Video Screencast Help

About SIC

Created: 27 Jul 2013 | 6 comments

We are using SEP of 12.1.2015.2015. And installed SEPM and SIC server on two separate servers. Now we are running full scan on a SEP client. How can I know if my SIC server is configured properly, and there is request submitting to SIC server in current scanning process?

Operating Systems:

Comments 6 CommentsJump to latest comment

ᗺrian's picture

Helpful KBA here

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

pete_4u2002's picture

you can check traffic from client to SIC server on the configured port.

AjinBabu's picture


The Symantec Endpoint Protection Shared Insight Cache eliminates the need to scan files in a virtualized environment that Symantec Endpoint Protection has determined are clean. Shared Insight Cache is a separate service that you install on a dedicated server or in a virtualized environment. After you install and configure Shared Insight Cache, you must configure your clients to communicate with Shared Insight Cache.


Only the clients that perform scheduled scans and manual scans can use Shared Insight Cache.

When a file is scanned and determined to be clean, the client submits information about the file to Shared Insight Cache. Shared Insight Cache adds this information to its cache. When a client subsequently attempts to access the same file, the client can query Shared Insight Cache to determine if the file is clean. If the file is clean, then Shared Insight Cache notifies the client that file is clean. The client can bypass virus scanning on that particular file. If the file is not clean, the client scans the file for viruses and submits those results to Shared Insight Cache.

By default, Shared Insight cache is setup with no authentication and no SSL. As such, the default setting for the password is null. In other words, the password is blank. If you set Shared Insight Cache to Basic authentication with SSL or Basic Authentication with no SSL, you must specify a username's password that can access Shared Insight Cache.

You can also change a user-defined authentication password if needed. But if you do, you must specify that authentication user name and password in Symantec Endpoint Protection Manager so clients can communicate with Shared Insight Cache.

For more information about Shared Insight Cache, see the Symantec Endpoint Protection Shared Insight Cache User Guide.

To configure your clients to communicate with Shared Insight Cache

1.    In the console, open a Virus and Spyware Protection policy and click Global Scan Options.

2.    On the Global Scan Options page, under Shared Insight Cache, check Enable Shared Insight Cache.

3.    Check Require SSL if you enabled SSL when you set up the Shared Insight Cache server.

If you enable SSL, the client must be set up to communicate with Shared Insight Cache. To do so, you must add the Shared Insight Cache server certificate to the trusted certificates authorities store for the local computer. Otherwise, the client/Shared Insight Cache server communication fails.

For more information about how to add a server certificate, see your Active Directory documentation.

4.    In the Hostname box, type the host name of Shared Insight Cache.

5.    In the Port box, type the port number of Shared Insight Cache.

6.    Optionally, if you configured authentication for Shared Insight Cache, in the Username box, type the user name.

7.    Optionally, if you configured authentication for Shared Insight Cache, click Change Password to change the default password (null) to the password that you created for authentication.

8.    In the New password box, type the new password.

Leave this field empty if you do not want to use a password.

9.    In the Confirm password box, type your password again.

10.  Click OK.

To Know the SIC status you can view the traffic logs between the client and the SEPM



mkeil's picture


if you are using SIC on a windows machine, then you can add a counter for SIC inside Microsoft PerfMon to monitor the component. Additionally you can take a look at the logs.



Please "Mark as Solution" if my post is useful

SMLatCST's picture

"Thumbs Up" to mkeil above, and just as back up, here's an article on the perfmon counters:
Note: These are for the nework-based SIC

Mithun Sanghavi's picture


Check these steps:

  1. Check to see if the Shared Insight Cache server can be reached from the client system.
    • Open a command prompt and type the following command: 
      ping <server>
  • If there is no response, please check your network for routing issues.

  1. Check to make sure the port is open on the server. (The default port for the Shared Insight Cache server is 9005.)
    • Open a command prompt and type the following command: 
      telnet <server> 9005
  • If no connection is made, check the server for firewalls, including Windows Defender.

  • If the connection can be established using telnet but the warning in the event view persists, then check the WinHTTP proxy settings on the client system. When using a proxy, you should use the fully qualified domain name of the Shared Insight Cache server in the client Virus and Spyware policy configuration. Using the IP address may not work with the proxy.


Symantec Endpoint Protection 12.1 clients are unable to connect to the Shared Insight Cache server

Installation and Configuration of Shared Insight Cache

Shared Insight Cache - Best Practices and Sizing guide

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.