How Symantec Endpoint Protection uses reputation data to make decisions about files

Article:HOWTO80989  |  Created: 2012-10-24  |  Updated: 2014-09-21  |  Article URL http://www.symantec.com/docs/HOWTO80989
Article Type
How To


Subject


How Symantec Endpoint Protection uses reputation data to make decisions about files

Symantec collects information about files from its global community of millions of users and its Global Intelligence Network. The collected information forms a reputation database that Symantec hosts. Symantec products leverage the information to protect client computers from new, targeted, and mutating threats. The data is sometimes referred to as being in the cloud since it does not reside on the client computer. The client computer must request or query the reputation database.

Symantec uses a technology it calls Insight to determine each file's level of risk or security rating.

Insight determines a file's security rating by examining the following characteristics of the file and its context:

  • The source of the file

  • How new the file is

  • How common the file is in the community

  • Other security metrics, such as how the file might be associated with malware

Scanning features in Symantec Endpoint Protection leverage Insight to make decisions about files and applications. Virus and Spyware Protection includes a feature that is called Download Insight. Download Insight relies on reputation information to make detections. If you disable Insight lookups, Download Insight runs but cannot make detections. Other protection features, such as Insight Lookup and SONAR, also use reputation information to make detections; however, those features can use other technologies to make detections.

By default, a client computer sends information about reputation detections to Symantec Security Response for analysis. The information helps to refine Insight's reputation database. The more clients that submit information the more useful the reputation database becomes.

You can disable the submission of reputation information. Symantec recommends, however, that you keep submissions enabled.

Client computers also submit other types of information about detections to Symantec Security Response.

See Managing Download Insight detections

See How Symantec Endpoint Protection policy features work together on Windows computers.

See Enabling or disabling client submissions to Symantec Security Response.

See Configuring a site to use a private Insight server for reputation queries


Legacy ID



v45204303_v81626096


Article URL http://www.symantec.com/docs/HOWTO80989


Terms of use for this information are found in Legal Notices