Required exclusions for proxy servers to allow Symantec Endpoint Protection to connect to Symantec reputation and licensing servers

Article:TECH162286  |  Created: 2011-06-14  |  Updated: 2013-08-15  |  Article URL http://www.symantec.com/docs/TECH162286
Article Type
Technical Solution


Issue



 After an install of Symantec Endpoint Protection v12.1, the following problems are observed:

  • The traffic to the Download Insight servers is blocked when using proxy servers with authentication that are defined by URL or .PAC proxy settings.
    As a result, Symantec Endpoint Protection cannot use the reputation data on the Download Insight servers to evaluate potential threats.
  • The Symantec Endpoint Protection licenses cannot be activated when using a proxy server.

Cause



SEP 12.1 is designed to communicate with certain Internet URLs to validate licenses, submit samples of suspicious files and use the new file reputation security features.  If a proxy or corporate firewall blocks access to these URLs, then errors will result.


Solution



The following URLs should be excluded in the proxy server configuration to allow the traffic described below to the Symantec servers:

Ping submissions: These submissions are per definition type (AV for example.) and allow Symantec to judge the effectiveness of a set of definitions that are not yet taking any action (Beta detections) based on the number of "Pings" each detection/definition creates. For example, if a detection creates a storm of ping replies to Symantec, this detection may be a false positive detection and will be investigated for effectiveness.
This system and related URLs are part of Symantec's false positive avoidance system.
  • https://stnd-avpg.crsi.symantec.com
  • https://avs-avpg.crsi.symantec.com
  • https://stnd-ipsg.crsi.symantec.com
  • https://bash-avpg.crsi.symantec.com
 
Sample submissions: These URLs are designed to accept samples of any detections that are made by the clients.  If a client gets a detection, it queries Symantec if this sample is needed (i.e. No formal definition created for this item yet.) and if not needed because a formal definition is already created, the client will not submit the sample. This query response system effectively reduces the network traffic created by SEP and makes SEP more responsive to new and emerging threats.
  • https://central.ss.crsi.symantec.com
  • https://central.nrsi.symantec.com
  • https://central.avsi.symantec.com
  • https://central.b6.crsi.symantec.com
  • https://central.crsi.symantec.com
 
CAT submissions: Client Authentication Token.  This is how a client authenticates itself to Symantec to make use of the reputation servers for Download Insight, for example.  This is required.
  • https://tus1gwynwapex01.symantec.com
 
Error submissions: If SEP generates an error report due to a component crash, this URL is how the SEP install reports the error and associated data back to Symantec.
  • https://stnd-lueg.crsi.symantec.com
 
Insight reports: Data sent back to the client from a reputation query.
  • https://ent-shasta-mr-clean.symantec.com
 
Insight: URL that SEP clients send reputation requests to.
  • https://ent-shasta-rrs.symantec.com
 
License activation: URL that SEP uses to verify if the license being used is current and active.
  • https://services-prod.symantec.com/service/IPLService.serviceagent/IPLendpoint1
 
Licensing: URL SEP uses to check the license status.
  • https://services-prod.symantec.com
 
LiveUpdate: URL that SEP uses to connect to for definition updates.
  • http://liveupdate.symantecliveupdate.com
  • http://liveupdate.symantec.com
  • ftp://update.symantec.com
 
Telemetry: Data sent to Symantec about the SEP install.  i.e. How SEP is being utilized by the customer base.
  • https://tses.symantec.com/
 
SETI: Data sent to Symantec about installation related events.
  • https://tses.symantec.com/

 


Supplemental Materials

SourceETrack
Value2271601

SourceETrack
Value2345081




Article URL http://www.symantec.com/docs/TECH162286


Terms of use for this information are found in Legal Notices