OfficeScan firewall does not have an engine to detect or block port scans. It blocks intrusions using hard coded information that doesn't include port scans.
To detect/block port scans, install the Intrusion Defense Firewall (IDF) plug-in for OfficeScan.
The feature is called Reconnaissance Scan Detection. It has the following features:
- It can detect/block null scans.
- Block traffic.
- Send notifications.
To enable this feature:
- Log on to the OSCE web console and go to Plug-ins Tab.
- Under Intrusion Defense Firewall, click Manage Program.
- Go to System Settings > Reconnaissance.
- Look for TCP Null Scan and set the Block Traffic time.
Click image to enlarge.