How do I exclude ports and/or hosts from being scanned so that scans do not trigger alerts from IDS systems?
QualysGuard scans set off Intrusion Detection/Prevention Systems when scanning certain ports on certain hosts. The Intrusion Detection/Prevention System detects the QualysGuard scan as malicious traffic and sets off alerts.
The ideal solution is to whitelist the QualysGuard scanner in the IDS/IPS. If this is not possible, the procedures below to exclude certain hosts or ports from being scanned.
To exclude entire hosts:
- Go to Scans > Setup > Excluded Hosts.
- On the Excluded Hosts Setup page, click Edit.
- On the Edit Excluded Hosts page, enter the desired IP addresses.
- Click Add.
- Click Save.
All hosts in this list will be excluded from future maps or scans.
To exclude certain ports:
- Go to Scans > Option Profiles.
- Select New > Option Profile.
- Enter a title for the new profile and select any desired options under the Scan and Map tabs.
- Click on the Additional tab .
- Click Blocked Resources to activate this feature.
- Select Custom port list.
- Enter the ports not to be scanned.
- To apply these settings to all IP addresses in your account, select All Registered IPs. To apply it only to certain hosts, select Custom IP list and enter the specific hosts that are not to be scanned on the specified ports.
-Click Save to save the new profile.
-Launch a scan with the new profile you created.
Qualys Support KnowledgeBase