Summary
Configure OfficeScan firewall to block/detect null port scan requests from any port scanners.
Details
OfficeScan firewall does not have an engine to detect or block port scans. It blocks intrusions using hard coded information that doesn't include port scans.
To detect/block port scans, install the Intrusion Defense Firewall (IDF) plug-in for OfficeScan.
The feature is called Reconnaissance Scan Detection. It has the following features:
- It can detect/block null scans.
- Block traffic.
- Send notifications.
To enable this feature:
- Log on to the OSCE web console and go to Plug-ins Tab.
- Under Intrusion Defense Firewall, click Manage Program.
- Go to System Settings > Reconnaissance.
- Look for TCP Null Scan and set the Block Traffic time.
Click image to enlarge.