Video Screencast Help

Insight Cache Use when not running active Scans

Created: 03 Jul 2013 • Updated: 03 Jul 2013 | 5 comments
This issue has been solved. See solution.

Hi All,

In our backend deployment we are using SEPP 12 with Insight Cache. We are currently in the process of deploying SEPP 12 into our (1000 concurrent desktop) VMware View enviroment. In the View enviroment we arent using active scans, only on access. The reason for this is that we are using clean Non-Persistent linked clones and do not want to add additional load by starting Scans, even randomized.

Now here's the question: Is there any use in implementing Insight Cache in an enviroment like our VDI deployment?

 

Regards,

 

Patrick

Operating Systems:

Comments 5 CommentsJump to latest comment

Rafeeq's picture

Shared Insight Cache is only available for the clients that perform scheduled scans and manual scans. if you dont have these two then its of no use.

 

 

SOLUTION
SebastianZ's picture

Agreed with Rafeeq - SIC has only use with scheduled or manual scans - have a look at following KB:

About Shared Insight Cache

Article:HOWTO81020  |  Created: 2012-10-24  |  Updated: 2013-06-06  |  Article URL http://www.symantec.com/docs/HOWTO81020

Shared Insight Cache use improves performance in virtual infrastructures. Files that Symantec Endpoint Protection clients have determined to be clean are added to the cache. The subsequent scans that use the same virus definitions version can ignore the files that are in the Shared Insight Cache. Shared Insight Cache is used only for scheduled and manual scans.

Ambesh_444's picture

Hi,

Shared Insight Cache is a Web service that runs independently of the client. However, you must configure Symantec Endpoint Protection to specify the location of Shared Insight Cache so that your clients can communicate with it. Shared Insight Cache communicates with the clients throughHTTPor HTTPS. The client's HTTP connection is maintained until the scan is finished.

Note: Shared Insight Cache is only available for the clients that perform scheduled scans and manual scans

Helpful Links:

Symantec Endpoint Protection Shared Insight Cache User Guide 12.1

http://www.symantec.com/docs/DOC4334

Shared Insight Cache - Best Practices and Sizing guide

http://www.symantec.com/business/support/index?page=content&id=TECH174123

Installation and Configuration of SEP Shared Insight Cache

http://www.symantec.com/docs/TECH185897

Viewing Shared Insight Cache events in the Cache Server log

http://www.symantec.com/docs/HOWTO55316

How Shared Insight Cache works

http://www.symantec.com/docs/HOWTO55318

About the Symantec Endpoint Protection Shared Insight Cache tool

http://www.symantec.com/docs/HOWTO55311

Customizing Shared Insight Cache settings

http://www.symantec.com/docs/HOWTO55314

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

AjinBabu's picture

HI, 

Insight

Insight allows scans to skip trusted good files. Some files contain typical vulnerabilities. After those files are scanned initially, subsequent scans can skip the files since vulnerability definitions rarely change. Insight also uses file reputation data to skip the files that Symantec trusts as good (more secure) or the community trusts as good (less secure). Using the Insight option might improve scan performance.

What is Virtual Image Exception?

Administrators leverage base images to build virtual machines for their virtual desktop infrastructure (VDI) environment. The Symantec Virtual Image Exception tool lets your clients bypass scanning base image files for threats, which reduces the resource load on disk I/O. It also improves CPU scanning process performance in your VDI environment.

Before you enable this feature in Symantec Endpoint Protection Manager, first run the Virtual Image Exception tool against the base image files. The Virtual Image Exception tool marks the base image files by adding an attribute. If the file changes, this attribute is removed. This tool is found in the /tools/VirtualImageException folder on the Symantec Endpoint Protection product disc. For more information about how to use this tool, see theSymantec Endpoint Protection Virtual Image Exception User Guide, which is located in the same folder.

This feature is disabled by default. Enable the feature so that when your client goes to scan a file, it looks for this attribute. If the base image file is marked and remains unchanged, the client skips scanning the file.

Note:

Symantec Endpoint Protection supports the Virtual Image Exception tool for both managed clients and unmanaged clients.

Regards

Ajin