Hi,

I'm running the latest versions of SEPM and SEP client. My company develops application software and has recently made a change to a binary file which alerted Download Insight to produce the following dialogue box.

This is the first time I've encounterd this issue so could I ask your best practice guidence.

Thanks 

Look this public kb

How the Insight Lookup process works

What I would recommend is adding the server you're downloading it from as a Trusted Domain. See this article:

How to exclude specific Web domains from the Download Insight verification in SEP 12.1

There is also some additional reading on Download Insight you may want to check out:

Managing Download Insight detections

Many thanks for your responces.

Going back to the dialogue box above, on the Activity tab there is an option to Allow this File.

Would I be right in saying that once clicked the file becomes proven? 

I believe even if you Allow it, you still need to add it as an exception. Allowing it onlys allows you to download it in this one instance.

Another recommended article:

Insight Deployment Best Practices
Article URL http://www.symantec.com/docs/DOC5077

False Positive Prevention
SEP 12.1 will not detect known good files as malware. There are several ways to make sure your good files are known as ‘good’. The following steps will help prevent false positives when using SEP 12.1.

Step 1 – Using Digital Signatures
One of the easiest ways to identify that a file is ‘good’ is to know where it came from and who created it. An important factor in building confidence in a file being ‘good’ is to check its digital signature. Executable files without a digital signature
have a higher chance of being identified as ‘unknown’ or low-reputation.
• Custom or home-grown application should be digitally signed with class three digital certificates
• Customers should insist that their software vendors digitally sign their applications
Step 2 - Add to the Symantec White List
Symantec has a growing white list of over 25 million ‘good’ files. These files are used in testing signatures before they are published. Their hash values are also stored online and used to avoid false positives on the SEP client via real-time cloud lookups whenever a file is detected by any of our client security technologies (e.g., SONAR behavioral technology, a fingerprint, etc.). This white list is a powerful tool for avoiding false positives. Customers and vendors can add files to this list.
• Software vendors can request that their executable be added to the Symantec white list at https://submit.symantec.com/whitelist/ .....
 etc

Hi

Auto-Protect includes a feature that is called Download Insight, which examines the files that users try to download through Web browsers, text messaging clients, and other portals.

Supported portals include Internet Explorer, Firefox, Microsoft Outlook, Outlook Express, Windows Live Messenger, and Yahoo Messenger.

Download Insight determines that a downloaded file might be a risk based on evidence about the file's reputation. Download Insight is supported only for the clients that run on Windows computers.

By default, Download Insight does not examine any files that users download from a trusted Internet or intranet site. You configure trusted sites and trusted local intranet sites on the Windows Control Panel > Internet Options > Security tab. When the Automatically trust any file downloaded from an intranet site option is enabled, Symantec Endpoint Protection allows any file that a user downloads from any sites in the lists.

Regards

Ajin