Video Screencast Help

Does Insight require client access to Internet?

Created: 04 Dec 2012 • Updated: 04 Dec 2012 | 6 comments
diabolicus23's picture
This issue has been solved. See solution.

Hi all.

The question is simple: if I enable the Insight Lookup for Scan or the Insight for Download, the client must connect to Internet directly (with or without proxy) or is the SEP Manager that perform the enquiry?

In other words, my clients don't have Internet connection: could I use Insight or not?

 

Thanks in advance

 

PS If this can help, I'm on SEP 12.1.2

Comments 6 CommentsJump to latest comment

Rafeeq's picture

Its a part of Autoprotect , so those definitions will take care of it. The update can be from manager or internet

Auto-Protect includes a feature that is called Download Insight, which examines the files that users try to download through Web browsers, text messaging clients, and other portals.

https://www-secure.symantec.com/connect/blogs/down...

diabolicus23's picture

For what I know, autoprotect perform a first check. If the file is seen as suspicious, a lookup must be performed.

 

In the reported documents, I read:

"While some reputation information is cached on each client, reputation lookups for newly downloaded files require a connection to Symantec."

Not so clear to me. That connection must be performed from the client or is the Manager that take care of it?

 

So my question is still "alive": does the client need an Internet connection in order to use all the funcionality provided by Insight (scan, download and so on)?

Mithun Sanghavi's picture

Hello,

SEP 12.1 is designed to communicate with certain Internet URLs to validate licenses, submit samples of suspicious files and use the new file reputation security features.  If a proxy or corporate firewall blocks access to these URLs, then errors will result.

Insight: URL that SEP clients send reputation requests to. https://ent-shasta-rrs.symantec.com

Check this Article:

Required exclusions for proxy servers to allow Symantec Endpoint Protection to connect to Symantec reputation and licensing servers

http://www.symantec.com/docs/TECH162286

Expected behavior of Download Insight http://www.symantec.com/docs/TECH171776

How Symantec Endpoint Protection uses reputation data to make decisions about files

http://www.symantec.com/docs/HOWTO55275

VIDEO:

Symantec Download Insight in Symantec Endpoint Protection 12.1

https://www-secure.symantec.com/connect/videos/symantec-download-insight-symantec-endpoint-protection-121

 

Secondly, Download Insight has the following dependencies:
  • Auto-Protect must be enabled

    If you disable Auto-Protect, Download Insight cannot function even if Download Insight is enabled.

  • Insight lookups must be enabled

    Symantec recommends that you keep the Insight lookups option enabled. If you disable the option, you disable Download Insight completely.

Note: If Download Protection is not installed, Download Insight runs on the client at level 1. Any level that you set in the policy is not applied. The user also cannot adjust the sensitivity level.\

Even if you disable Download Insight, the Automatically trust any file downloaded from an intranet website option continues to function for Insight Lookup.

Reference: How Symantec Endpoint Protection protection features work together

http://www.symantec.com/docs/HOWTO55268

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

diabolicus23's picture

The Manager could reach all the *.symantec.com domains so the functionalities of the Manager itself are verified (LiveUpdate, license verification and so on).

The clients, otherwise, cannot reach any Internet address so from what I read in that document, this functionality will not be used.

_Brian's picture

The clients needs to access the internet to check the cloud. If not, Insight portion will not work as designed.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
diabolicus23's picture

Perfect Brian, this is exactly what I need to know smiley

So I will simply disable all the Insight functionalities from the group of clients without Internet access.

 

Thanks