Managed Risk

Risk Dashboard

Updated Jan 25, 2024

Add an IP address or IP address range to the denylist

A denylist is a list of IP addresses that you do not want the scanner to scan. For example, devices with non-optimally designed or implemented embedded network stacks that may behave unexpectedly if scanned, like printers or consumer-grade WiFi access points that could print unexpected output or reboot if scanned. You can choose not to scan these devices.

Tip: Your CST works with you to reduce the number of devices on your denylist because a bad actor could use the same vulnerabilities to further compromise your network.

  1. Sign in to the Risk Dashboard.
  2. In the navigation menu, click Config > Scanner Config.
  3. In the Scanner Configuration section, in the DenyList IP/Networks field, enter IP addresses or networks as a comma-separated list in classless inter-domain routing (CIDR) format. The DenyList IP/Networks field accepts individual hosts without the /32 specification or networks in the same CIDR X.X.X.X/Y.

    Tip: You can specify multiple IP addresses using a - separator in one of the IP octets. For example, expands to,,