Why Alerts Happen
On the network
Because our primary discovery solutions are agentless, our processes can appear to some security solutions as being potentially malicious. This can be remediated easily by adding some exclusion information to those security products.
Our hope is that the host computer or appliance's IP address is already trusted via group or security policy, but where it is not, notifications (almost always benign in nature) can sometimes occur.
On the host computer (for the Windows application)
Again, due to our agentless nature, we construct our inventory methodologies in real-time. This can result in what an endpoint security product believes to be a real-time threat.
What To Do
The best defense is to ensure that your security team is aware that this activity is happening and that this traffic is expected prior to deployment.
This way, provisions can be put in place - most times very quickly - that allow the discovery and inventory to proceed unimpeded.
On the network or endpoints being inventoried
As long as the appropriate network ports are accessible (as per the technical prework provided... see here for further detail) and that the host computer or appliance's IP address has been added to an exception list, we should be able to complete the inventory without issue!
On the host computer (for the Windows application)
Make sure to exclude the application folder from all endpoint security scans and threat prevention. Typically that folder is at C:\Program Files (x86)\Block 64 Corporation\Block 64 Discovery
or C:\Program Files (x86)\Block 64\Block
How we work with Endpoint Security Vendors
We’ve worked with vendors like Symantec, McAfee, and even Microsoft’s ATP team to ensure our software is not mistaken for malicious traffic, which has been successful to date, but we’d love to better understand the nature of any alerts you may have received to take any necessary action on our end – if you are amenable, that is!