Regular vulnerability scanning is now a part of daily life when supporting a computer network.
We run an internal vulnerability scanning system, so that we can ensure that we’re aware of and can mitigateresolve any known vulnerabilities found on our systems. However, the IPS functionality provided by the Endpoint Protection client is blocking the scans when we run them, thereby preventing us from being able to get a proper idea of any vulnerabilities that may be present.
The IPS functionality doesn’t have an option to exclude a specific host, so the only way we can currently get a complete scan result is to disable the IPS completely, which subsequently means the target machine(s) are undefended from attacks from any source.
I would like there to be a way to exclude a specific host to enable inhouse scanning, whilst still preventing attacks from outside sources.
It is good that the IPS blocks the attacks that it does, when we run a scan; but that doesn’t help were the IPS service to fail on a machine or multiple machines, and it exposed a vulnerability that we would otherwise have addressed. Leaving the client totally unprotected whilst running vulnerability scans (again, from a specific, trusted host), really isn’t a viable option.