Dear All,
Good day. As I remember , the SEP 12 sometimes shows programs would block the nexpose traffic ( e.g. svchost.exe ) hence the nexpose fail to compelete the scan. Does any one know any improvement on version 14 MP1 ?
Regards,
Logan
Nexpose/InsightVM has always worked with SEP. You just need create an IPS exclusion where you add the Scan engine IP adresses.
https://support.symantec.com/en_US/article.HOWTO81159.html#v8148757
I've never had an issue with SEP and Nexpose, aside from what was already mentioned about adding the scan engine IP to the IPS excluded hosts section. This won't matter whether it's 12.1 or 14. Outside of that I can't think of any other issues.
Are you seeing issues with something else?
Dear Torb and Brian,
We are using unmanaged client, does it still works on it ?
have you tried to disable active response ?
also have a look at this forum to add IP address exclution to unmanaged SEP client.
https://www.symantec.com/connect/forums/network-threat-protection-exclude-ip-unmanaged-client
Dear Praveen Ayappan,
I have already added a rule in it before scanning but still get such result .
Thanks for your suggestion.
Dear all,
Any suggestion about my case ?
Unlike the managed client, the unmanaged client does not allow for the ability to exclude hosts in the IPS policy. I believe you'll need to temporarily disable the IPS on the client to run the scan.