I want to allow Port Scan traffic from 2 legitimate sources to multiple targets. The port scan signature is 3700.
When I tried to use event to create Exceptions or Trusted Apps, I got error message: Invalid Process Name.
Please refer to the attachment for more info.
I try not to use Trusted Network unless there is no other way. I have not tried put targets in Learn Mode since it involves too many people.
I cannot use Trusted Apps Policies because port scan does not have a process name (ex. C:\winnt\system32\inetsrv\inetinfo.exe.)
The question is how to configure Exceptions or Trusted App using HIPS event?
Thank you in advance.