How Symantec Endpoint Protection policy features work together
Some policy features require each other to provide complete protection on Windows client computers.
Symantec recommends that you do not disable Insight lookups.
Table: How policy features work together
Download Protection is part of Auto-Protect and gives Symantec Endpoint Protection the ability to track URLs. The URL tracking is required for several policy features.
If you install Symantec Endpoint Protection without Download Protection, Download Insight has limited capability. Browser Intrusion Prevention and SONAR require Download Protection.
The option also requires Download Protection.
Download Insight has the following dependencies:
Auto-Protect must be enabled
If you disable Auto-Protect, Download Insight cannot function even if Download Insight is enabled.
Insight lookups must be enabled
Symantec recommends that you keep the Insight lookups option enabled. If you disable the option, you disable Download Insight completely.
If basic Download Protection is not installed, Download Insight runs on the client at level 1. Any level that you set in the policy is not applied. The user also cannot adjust the sensitivity level.
Even if you disable Download Insight, the option continues to function for Insight Lookup.
Uses Insight lookups
Insight Lookup uses the latest definitions from the cloud and the Insight reputation database to make decisions about files. If you disable Insight lookups, Insight Lookup uses the latest definitions only to make decisions about files.
Insight Lookup also uses the option.
Insight Lookup does not run on right-click scans of folders or drives on your client computers. However, Insight Lookup runs on right-click scans of selected files.
Insight Lookup uses the configured Insight Lookup slider level value to evaluate the files that were downloaded from a supported portal. If the files were not downloaded from a supported portal, then Insight Lookup detects them only if they have the worst reputation (similar to level 1).
SONAR has the following dependencies:
Download Protection must be installed.
Auto-Protect must be enabled.
If Auto-Protect is disabled, SONAR loses some detection functionality and appears to malfunction on the client. SONAR can detect heuristic threats, however, even if Auto-Protect is disabled.
Insight lookups must be enabled.
Without Insight lookups, SONAR can run but cannot make detections. In some rare cases, SONAR can make detections without Insight lookups. If Symantec Endpoint Protection has previously cached reputation information about particular files, SONAR might use the cached information.
Browser Intrusion Prevention
Download Protection must be installed. Download Insight can be enabled or disabled.
Trusted Web Domain exception
The exception is only applied if Download Protection is installed.
See Managing Download Insight detections.
See Managing SONAR.
See Managing intrusion prevention on your client computers.