How Symantec Endpoint Protection protection features work together

Article:HOWTO55268  |  Created: 2011-06-29  |  Updated: 2011-12-16  |  Article URL http://www.symantec.com/docs/HOWTO55268
Article Type
How To


Subject


How Symantec Endpoint Protection protection features work together

Some policy features require each other to provide complete protection on Windows client computers.

Warning:

Symantec recommends that you do not disable Insight lookups.

Table: How policy features work together

Policy Feature

Interoperability Notes

Download Protection

Download Protection is part of Auto-Protect and gives Symantec Endpoint Protection the ability to track URLs. The URL tracking is required for several policy features.

If you install Symantec Endpoint Protection without Download Protection, Download Insight has limited capability. Browser Intrusion Prevention and SONAR require Download Protection.

The Automatically trust any file downloaded from an intranet website option also requires Download Protection.

Download Insight

Download Insight has the following dependencies:

  • Auto-Protect must be enabled

    If you disable Auto-Protect, Download Insight cannot function even if Download Insight is enabled.

  • Insight lookups must be enabled

    Symantec recommends that you keep the Insight lookups option enabled. If you disable the option, you disable Download Insight completely.

Note:

If Download Protection is not installed, Download Insight runs on the client at level 1. Any level that you set in the policy is not applied. The user also cannot adjust the sensitivity level.

Even if you disable Download Insight, the Automatically trust any file downloaded from an intranet website option continues to function for Insight Lookup.

Insight Lookup

Uses Insight lookups

Insight Lookup uses the latest definitions from the cloud and the Insight reputation database to make decisions about files. If you disable Insight lookups, Insight Lookup uses the latest definitions only to make decisions about files.

Insight Lookup also uses the Automatically trust any file downloaded from an intranet website option.

Note:

Insight Lookup does not run on right-click scans of folders or drives on your client computers. Insight Lookup does run on right-click scans of selected files.

SONAR

SONAR has the following dependencies:

  • Download Protection must be installed.

  • Auto-Protect must be enabled.

    If Auto-Protect is disabled, SONAR loses some detection functionality and appears to malfunction on the client. SONAR can detect heuristic threats, however, even if Auto-Protect is disabled.

  • Insight lookups must be enabled.

    Without Insight lookups, SONAR can run but cannot make detections. In some rare cases, SONAR can make detections without Insight lookups. If Symantec Endpoint Protection has previously cached reputation information about particular files, SONAR might use the cached information.

Browser Intrusion Prevention

Download Protection must be installed. Download Insight can be enabled or disabled.

Trusted Web Domain exception

Download Protection must be installed.

When you create a Trusted Web domain exception, the exception is only applied if Download Protection is installed.

See Managing Download Insight detections.

See Managing SONAR.

See Managing intrusion prevention on your client computers.


Legacy ID



v45043646_v59371754


Article URL http://www.symantec.com/docs/HOWTO55268


Terms of use for this information are found in Legal Notices