Problem:
The SEP 12.1 IPS component is enabled on a Nessus vulnerability scanning server and it detects and blocks all outgoing traffic that matches its IPS signature database, which then produces inaccurate vulnerability reporting:
Current Solution:
Symantec's current recommendation is to remove the IPS component from the Nessus server. This weakens the security of the box.
Proposed Solution:
Allow for the ability to add application exceptions to the IPS policy. In this case, NESSUSD.EXE would be added as an exception, which would then allow the vulnerability scan to take place and produce accurate results. All other traffic would still be inspected by the IPS, except for any traffic generated by NESSUSD.EXE