I take it the Engineer did not like you scanning his subnets? Were the scans to frequent? What is the policy concerns scans?
I would ask more questions before revving up the chainsaw. I am sure there is always a way to get to "Yes".
Well, there were actually lots of questions. The ASA at that site and Lancope were both seeing the traffic at exactly the same time, so they lined up perfectly, but the source IP's were different on each. The ASA at that site showed the source IP as my SW poller. Soooo... he was making assumptions that IPAM on my poller was attempting to scan subnets.
Now, we have since gotten to the culprit, and it wasn't my poller, but I would have like to be able to just shutdown IPAM scanning specifically from that remote poller for a few minutes to clear it's name. Eventually I shut all the services down, and even turned the box off to get my SW server out of the hot seat.
The only way for now is to disabled ICMP and SNMP scanning for all pollers in Admin -> IPAM Settings -> Subnet Scan Settings