Running a vuln scan on a system with HIPS running?

[computadorka]

If you had to scan a system to allow it on your network, and it had HIPS software installed, but the user didnt have admin rights to temporarily disable the HIPS agent for purposes of running the vulnerability scan, would you scan it anyways and if no vulns showed would you allow it on your network.

I am speaking of visitors with laptops, and no rights to disable their protection. Of cousre scanning a system wiht HIPS is going to block a lot of what the vuln scan is doing.

thx

 

[PanzerBoxb]

The only way I would allow a visitor's system on my network would be to set up a captive segment that could do nothing but go out to the Net on a very limited set of ports.

 

[computadorka]

sure, that is a tight setup.

what about a visitor from the same company, but a different site.