My network team just brought it to my attention last week so im not sure if its been happening for awhile or not. They are going to run some reports for today and a few weeks back to determine how long its been going on and if it still is.
Live update appears to be working properly but it should not be contacting anything outside of my network for the definitions considering this is a managed setup. All definitions should be comming from my master.
I really dont like the idea of my clients contacting symantec at all for any lookups but when i went to 12.x i decided to leave insight on to see if any traffice would get noticed. Until now nobody knew it was even doing lookups against a DB at symantec but now that it has been seen some questions are being raised about the traffic getting sent.