Endpoint Protection

 View Only
  • 1.  Download Insight Quarantine Legit File But...

    Posted Feb 13, 2014 06:05 PM

    Download Insight is quarantine a legit plugin but I'm unable to exempt it because no information is provided for that file. How do I address this? See attached screenshots



  • 2.  RE: Download Insight Quarantine Legit File But...

    Posted Feb 13, 2014 06:06 PM

    Interesting. Does anything show in the client security or risk log? Possibly the website it was downloaded from? Also, check the Risk log on the SEPM for further info.

    What's the SEP version?

    If you know the file name, you can add an exception for it:

    Managing Download Insight detections

     



  • 3.  RE: Download Insight Quarantine Legit File But...

    Posted Feb 13, 2014 06:21 PM

    Manager and client are on 12.1.4 and yes, the logs show the file got deleted. But when I go into the manager to exempt it, the info for the risk I'm provided gave me "unavailable" information (see below). So I go ahead and exempt it and it added "unavailable" as the filepath to the Exeption Items column in the Exception Policy, but (of course) that made no sense so it still didn't let the file download.

     

    Risk name:
    Privacy impact:
    Performance impact:
    Overall rating:
    Download site:
    Downloaded or created by:
    File or path:
    Application:
    Version:
    File size:
    Category set:
    Category type:
    Hash:
    Hash algorithm:
    Company:

     



  • 4.  RE: Download Insight Quarantine Legit File But...

    Posted Feb 13, 2014 06:22 PM

    Also, I don't know the file name.



  • 5.  RE: Download Insight Quarantine Legit File But...

    Posted Feb 13, 2014 06:48 PM

    You may need to enable vpdebugging to see what's being scanned:

    How to enable "Vpdebug Logging" on Symantec Endpoint Protection 11.0, 12.1, and 12.1 RU1

    If you can reproduce this by visiting the same site and trying to re-download, the detection should show in this log



  • 6.  RE: Download Insight Quarantine Legit File But...
    Best Answer

    Posted Feb 13, 2014 07:28 PM

    After hours of troubleshooting, I got it.

    For whatever reason, I'm able to install this file which is a plugin on my machine. So trying to recreate the issue, I iniated an install of the plugin again. But before downloading it, I noted the filepath of the file which is a .cab extension. I pasted that path into a browser and I was able to get the exe file. I exempted the exe file and was able to get the plugin downloaded for the problematic machines.



  • 7.  RE: Download Insight Quarantine Legit File But...

    Posted Feb 14, 2014 05:45 AM

    Excellent news, gwtdt! 

    Many thanks for updating this thread: with luck, a future admin in the same situation will find this via an Internet search and receive the answer.