How Symantec Endpoint Protection uses reputation data to make decisions about files
|Article:HOWTO80989|||||Created: 2012-10-24|||||Updated: 2013-01-30|||||Article URL http://www.symantec.com/docs/HOWTO80989|
Symantec collects information about files from its global community of millions of users and its Global Intelligence Network. The collected information forms a reputation database that Symantec hosts. Symantec products leverage the information to protect client computers from new, targeted, and mutating threats. The data is sometimes referred to as being in the cloud since it does not reside on the client computer. The client computer must request or query the reputation database.
Symantec uses a technology it calls Insight to determine each file's level of risk or security rating.
Insight determines a file's security rating by examining the following characteristics of the file and its context:
The source of the file
How new the file is
How common the file is in the community
Other security metrics, such as how the file might be associated with malware
Scanning features in Symantec Endpoint Protection leverage Insight to make decisions about files and applications. Virus and Spyware Protection includes a feature that is called Download Insight. Download Insight relies on reputation information to make detections. If you disable Insight lookups, Download Insight runs but cannot make detections. Other protection features, such as Insight Lookup and SONAR, use reputation information to make detections; however, those features can use other technologies to make detections.
By default, a client computer sends information about reputation detections to Symantec Security Response for analysis. The information helps to refine Insight's reputation database. The more clients that submit information the more useful the reputation database becomes.
You can disable the submission of reputation information. Symantec recommends, however, that you keep submissions enabled.
Client computers also submit other types of information about detections to Symantec Security Response.
Article URL http://www.symantec.com/docs/HOWTO80989