Control Compliance Suite

  • Private Community
 View Only

  • 1.  SEP Blocked Nessus -Tenable from SCANNING:

    Posted Nov 07, 2019 10:59 AM

    Hello guys,

     

    I post this a a challenge/issue that i'm facing, thus we have SEP on our working Environment as the protection for all endpoints.

     

    Also we have NEXUS Tenable tool for Vuleneability scanning torwads our endpoints. Thus I'm facing an issue that Tenable is blocked by SEP and fails to scan the endpoints especially servers.

     

    Kindly how can i whitelist Tenable IP or how can i resolve this...?



  • 2.  RE: SEP Blocked Nessus -Tenable from SCANNING:

    Trusted Advisor
    Posted Nov 07, 2019 11:06 AM

    Depending on the error message, please see https://community.tenable.com/s/article/Symantec-Endpoint-Protection-interfering-with-Nessus-authenticated-scans to see if it matches with what you're seeing.

    Basically, you need to authenticate it.



  • 3.  RE: SEP Blocked Nessus -Tenable from SCANNING:

    Posted Nov 07, 2019 12:15 PM

    I would caution against ever excluding an IPS Detection type from your IPS policies, as this allows everything to use that method to connect to your SEP protected machines (i.e. a Nessus scanner belonging to someone else could potentially scan your endpoints)

    Assuming this is an internally installed scanner, then my recommendation is to add the scanner's IP address to the list of Excluded Hosts in the IPS policies instead, and only for the duration of the scan.  If you are using laptops, I'd also suggest utilising Location Awareness to ensure this applies only to the target SEP clients when they're inside the corporate network, too.



  • 4.  RE: SEP Blocked Nessus -Tenable from SCANNING:

    Posted Nov 08, 2019 04:48 AM

    Hello SMLatCST,

     

    I'm taking this as a point, once done i will share the feedback as well.

     

     



  • 5.  RE: SEP Blocked Nessus -Tenable from SCANNING:

    Posted Nov 08, 2019 04:50 AM

    Hello Tony,

     

    I'm going throuh this and hopefull i will have something to get and peform on my side, much thank for your reply.

     

     



  • 6.  RE: SEP Blocked Nessus -Tenable from SCANNING:
    Best Answer

    Posted Nov 08, 2019 05:49 AM

    Hi Pascal,

    Thanks for the post.  If you mean Nessus, this is by design.  Here's an article that likely describes exactly what you are seeing.  Creating some IPS exceptions/exclusions will enable security admins to use Nessus without triggering IPS events or Auto-Block. After scans are complete, be sure to remove those exceptions/exclusions so that SEP will alert you if someone else is running unauthorized vulnerability scans!   

    About Endpoint Protection Audit Signatures

    https://support.symantec.com/us/en/article.TECH256366.html



  • 7.  RE: SEP Blocked Nessus -Tenable from SCANNING:

    Posted Nov 11, 2019 08:25 AM

    Hi Pascal,

    Just a ping to see if the note above helped?  This topic is still marked "Thread Needs Solution."



  • 8.  RE: SEP Blocked Nessus -Tenable from SCANNING:

    Posted Nov 11, 2019 09:15 AM

    Hello Mick2009,

     

    Yes mark as resolved, i will configured the exception for this. As of now  lets close this topic.



  • 9.  RE: SEP Blocked Nessus -Tenable from SCANNING:

    Trusted Advisor
    Posted Nov 11, 2019 09:23 AM

    In each comment, there is a "Mark as Solution" button - please select which comment helped you the best to resolve your issue.

    Thanks.



  • 10.  RE: SEP Blocked Nessus -Tenable from SCANNING:

    Posted Nov 12, 2019 03:41 AM

    HelloTony,

     

    Done as requested, kindly re-look.

     

    Thanks