Why in spite of having Download Insight and Autoprotect enabled in SEP client 12.1, some files are only detect after being downloaded?

Article:TECH162233  |  Created: 2011-06-14  |  Updated: 2011-07-11  |  Article URL http://www.symantec.com/docs/TECH162233
Article Type
Technical Solution


Issue



The Autoprotect and Download Insight of the SEP client 12.1 seem to be working.
Why some threats are only detected after being downloaded to the machine while others are blocked during the download attempt?


Solution



Files can be downloaded using one of two available methods:

  • Type 1: serial download - "traditional" downloads
  • Type 2: random chunks download - typical for communities file sharing downloads and download managers

When files are download using method 1, it will be possible to match a threat pattern during the download phase. If files are downloaded using method 2, the random chunks have to be reassembled to form a file, only then a threat can exist and be detected.




Article URL http://www.symantec.com/docs/TECH162233


Terms of use for this information are found in Legal Notices