Endpoint Protection

 View Only
  • 1.  Norton website traffic from 12.1 clients?

    Posted Dec 14, 2012 02:25 PM

    We have started noticing alot of web traffic going to https://us.norton.com for all users who have a 12.X version of endpoint.  I have almost 1000 pcs still running 11.x and we are not seeing any traffic to the site.

    Does anyone one know what feature might be trying to hit this website?  It looks like a sales page for notron products but i dont know why only machines with 12.x would be geberating this traffic.  

    Is it the insight lookup feature? 



  • 2.  RE: Norton website traffic from 12.1 clients?

    Posted Dec 14, 2012 05:39 PM

    Not sure what this would be. Insight would not be going to this site. an you tell what they're downloading?



  • 3.  RE: Norton website traffic from 12.1 clients?

    Trusted Advisor
    Posted Dec 17, 2012 09:42 AM

    Did you only see it over a few days? As noticed that some of the links for symantec went directly to Norton websites when I enquired with symantec they said at the time KB database was down and links were defaulting to norton site.

    Are you still seeing it now?



  • 4.  RE: Norton website traffic from 12.1 clients?

    Trusted Advisor
    Posted Dec 17, 2012 11:17 AM

    Hello,

    It maybe a change from virus define publish team. It does not have any effect to liveupdate of SEP. It does not affect how LiveUpdate itself works.


  • 5.  RE: Norton website traffic from 12.1 clients?

    Posted Dec 17, 2012 11:27 AM

    My network team just brought it to my attention last week so im not sure if its been happening for awhile or not.  They are going to run some reports for today and a few weeks back to determine how long its been going on and if it still is.

    Live update appears to be working properly but it should not be contacting anything outside of my network for the definitions considering this is a managed setup.  All definitions should be comming from my master.

    I really dont like the idea of my clients contacting symantec at all for any lookups but when i went to 12.x i decided to leave insight on to see if any traffice would get noticed.  Until now nobody knew it was even doing lookups against a DB at symantec but now that it has been seen some questions are being raised about the traffic getting sent. 



  • 6.  RE: Norton website traffic from 12.1 clients?

    Posted Dec 18, 2012 10:51 AM

    My network team ran new report and all of the 12.1 clients are still connecting to the norton site.  The report actually is shwoing https://143.127.102.40 but that resolves to norton.  we can only run the reports for 3 months and the traffic from the clients is still there. 

    I guess i need to open a ticket with support to figure out why these machines are attempting to contact this website.



  • 7.  RE: Norton website traffic from 12.1 clients?
    Best Answer

    Posted Dec 20, 2012 09:04 AM

    Quick update.

    Spoke with support an they had me uncheck "Allow insight lookups for threat detection" and this appears to have stopped the traffic.

    I still have a few machines hitting this website but i beleive its because there policies havent updated yet. 

    It still confuses me just a little because this site is an advertisement for norton products.  Im not really sure what kind of voodoo symantec is doing to pull info off of this site for the endpoints.