After speaking to support, we have found there is no way to perform vulnerability scanning of Microsoft Windows based computers running Symantec endpoint .cloud without disabling major components of the security toolset until the vulnerability scanning is complete - thus putting our machines at risk.
Leaving SEP fully functional during the scan causing inconsistent or incomplete results
We would like to request that a authenticated mutual trust be developed between vendors (Tenable, Qualys, etc) and or pre-entered machine names or IP's that would allow us to scan our machines without having to move the machines into a SEP .cloud group that effectively disables major functions (Firewall, etc)