Hello,
This is the URL that SEP clients send reputation requests to.
A client computer sends information about reputation detections to Symantec Security Response for analysis. The information helps to refine Insight's reputation database. The more clients that submit information the more useful the reputation database becomes.
This is an Insight website: https://ent-shasta-rrs.symantec.com
SEP Clients connect to the Insight website, this could not be disabled. This is by design.
How to test connectivity with Insight and Symantec Licensing servers
Required exclusions for proxy servers to allow Symantec Endpoint Protection to connect to Symantec reputation and licensing servers
Data in a reputation request:
SEP engine making the reputation request
File name
File path
Hash of the file (SHA256 and MD5)
File attributes
Additional data, if applicable or available:
Company name from signature
Signature issuer
URL (and corresponding IP address)
Reference:
What's included in a Reputation Request made by the SEP 12.1 Reputation Engine?
http://www.symantec.com/docs/HOWTO59336
You can disable the submission of reputation information. Symantec recommends, however, that you keep submissions enabled.
Check this Article:
How Symantec Endpoint Protection uses reputation data to make decisions about files
https://support.symantec.com/en_US/article.HOWTO80989.html
Insight determines a file's security rating by examining the following characteristics of the file and its context:
-
The source of the file
-
How new the file is
-
How common the file is in the community
-
Other security metrics, such as how the file might be associated with malware
Regards,