I have placed the IP address of our port scanner in the trusted networks, and I have checked trust for IPS. I am still getting a 3702 sig block from the IPS. I have went so far, and I made the IP and exemption within this signature, and it is still being blocked. Any ideas?
I put the .exe with the MD5 hash in the 3700 and 3702 signature ID's. I am hoping that this does the trick. I also placed these files in trusted applications and checked trust for firewall.
Network IPS signatures don't typically see local processes (they are network-based signatures; not host-based sigs), so unless the signature violations contains executable info, you cannot just add it.