Endpoint Protection

 View Only

  • 1.  Exception or Whitelist on Macs for Corporate Vuln Scanner?

    Posted Oct 08, 2014 10:11 PM

    So I've looked through my 12.1.4 SEPM and so far it's not obvious to me how I would exempt or whitelist our corporate vulnerability scanner for the Macs in our environment. The exemptions (via a specific subnet) work fine on the Windows side, but last week we got a popup on a few Macs that were being scanned...popups from our internal scanners are bad in a corporate environment, I need to figure out how to silence them.

    Thanks for any suggestions, and I apologize in advance if I'm missing something simple.

    -Mike



  • 2.  RE: Exception or Whitelist on Macs for Corporate Vuln Scanner?

    Posted Oct 08, 2014 10:16 PM

    How are you entering the excluded host? per this:

    SEP for Mac 12.1.4 ignores IPS Excluded Hosts

    it does not support MAC, hostnames or domain names exclusion, only IP, range, and subnet.



  • 3.  RE: Exception or Whitelist on Macs for Corporate Vuln Scanner?

    Posted Oct 09, 2014 09:25 AM

    Hi Brian,

    Yes...we have a "Host Group" setup for our scanners, using only individual IP Adrresses and an IP Address Range. Within the Intrusion Prevention Policies, under the "Excluded Hosts..." button, we have the Host Group above selected...along with some other groups that may or may not include MAC addresses, host names.

    Would the IP policy be ignoring my scanners group exclusion if it found another group based on MAC addresses?

    Anyway...that is where things stand.

    Thanks for the reply!

    -Mike



  • 4.  RE: Exception or Whitelist on Macs for Corporate Vuln Scanner?

    Posted Oct 09, 2014 09:29 AM

    My guess is it will honor anything with an IP and/or range and exclude the others that are not supported.

    The doc is kinda vague, may want to try support.