Whitelisting of the internal vulnerability scanner

Forum|Forum|3 years ago
June 13, 2022
1 reply
3944 views

Hello everyone, our infrastructure has vulnerability scanners that actively investigate and try to exploit systems, users are alerted, we get a lot of logs from it. Is it possible to add a specific IP address of this scanner to the whitelist so that users do not get an alert? Other alerts that may be true should stay. How to do that?

FortiClient

seshuganesh

Staff

Hi Team,

For the vulnerability scanners you can create plain firewall policy on top with no UTM profiles, so that UTM profiles will not generate alerts.

If my understanding is wrong, please explain issue in detail.

Jacek1Author

Visitor III

Unfortunately, it did not help.

Debbie_FTNT

Staff & Editor

Hey Jacek,

seshuganesh's comment was for FortiGate settings; we assumed that your FortiGate is blocking/alerting/logging the vulnerability scanner, not FortiClient.

From the screenshot, it's the FortiClient's application firewall that's blocking the scanner and notifying the user.

I'm not an expert in FortiClient, but as far as I have been able to find, you should be able to add an application override for the 'Gnutella_Download' application to allow it (the application firewall profile would need to be edited on EMS). You would need to generate/get a signature for that application, which I don't know how to do, my apologies.

If the pop-up is the primary issue, you can disable those notifications in the EMS application firewall profile, though the actual functionality (blocking the application) would still happen.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded