search cancel

How to exclude network scanners in Symantec Endpoint Protection (SEP)

book

Article ID: 173612

calendar_today

Updated On:

Products

Control Compliance Suite Vendor Risk Manager

Issue/Introduction

You are running Control Compliance Suite Vulnerability Scanner (CCSVM) and scanning machines running SEP Client

In SEP you might get notification like these

Risk Detected

Event Time:
Begin Time:
End Time:
Number:
Event Description:
Event Type:
Hack Type:
Severity:
Application Name:
Network Protocol:
Traffic Direction:
Remote IP:
Remote MAC:
Remote Host Name:
Alert:
Local Port:
Remote Port:

Resolution

In SEP configuration you need to exclude the IP of the CCSVM scanner (using SEP Console):

Go to Policies -> Intrusion Prevention : Select your policy and right click Edit.

In the Intrusion Prevention section, click to Enabled excluded hosts and open "Excluded Hosts" Section

Click Add and enter the IP of the scanner(s), then click ok to save.

Once policy is saved, assign the policy to the relevant client group.