Managing Download Insight detections
| Article:HOWTO54885 | | | Created: 2011-06-29 | | | Updated: 2011-12-20 | | | Article URL http://www.symantec.com/docs/HOWTO54885 |
Auto-Protect includes a feature that is called Download Insight, which examines the files that users try to download through Web browsers, text messaging clients, and other portals.
Supported portals include Internet Explorer, Firefox, Microsoft Outlook, Outlook Express, Windows Live Messenger, and Yahoo Messenger.
Download Insight determines that a downloaded file might be a risk based on evidence about the file's reputation. Download Insight is supported only for the clients that run on Windows computers.
Note: | If you install Auto-Protect for email on your client computers, Auto-Protect also scans the files that users receive as email attachments. |
See Managing scans on client computers.
Table: Managing Download Insight detections
Task | Description | ||||
|---|---|---|---|---|---|
Learn how Download Insight uses reputation data to make decisions about files | Download Insight uses reputation information exclusively when it makes decisions about downloaded files. It does not use signatures or heuristics to make decisions. If Download Insight allows a file, Auto-Protect or SONAR scans the file when the user opens or runs the file. | ||||
View the Download Risk Distribution report to view Download Insight detections | You can use the Download Risk Distribution report to view the files that Download Insight detected on your client computers. You can sort the report by URL, Web domain, or application. You can also see whether a user chose to allow a detected file.
The "user-allowed" files that appear in the report might indicate false positive detections. Users can allow files by responding to notifications that appear for detections. Administrators receive the report as part of a weekly report that Symantec Endpoint Protection Manager generates and emails. You must have specified an email address for the administrator during installation or configured as part of the administrator properties. You can also generate the report from the Reports tab in the console. | ||||
Create exceptions for specific files or Web domains | You can create an exception for an application that your users download. You can also create an exception for a specific Web domain that you believe is trustworthy. See Excluding a trusted Web domain from scans.
For information about the recommended exceptions, see the related Technical Support Knowledge Base article. By default, Download Insight does not examine any files that users download from a trusted Internet or intranet site. You configure trusted sites and trusted local intranet sites on the Windows Control Panel > Internet Options > Security tab. When the option is enabled, Symantec Endpoint Protection Small Business Edition allows any file that a user downloads from any sites in the lists.
| ||||
Make sure that Insight lookups are enabled | Download Insight requires reputation data from Symantec Insight to make decisions about files. If you disable Insight lookups, Download Insight runs but detects only the files with the worst reputations. Insight lookups are enabled by default. See Enabling or disabling client submissions to Symantec Security Response. | ||||
Customize Download Insight settings | You might want to customize Download Insight settings for the following reasons:
| ||||
Allow clients to submit information about reputation detections to Symantec | By default, clients send information about reputation detections to Symantec. Symantec recommends that you enable submissions for reputation detections. The information helps Symantec address threats. See Enabling or disabling client submissions to Symantec Security Response. |
|
|
Legacy ID
v43342751_v59371755
Article URL http://www.symantec.com/docs/HOWTO54885
Terms of use for this information are found in Legal Notices
Thank you.