When Qualys scans our VDI user machines our VDI users get a message "-IP address- wants to shadow your session" This is coming from the scanner appliance when it does a port scan as Qualys does indeed scan within the VNC TCP port range (5500 - 5999). This is a known issue as documented here:
Seems like we may want to change the WYSE config file (wnos.ini) to not allow VNC connections as we do not use VNC. However, I'm told our remote admin tools may use these ports. I know I can set Qualys scan to exclude this range.
My question is what is the best practice here? Should we NOT scan these ports or is it better to get a full scan and modify the wnos.ini file?