I am attempting to run a Security Vulnerability Reporting Tool called Nexpose Community. For Nexpose to scan the network, antivirus and the firewall needs to be disabled on the system Nexpose is installed on.
When running my scan of the network with both the Firewall and AntiVirus disabled, Nortons is alerting me that it is stopping "attacks" which are used by Nexpose to determine a targets vulnerability level.
Do I need to totally uninstall Norton's just to scan my network?
I am attempting to run a Security Vulnerability Reporting Tool called Nexpose Community. For Nexpose to scan the network, antivirus and the firewall needs to be disabled on the system Nexpose is installed on.
When running my scan of the network with both the Firewall and AntiVirus disabled, Nortons is alerting me that it is stopping "attacks" which are used by Nexpose to determine a targets vulnerability level.
Do I need to totally uninstall Norton's just to scan my network?
Welcome,
Sounds like tamper protection is doing its job. Your scanner wants to look at parts of your Norton program it considers very private. You can try again with that disabled but if the scanner makes any changes it could cause your NOrton product to fail. Move with great caution. Security software does not play well with other security software. The worst case result is greatly diminished or no protection, if the programs will even run after having tried to disable each other.
Is Norton blocking and alerting you to a threat, or are you just seeing Norton Product Tamper Protection events in the Norton logs? Are the Nexpose scans completing? If the scans finish then there is nothing to worry about - Nexpose simply tried to access some Norton thing and was blocked from doing so, but was otherwise allowed to continue. If the Tamper Protection events are causing Nexpose to hang or quit, then yes, you will need to disable Tamper Protection.
Tamper protection was something I missed in the configuration. However, disabling the firewall, antivirus and tamper protection still does not stop Norton's 360 from actively blocking the scanning.
Norton's is blocking and alerting me to the threats by popups on my screen. The Nexpose scans are completing, but there is the potential that Norton's continued protection is causing Nexpose to report False Negatives.
In terms of what is being blocked, it is the outbound attacks from this system against the other computers.
In terms of the security product Nexpose, it pokes at known vulnerabilties to confirm they exist. The sister product to Nexpose is Metasploit that will exploit known vulnerabilites. I am only scanning with Nexpose, I am not exploiting with Metasploit.
I just wish there was one kill switch that would disable Norton's in its entirety.
Try disabling Norton Intrusion Prevention. That is the component that detects exploits of various program and OS vulnerabilities. It will detect outbound, as well as inbound, attacks, and alert you to them. I am not cerrtain, but you could probably successfully complete your scans with Auto-Protect, the firewall, and other components enabled, just as long as IPS was turned off.
I had missed the Intrusion and Browser Protection tab in the Firewall settings. Turning Off Intrusion Prevention allowed Nexpose to throw all it had at the devices on the network, and it exposed a few additional vulnerabilties that Norton had previously blocked.
While I did not test another Nexpose scan with just the Intrusion Prevention disabled, it is something I can try at my next engagement here.