Endpoint Protection

 View Only

  • 1.  Vulnerability is blocked even when in excluded host

    Posted Jun 27, 2016 03:53 PM

    We have a vulnerability scanner (Nexpose) that does a scan of the network.  I added the IP of the Nexpose server to the Excluded Hosts in the Intrusion Prevention policy.  Mac users continue to receive a notification that the vulnerability is blocked.  How do I get the SEP client to not block the scan from the excluded IP and to not show a notification?



  • 2.  RE: Vulnerability is blocked even when in excluded host

    Posted Jun 27, 2016 04:14 PM

    You have 3 options:

    • Withdraw the IPS policy.
    • Set every signature or the ones firing to Alert only.
    • Temporarily disable IPS, run your scan, re-enable IPS once the scan completes.

    It should be the same process for Macs as it seems they don't apply to the excluded hosts section.



  • 3.  RE: Vulnerability is blocked even when in excluded host

    Posted Jun 27, 2016 04:39 PM

    Is there a way to leave IPS enabled but not notify the user?  Also, how do you disable IPS?



  • 4.  RE: Vulnerability is blocked even when in excluded host

    Posted Jun 27, 2016 04:43 PM

    See here:

    How to disable display of Network Threat Protection / Intrusion Prevention Notifications in Endpoint Protection for Macintosh

    To disable go to the Policies page and open your IPS policy. On the Intrusion Prevention tab open the Lock icon. Now you should be able to disable from the client side.

    Just as a side note after some digging, SEP for Mac should honor IPS excluded hosts but not hostnames, so try by IP:

    SEP for Mac 12.1.4 ignores IPS Excluded Hosts