When using an internal vulnerability scanner, clients with Symantec Endpoint installed take over 4 hours each to scan, and cause a flurry of on-screen and email alerts.
Having raised the case with Symantec support, the only choices are:
1. On every client, add exclusion for all the signatures that are being raised by the scan - obviously tedious in a business environment, and the signatures may change over time
2. Edit or add a policy to temporarily disable IPS in the cloud portal
We've got around the issue by using option2 (scans now take about 5 minutes each), but there's obviously a risk that the policy is not swapped back.
Firewall rules already exist to allow full firewall access to/from the vulnerability scanner IP, but there's no option on the Cloud based portal to add the vulnerability scanner's IP address to an IPS whitelist, which would completly resolve the issue. Could this capability be added?