Zscaler Vulnerability Scanner is detected as C&C call back server by Apex One

Product / Version includes:

Apex One as a ServiceAll , Apex OneAll

Last updated: 2023/02/22

Solution ID: KA-0013936

Category: Troubleshoot

Summary

The Zscaler Vulnerability Scanner is being falsely detected by the Apex One agent as a C&C callback server, even though Zscalar is authorized for vulnerability scanning activities.

^{Click the image to enlarge.}

The Vulnerability Scanner normally scans network traffic to check if a machine is susceptible to a given vulnerability. This behavior can trigger the Apex One Network Security Protection feature “Suspicious Connection Service“, which checks for suspicious network packets, flagging it as potential C&C callback.

Please refer to https://www.zscaler.com/products/posture-control/vulnerability-management for additional information.

To resolve the issue:

Trend Micro has deployed new “Relevance Rule Pattern” 1.10853.00 to address this issue.

Please perform pattern component update (Suspicious Connections > Relevance Rule Pattern) and deploy to the endpoints.

Trend Micro has seen similar cases with Nessus Vulnerability Scanner:
Nessus Vulnerability Scanner machines are getting detected as C&C call back server

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Zscaler Vulnerability Scanner is detected as C&C call back server by Apex One

Zscaler Vulnerability Scanner is detected as C&C call back server by Apex One

Product / Version includes:

Summary