Hi All,
Good Day,
We are using Sep 12.1 RU 1 MP 1 and doesn’t using SEP firewall module on Machines and some of the Machines IPS is blocking an application and logging an event with Severity: Critical, while we are trying to run our vulnerability Check from VA application?
We need to exclude all traffic from VA server, and how we can achieve this?
A Sample Risk Log has been attached
-------------------------------------------------------------------
Event Time: 04/02/2013 13:52:20
Begin Time: 04/02/2013 13:52:23
End Time: 04/02/2013 13:52:23
Occurrence: 1
Signature Name: OS Attack: MS SMB2 Validate Provider Callback CVE-2009-3103
Signature ID: 23471
Signature Sub ID: 72833
Intrusion URL: N/A
Intrusion Payload URL: N/A
Event Description: [SID: 23471] OS Attack: MS SMB2 Validate Provider Callback CVE-
2009-3103 attack blocked. Traffic has been blocked for this application: SYSTEM
Event Type: Intrusion Prevention
Hack Type: 0
Severity: Critical
Application Name: SYSTEM
Network Protocol: TCP
Traffic Direction: Inbound
Remote IP: X.X.X.X
Remote MAC: N/A
Remote Host Name: N/A
Alert: 1
Local Port: 445
Remote Port: 3287
-----------------------------------------------------------
Thanks in advance
Ajin