Manage Your Excluded Hosts

Tell me about the excluded hosts list

Will I be notified before IPs are removed from the list?

How to exclude the hosts from scanning?

Can I add IPs that aren't in my subscription?

How to add an expiration date to the excluded hosts?

How often should I make changes to the list?

Where can I view the excluded host list?

Can I change the expiration date for a host already on the list?


Tell me about the Excluded Hosts list

Excluding hosts from a scan means they will not be included in security or map scans. Several reasons could justify its use: when hosts aren't relevant, resources are limited, or for creating custom scans.

This is a powerful feature that gives users control. They can tailor the scan to their needs. This control boosts their ability to manage network security. It makes them more effective at protecting their systems.

Note: In the absence of a deadline, the IPs you excluded from scanning will remain excluded until they are removed.

How to exclude the hosts from scanning?

To exclude hosts from scanning, perform the following steps.

  1. Go to Scans > Setup > Excluded Hosts.
     
  2.  Click Excluded Hosts tile. The Excluded Hosts Setup window is displayed.

    VMDR dashboard showing Excluded Hosts and its new text.
  3.  From the Network drop-down, select the network whose hosts you want to exclude, and then click Edit.

    Selecting the Network as Global Default Network.
     
  4.  In the Edit Excluded Hosts window, perform the following steps.
    1.  In the Hosts panel, enter the IPs you want to exclude. Separate each IP or IP range with one of the following: comma, semi-colon, space, carriage return, or tab.
       
    2. Set a deadline for removing IPs from the excluded list. This is an optional step.
       
    3. Add users to a distribution group if you want multiple people to be informed when the deadline approaches. This is an optional step.
       
    4. Click the Comments panel and enter your comments. This step is required.
       
    5. Click Add. The IPs are added to the excluded hosts list.

      Entering the IPs/IP ranges to the network.
       

Tell me about user permissionsTell me about user permissions

Both Managers and Unit Managers have privileges to edit the excluded hosts list. Managers can add/remove any host in the subscription. Unit Managers can add/remove any host in their business unit.

See different formats for IPs/rangesSee different formats for IPs/ranges

The table below lists acceptable IP formats.

Format

Example

# of IPs Added

List of single IPs

17.16.20.5, 17.16.20.21

2

IP Ranges

167.216.205.1-167.216.205.254

254

CIDR

192.168.0.87/24

This range will automatically be converted and saved as the following:

192.168.0.0-192.168.0.255

256 (Class C Network)

How to add an expiration date to the excluded hosts?

The expiration date for excluded hosts is a crucial step in maintaining system security. It refers to the duration for which those hosts remain excluded from the scanning process. After this expiration date, the excluded hosts will be included in subsequent scans unless they are manually excluded again.

By setting an expiration date, users can rest assured that hosts are automatically re-included in scans after the designated period. This automated process greatly reduces the risk of overlooking important systems or leaving them vulnerable for an extended period.

To add an expiration date, perform the following steps:

  1. Go to Scans > Setup > Excluded Hosts.
     
  2. Click Excluded Hosts tab. The Excluded Hosts Setup window is displayed.
     
  3. From the Network drop-down, select the network whose hosts you want to exclude, and then click Edit.
     
  4. In the Edit Excluded Hosts window, perform the following steps.
    1. In the Hosts panel, enter the IPs you want to exclude. Separate each IP or IP range with one of the following: comma, semi-colon, space, carriage return, or tab.
       
    2. Set a deadline by selecting the Remove IPs from the excluded host list after checkbox and specifying a period. The range supported is 1- 365.
       
    3. Add users to a distribution group if you want multiple people to be informed when the deadline approaches. This is an optional step.
       
    4.  Click the Comments panel and enter your comments. This step is required.
       
    5. Click Add. The IPs are added to the excluded hosts list.

      Selecting IPs to set an expiration date.

 

Where can I view the excluded host list?

After you have created an excluded host list, you can view this list in two places: Existing Excluded Hosts and Excluded Hosts with an expiration date.

To view more information on the excluded hosts, perform the steps below.

  1. Go to Scans > Setup > Excluded Hosts.
     
  2. Click Excluded Hosts tab. The Excluded Hosts Setup window is displayed.
     
  3. From the Network drop-down, select the network whose hosts you want to exclude.
     
  4. To view excluded hosts in different views, do the following:
    1. To view hosts excluded from the scan, regardless of their expiration date, click View next to Existing Excluded Hosts.

      The Excluded Hosts window opens and provides you with the following information related to the excluded hosts.

      Displaying the existing hosts list when clicked on View.

      The excluded host details are sorted by Edited Date in descending order, with the records edited recently appearing first. 
    2. To view hosts with an expiration date, click View next to Excluded Hosts with an expiration date.
      The Excluded Hosts Expiration window opens and provides you with the following information.

 

Will I be notified before IPs are removed from the list?

Yes. We will send an email notification 7 days prior to removing IPs from the list. Refer to Configure a Distribution Group.

Can I add IPs that aren't in my subscription?

Yes. IPs not currently in your subscription may be added to the excluded hosts list, ensuring that they will not be scanned even if later added to the subscription. Refer to How to exclude the host from scanning.

How often should I make changes to the list?

The excluded hosts list may be edited as often as necessary to meet the changing demands of your organization. For example, if you have a set of machines performing critical business tasks and you want to ensure that no traffic is sent to them, you should add those IPs to the excluded hosts list. As soon as the business tasks are complete, you can remove them from the excluded hosts list, allowing them to once again be scanned. You can even have the hosts automatically removed after a set number of days.

Can I change the expiration date for a host already on the list?

Yes. Add the host to the list again and set a new deadline. The expiration date will be updated. Refer to How to add an expiration date to the excluded hosts.