Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Policy based disabled feature end in warning on clients

Created: 04 Jun 2012 • Updated: 23 Jan 2013 | 4 comments
This issue has been solved. See solution.

Hi

We upgraded from SEP 11 to SEP 12.1 RU1MP1 and activated the flag "Remove all previous logs and policies, and reset the client-server communication settings" and on the first view, everything works without any problem.

But now we would like to disable the SONAR and the Download-Insight feature on some groups in the Policies. SEPM creates a new ID for the policy, the new policy is applied to the clients, but all these clients shows then a warning message in the systray that the Download-Insight feature is disabled. Yes it is disabled and we want it to be disabled, so how can we teach the systray that it should not show it up as a warning anymore?

Thx, Wayne

Comments 4 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello,

Virus and Spyware Protection includes a feature that is called Download Insight. Download Insight relies on reputation information to make detections. If you disable Insight lookups, Download Insight runs but cannot make detections. Other protection features, such as Insight Lookup and SONAR, use reputation information to make detections; however, those features can use other technologies to make detections.

Download Insight has the following dependencies:

  • Auto-Protect must be enabled

    If you disable Auto-Protect, Download Insight cannot function even if Download Insight is enabled.

  • Insight lookups must be enabled

    Symantec recommends that you keep the Insight lookups option enabled. If you disable the option, you disable Download Insight completely.

So, in case if you disable Download Insight, the clients would surely receive the Warning message.

 

Check this Article:

How Symantec Endpoint Protection protection features work together

http://www.symantec.com/docs/HOWTO55268 

How Symantec Endpoint Protection uses reputation data to make decisions about files

http://www.symantec.com/docs/HOWTO55275

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Wayne1's picture

Hi and thanx for the fast reply!

I understand for the Download-Insight, but we have the same behaviour on the "Microsoft Outlook Auto-Protect" feature on our servers. If we disable the feature in the policy, we get on all servers the warning that Auto-Protect for Outlook is disabled. It should be possible to disable this feature withouth getting a warning right? Because we don't have any Outlook installed on the servers?

Regards, Wayne

Mithun Sanghavi's picture

Hello,

Disabling the Policies, would not disable the Feature from the SEP client machines.

When installing the SEP client, you would have to create a custom package and choose the correct features to Install.

In your case, if you want the Outlook Protection to be disabled, you would have to remove the feature on the SEP client machines.

Check this Articles:

Creating custom client installation packages in the Symantec Endpoint Protection Manager console version 12.1

http://www.symantec.com/docs/TECH165801

How to add or remove features to existing Symantec Endpoint Protection (SEP) client installations

http://www.symantec.com/docs/TECH90936

Also, check these Articles below:

See About the types of threat protection that Symantec Endpoint Protection provides.

See Configuring client installation package features.

After installation, you can enable or disable the protection technologies in the security policies.

See About enabling and disabling protection.

See Performing tasks that are common to all security policies.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
greg12's picture

Hi Wayne,

a lot of settings at the SEPM console (especially in the AV/AS policy) can be locked by a padlock.  If you don't close these padlocks and simultaneously disable (for example) the SONAR and Download Insight settings, the SEP client will warn you.

The philosophy behind this behavior may be to call attention to the fact that the user is in full charge of these settings.

The resolution is easy: At the SEPM, just close the padlocks for Download Insight and SONAR. Whether  they are turned on or off, you won't get warnings any longer.

HTH!