Endpoint Protection

 View Only

  • 1.  Need some Clarification on this

    Posted May 02, 2016 12:42 PM

    Hi guys I have couple of things on which I would like to have you expert advise on.

     

    1) when we execute any executable file usually a reputaiton lookup is performed on it to see whats the reputation of the file is on insight and a verdict is rendered on it ( I am not talking about Download Insight) now lets say for some reasons at that particular time when the file was executed there were some connectivity issues with Symantec reputation lookup couldn't be perfomed , then is it like this that when the connectivity is restored the lookup will be perfomed to see the reputation Or lookup is only iniated at the time of executation and if there is no connectivity then it will be simply skipped?

     

    2) same scenerio as above but where we are focusing on while we are performing Schedule , On Demad and AP scans on files.

     

     

    Thanks 



  • 2.  RE: Need some Clarification on this

    Posted May 02, 2016 04:08 PM

    Any 1 ?



  • 3.  RE: Need some Clarification on this

    Posted May 02, 2016 04:52 PM

    If no connectivity then the file is not checked against the Symantec DB and you would rely on whatever signature detections are available, if any.



  • 4.  RE: Need some Clarification on this

    Trusted Advisor
    Posted May 03, 2016 02:50 AM

    I asked this very question to Symantec support on the other day. Basically, if you're not able to access the reputation server, the files will not be checked. This will fall back to whatever the latest version of definitions & signature detections you have installed on the client side to verify the files.