Nmap is an open source utility used to scan map networks, and scan for open ports on workstations and servers. During the scripting stage of the network scan, Nmap will attempt to connect using HTTP, and has it's own user agent.
User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)
Nmap does contain the ability to change the user agent to any user agent, the vulnerability will defend off most script kidies and novices. This vulnerability is set to alert so you can monitor your network to make sure there are no false positives.
Please let me know if you have any problems, and I'll try to refine the RegEx.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!