Why is Symantec scanning my website for vulnerabilities? A little about Vulnerability Assessment

Article Id: 158028

Status: Published

Updated On: 25-10-2018 09:40

Legacy Id: TECH206404

Products:

Endpoint Protection

Issue/Introduction:

Why is Symantec scanning my website for vulnerabilities?

Resolution:

Symantec offers an opt-in service called Norton Trust Services that provides a vulnerability assessment service for websites. The websites in question that have opted in are given the option to add a Norton Secured Seal to their website showing they are a part of this service.

Vulnerability Assessment Service uses the following IP addresses and server names:

• VBLADEAF001 46.4.95.23 (scan1.ws.symantec.com)

• VBLADEAF002 46.4.85.9 (scan2.ws.symantec.com)

• VBLADEAF003 46.4.85.14 (scan3.ws.symantec.com)

• VBLADEAF004 46.4.94.227 (scan4.ws.symantec.com)

• VBLADEAF005 46.4.94.230 (scan5.ws.symantec.com)

• VBLADEAF006 46.4.94.239 (scan6.ws.symantec.com)

• VBLADEAF007 67.192.122.132 (scan7.ws.symantec.com)

• VBLADEAF008 204.232.241.139 (scan8.ws.symantec.com)

• VBLADEAF009 46.4.94.143 (scan9.ws.symantec.com)

• VBLADEAF010 5.9.77.176 (scan10.ws.symantec.com)

Trust Services document can be found here: Which IP addresses does Vulnerability Assessment Service scan from?

For more information see: Vulnerability Assessment Key Services and Features

Additional details can be found in the Connect article Why am I getting IDS alerts on vulnerability scans from Symantec?