How Symantec Endpoint Protection uses reputation data to make decisions about files
|Article:HOWTO55275|||||Created: 2011-06-29|||||Updated: 2011-12-16|||||Article URL http://www.symantec.com/docs/HOWTO55275|
Symantec collects information about files from its global community of millions of users and its Global Intelligence Network. The collected information forms a reputation database that Symantec hosts. Symantec products leverage the information to protect client computers from new, targeted, and mutating threats. The data is sometimes referred to as being "in the cloud" since it does not reside on the client computer. The client computer must request or query the reputation database.
Insight determines a file's security rating by examining the following characteristics of the file and its context:
Scanning features in Symantec Endpoint Protection leverage Insight to make decisions about files and applications. Virus and Spyware Protection includes a feature that is called Download Insight. Download Insight relies on reputation information to make detections. If you disable Insight lookups, Download Insight runs but cannot make detections. Other protection features, such as Insight Lookup and SONAR, use reputation information to make detections; however, those features can use other technologies to make detections.
By default, a client computer sends information about reputation detections to Symantec Security Response for analysis. The information helps to refine Insight's reputation database. The more clients that submit information the more useful the reputation database becomes.
Article URL http://www.symantec.com/docs/HOWTO55275