Endpoint Protection

 View Only

  • 1.  File Reputation filter

    Posted Oct 01, 2012 12:36 PM

    Hi ,

     Is it possible to  adjusting the file reputation filter based on the publisher ?

     

    We have only option to adjust the file reputation  is file sensivity in download protection policy. is therr any other way to filer teh file reputation ?

     

    like in Exception policy or any otehr policies.



  • 2.  RE: File Reputation filter

    Posted Oct 01, 2012 12:52 PM

    The only other way is to add a file or folder exclusion. There is nothing to add by publisher. You can also send to Symantec as false positive:

    https://submit.symantec.com/false_positive/

    And also send to get on whitelist:

    https://submit.symantec.com/whitelist/isv/



  • 3.  RE: File Reputation filter

    Trusted Advisor
    Posted Oct 01, 2012 12:55 PM

    Hello,

    Symantec Endpoint Protection 12.1 utilizes new and improved Reputation checks to further aid in our Proactive Threat Protection in determining what files may pose a risk to a client system.

    If incase, you feel certain certain files are getting detected, you may submit the same files to the Symantec Security Response Team on https://submit.symantec.com/essential

    When you say create an Exception to a certian publisher, does that mean a website?

    If yes, Please try these Symantec Article below:

    Excluding a trusted Web domain from scans http://www.symantec.com/docs/HOWTO55211

    How to exclude specific Web domains from the Download Insight verification in SEP 12.1?

    http://www.symantec.com/docs/TECH162264

    Managing Download Insight detections http://www.symantec.com/docs/HOWTO55252

     

    In case, you want to Whitelist an Application, then check this Article:

    Software developer would like to add his/her software to the Symantec White-List.

    http://www.symantec.com/docs/TECH132220

     

    Also, Check these Articles:

    What's included in a Reputation Request made by the SEP 12.1 Reputation Engine?

    http://www.symantec.com/business/support/index?page=content&id=HOWTO59336

    How Symantec Endpoint Protection uses reputation data to make decisions about files

    http://www.symantec.com/business/support/index?page=content&id=HOWTO55275

    Hope that helps!!



  • 4.  RE: File Reputation filter

    Posted Oct 01, 2012 03:04 PM

    Hi ,

    what happen if we decrease the file sensitivity  to 3 or 4?as per some articles from symantec default value is

    5 .

     



  • 5.  RE: File Reputation filter

    Posted Oct 01, 2012 03:31 PM

    It may be (likely) allowed but you would have to test it.



  • 6.  RE: File Reputation filter

    Broadcom Employee
    Posted Oct 02, 2012 04:41 AM

    Hi,

    Is it possible to  adjusting the file reputation filter based on the publisher ?

    --> It's not possible.

    Symantec default value is set to 5.If you decreased it to 3 or 4 then number of false positive detection will be low & Blocks files that have a poor reputation or are likely or highly likely to be malicious & very many files are consider unproven.

    Instead of that go through the articles shared by Mithun.

    Scrrenshot is attached to the reference.



  • 7.  RE: File Reputation filter

    Posted Oct 26, 2012 07:47 AM

    This white paper may also be helpful:

    https://www-secure.symantec.com/connect/downloads/insight-deployment-best-practices-whitepaper



  • 8.  RE: File Reputation filter

    Posted Oct 26, 2012 05:10 PM

    Thanks for sharing!