ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Why is Symantec scanning my website for vulnerabilities? A little about Vulnerability Assessment
Article ID: 158028
Updated On:
Products
Endpoint Protection
Issue/Introduction
Why is Symantec scanning my website for vulnerabilities?
Resolution
Symantec offers an opt-in service called Norton Trust Services that provides a vulnerability assessment service for websites. The websites in question that have opted in are given the option to add a Norton Secured Seal to their website showing they are a part of this service.
Vulnerability Assessment Service uses the following IP addresses and server names:
• VBLADEAF001 46.4.95.23 (scan1.ws.symantec.com)
• VBLADEAF002 46.4.85.9 (scan2.ws.symantec.com)
• VBLADEAF003 46.4.85.14 (scan3.ws.symantec.com)
• VBLADEAF004 46.4.94.227 (scan4.ws.symantec.com)
• VBLADEAF005 46.4.94.230 (scan5.ws.symantec.com)
• VBLADEAF006 46.4.94.239 (scan6.ws.symantec.com)
• VBLADEAF007 67.192.122.132 (scan7.ws.symantec.com)
• VBLADEAF008 204.232.241.139 (scan8.ws.symantec.com)
• VBLADEAF009 46.4.94.143 (scan9.ws.symantec.com)
• VBLADEAF010 5.9.77.176 (scan10.ws.symantec.com)
Trust Services document can be found here: Which IP addresses does Vulnerability Assessment Service scan from?
For more information see: Vulnerability Assessment Key Services and Features
Additional details can be found in the Connect article Why am I getting IDS alerts on vulnerability scans from Symantec?
Additional details can be found in the Connect article Why am I getting IDS alerts on vulnerability scans from Symantec?
Feedback
Yes
No
Powered by
