Hi,
Symantec Advanced Threat Protection: Endpoint (ATP: Endpoint) is a virtual appliance that detects advanced threats on Symantec Endpoint Protection clients in your network. Advanced threats are those that typically bypass traditional protection technologies. The ATP: Endpoint server acts as an intermediary for Symantec Insight. ATP: Endpoint analyzes reputation data from Symantec Insight combined with submitted client detection data.
You can configure Symantec Endpoint Protection Manager to redirect the reputation queries and submissions from clients in a client group to ATP: Endpoint.
Under Clients --> Group --> Policies --> External Communication Settings --> Private Cloud.
Through this location can configure client groups to use private servers for reputation queries and submissions
You can direct client reputation queries (Insight lookups) from a group to a private intranet server. The private server can be the Symantec Advanced Threat Protection: Endpoint appliance or the Symantec Insight for Private Clouds server that you purchase and install separately in your network.
The following are the private server options for groups:
-
Symantec Advanced Threat Protection: Endpoint
This option redirects the reputation queries and submissions from clients in the group to ATP: Endpoint. ATP: Endpoint then sends the queries and submissions to Symantec. ATP: Endpoint servers gather data about client detections and provide forensic analysis. This option redirects antivirus, SONAR, and IPS submissions, but it does not redirect file reputation submissions. Symantec does not directly receive reputation queries or submissions from clients in the group.
-
Symantec Insight for Private Clouds
This option redirects the reputation queries from clients in the group to a private Insight server. The private Insight server stores a copy of Symantec's Insight reputation database. The private Insight server handles the reputation queries rather than Symantec's Insight server. When you use a private Insight server, clients continue to send submissions about detections to Symantec. Typically you use a private Insight server in a dark network. In that case, Symantec cannot receive any client submissions.
You can also copy the private server configuration to other client groups.
You can specify multiple private servers to load balance network traffic. You can also specify multiple groups of servers to manage failover.
Note:
|
If you enable private servers for groups, 12.1.5 and earlier clients in those groups cannot use Symantec servers if the designated private server is not available. 12.1.5 and earlier clients cannot use the priority list and must be configured to use a single server.
|
To configure client groups to use a private server for reputation queries and submissions
- In the console, go to Clients and select the group that should use the private server list.
- On the Policies tab, click External Communications Settings
- On the Private Cloud tab, click Enable private servers to manage my data.
- Depending on which type of server you use, click or .You should not mix server types in the priority list.
- Click if you want clients to use Symantec servers for reputation queries and client antivirus and SONAR submissions.Clients always send file reputation submissions to Symantec.
- Under Private Servers, click .
- In the Add Private Server dialog, select the protocol and then enter the host name for the URL.
- Specify the port number for the server.
- To designate this server as the single server that 12.1.5 and earlier clients use, click . The 12.1.5 and earlier clients cannot use a server list, so you must specify which server these legacy clients should use.
- To add a priority group, click .
- To apply the settings to additional client groups, click Copy settings. Select the groups and locations, and then click .