We recently moved a legacy Windows web server behind an ASM. The server can't be upgraded for various reasons. We are not yet ready to deploy a full security policy in blocking mode, but we would at least like to prevent Shodan and other scanners from fingerprinting the backend server (e.g., determining OS version). How can we accomplish this? Thanks.