Enabling or disabling client submissions to Symantec Security Response

Article:HOWTO55286  |  Created: 2011-06-29  |  Updated: 2011-12-16  |  Article URL http://www.symantec.com/docs/HOWTO55286
Article Type
How To


Subject


Enabling or disabling client submissions to Symantec Security Response

Symantec Endpoint Protection can protect computers by submitting information about detections to Symantec Security Response. Symantec Security Response uses this information to address new and changing threats. Any data you submit improves Symantec's ability to respond to threats and customize protection for your computers. Symantec recommends that you choose to submit as much detection information as possible.

See About submitting information about detections to Symantec Security Response

See How Symantec Endpoint Protection uses reputation data to make decisions about files

See Specifying a proxy server for client submissions and other external communications

Client computers submit information anonymously about detections. You can specify the types of detections for which clients submit information. You can also enable or disable submissions from client computers. Symantec recommends that you always enable submissions. In some cases, however, you might want to prevent your clients from submitting such information. For example, your corporate policies might prevent your client computers from sending any network information to outside entities.

To enable or disable client submissions to Symantec Security Response

  1. In the console, select Clients then click the Policies tab.

  2. In the Settings pane, click External Communications Settings.

  3. Click the Submissions tab.

  4. If you want to enable your client computers to submit data for analysis, check Let computers automatically forward selected anonymous security information to Symantec.

  5. To disable submissions for the client, uncheck Let computers automatically forward selected anonymous security information to Symantec.

    If you disable submissions for a client and lock the settings, the user is unable to configure the client to send submissions. If you enable, select your submissions types and lock the settings, the user is not able to change your chosen settings. If you do not lock your settings, the user can change the configuration as desired.

    Symantec recommends that you submit threat information to help Symantec provide custom threat protection. You may need however, to disable this feature in response to network bandwidth issues or a restriction on data leaving the client. You can check the Client Activity to view log submissions activity if you need to monitor your bandwidth usage.

    See Viewing logs.

  6. Select the types of information to submit:

    • File reputation

      Information about files that are detected based on their reputation. The information about these files contributes to the Symantec Insight reputation database to help protect your computers from new and emerging risks.

      Note:

      Unmanaged clients require a paid license to enable the submission of file reputation data.

      See Licensing an unmanaged client.

    • Antivirus detections

      Information about virus and spyware scan detections.

    • Antivirus advanced heuristic detections

      Information about the potential threats that are detected by Bloodhound and other virus and spyware scan heuristics.

      These detections are the silent detections that do not appear in the Risk log. Information about these detections is used for statistical analysis.

    • SONAR detections

      Information about the threats that SONAR detects, which include high or low risk detections, system change events, and suspicious behavior from trusted applications.

    • SONAR heuristics

      SONAR heuristic detections are silent detections that do not appear in the Risk log. This information is used for statistical analysis.

  7. Check Allow Insight lookups for threat detection to allow Symantec Endpoint Protection to use the Symantec Insight reputation database to make decisions about threats.

    Insight lookups are enabled by default. You can disable this option if you do not want to allow Symantec Endpoint Protection to query the Symantec Insight reputation database.

    Download Insight, Insight Lookup, and SONAR use Insight lookups for threat detection. Symantec recommends that you allow Insight lookups. Disabling lookups disables Download Insight and may impair the functionality of SONAR heuristics and Insight Lookup.


Legacy ID



v46376851_v59371754


Article URL http://www.symantec.com/docs/HOWTO55286


Terms of use for this information are found in Legal Notices