Whitelisting of the internal vulnerability scanner
Hello everyone, our infrastructure has vulnerability scanners that actively investigate and try to exploit systems, users are alerted, we get a lot of logs from it. Is it possible to add a specific IP address of this scanner to the whitelist so that users do not get an alert? Other alerts that may be true should stay. How to do that?
seshuganesh's comment was for FortiGate settings; we assumed that your FortiGate is blocking/alerting/logging the vulnerability scanner, not FortiClient.
From the screenshot, it's the FortiClient's application firewall that's blocking the scanner and notifying the user.
I'm not an expert in FortiClient, but as far as I have been able to find, you should be able to add an application override for the 'Gnutella_Download' application to allow it (the application firewall profile would need to be edited on EMS). You would need to generate/get a signature for that application, which I don't know how to do, my apologies.
If the pop-up is the primary issue, you can disable those notifications in the EMS application firewall profile, though the actual functionality (blocking the application) would still happen.
+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Unfortunately that's impossible, you're right it's forticlient, sorry. I need to block alerts from a specific IP address because the scanner uses many different exploitation attempts and there are plenty of these application names. Also, if there was an exploitation attempt blocked by forticlient but not from my scanner, I'd like to know about it. I need to filter out alerts from a specific IP address, such an exception.