Symantec - False Positive Port Scan Attack Solution

[henriquesalvador 10]

Hi all,

 

If you use the Symantec Endpoint Protection you probably want to whitelist  your Domotz Pro Agent, to do so please do the following:

 

In SEP (Symantec Endpoint Protection) configuration you need to exclude the IP of your Domotz pro agent (make sure it is reserved at the DHCP server or configure with an Static IP address) using SEP Console:
 

• Go to Policies -> Intrusion Prevention : Select your policy and right click Edit.

• In the Intrusion Prevention section, click to Enabled excluded hosts and open "Excluded Hosts" Section

• Click Add and enter the IP of the scanner(s), then click ok to save.

• Once policy is saved, assign the policy to the relevant client group.

 

If you do not do this, the following message will be displayed, preventing the agent from correctly monitoring the workstations.

 

 

Kind regards,
Henrique Salvador
Domotz Support