Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
I imagine if you are using a TAP interface you are just in the process of actually getting all of this setup, and therefore likely using the default profiles. This will by default cause an alert to be generated, but if you use a profile other than the default you can actually build out an exclusion within the profile to ignore certain threats.
I would be slightly more concerned however that you are getting alerts for scans taking place on the tap interface. Have you properly investigated these and verified that there aren't actually scans taking place across your network for some reason? If it's a false positive then I would look at adding an exclusion into the profile if you truly want to just get rid of the alerts that are being generated.
Here's all of the IDs that you would need to exclude from a Spyware profile.
I do have Specific profiles for the Tap for (AV/AS/VP)
And on the AS profile where SIPVicious can be found I have added an exclusion,
So "SIPVicious" is on the Anti-Spyware profile, I have a exclusion for the "Audit-Tool" as that's the only one we see.
But the alerts still come though.
This particular traffic is on the outside of the network, it's being picked up as there is an un-routed "VLAN" on one of the monitored switch ports.
But we also get a lot of alerts generated because we run our own internal vulnerability scanner, so we generate our own false positive results.
Rob
