What's included in a Reputation Request made by the SEP 12.1 Reputation Engine?

Article:HOWTO59336  |  Created: 2011-09-30  |  Updated: 2012-07-28  |  Article URL http://www.symantec.com/docs/HOWTO59336
Article Type
How To



Symantec Endpoint Protection 12.1 utilizes new and improved Reputation checks to further aid in our Proactive Threat Protection in determining what files may pose a risk to a client system. It's important to understand how these requests are made to understand associated network overhead and security issues based on contacting Symantec for reputation information.
 
The average size of reputation request is 3KB.
 
Data in a reputation request:
 
SEP engine making the reputation request
File name
File path
Hash of the file (SHA256 and MD5)
File attributes
 
Additional data, if applicable or available:
 
Company name from signature
Signature issuer
URL (and corresponding IP address)
 
Once a request is made, the result of that request is stored locally. The local reputation database is typically 4 to 6MB in size, but may grow to 20MB if hundreds of applications are installed on the client.
 
Repeat reputation requests to Symantec are only made when a file is considered to be untrustworthy and SEP determines that the trust level requires rechecking.

We hope this information helps you better understand network impact and security concerns regarding Reputation checking in SEP 12.1




Article URL http://www.symantec.com/docs/HOWTO59336


Terms of use for this information are found in Legal Notices