AnsweredAssumed Answered

Scanning VDI - exclude ports or modify ini file to not accept connections?

Question asked by torkum on Jul 9, 2012

When Qualys scans our VDI user machines our VDI users get a message "-IP address- wants to shadow your session" This is coming from the scanner appliance when it does a port scan as Qualys does indeed scan within the VNC TCP port range (5500 - 5999). This is a known issue as documented here:
http://community.wyse.com/forum/showthread.php?146-Xenith-Shadow-Session
http://www.fixya.com/support/t2441752-getting_message_about_shadowing_session

Seems like we may want to change the WYSE config file (wnos.ini) to not allow VNC connections as we do not use VNC. However, I'm told our remote admin tools may use these ports.   I know I can set Qualys scan to exclude this range.

 

My question is what is the best practice here?  Should we NOT scan these ports or is it better to get a full scan and modify the wnos.ini file?

 

Thoughts?

Outcomes