached.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...