Endpoint Protection

Hi

I have installed the Symantec Endpoint Protection Manager 12.1.6 on Server 2012 R2 STD.

I have 2 issuses:

1. after clients installation I get reports about "computer reported file reputation lookup issues" from some servers(all 2012 r2 STD)

     most are sharepoint 2013\sql 2012  servers.

     what is file reputation and how can I fix this issue?

     this is a closed network- no internet access from clients, AV server CAN access to internet.

2. how do I set clients to LiveUpdate from management server and NOT from Symantec LiveUpdate web..

Thank you!!

Moriya

See below inline

1. after clients installation I get reports about "computer reported file reputation lookup issues" from some servers(all 2012 r2 STD)

     most are sharepoint 2013\sql 2012  servers.

     what is file reputation and how can I fix this issue?

     this is a closed network- no internet access from clients, AV server CAN access to internet.

- In clients click on the group and click the policies tab then click external communication settings and uncheck allow insight lookups. This will stop lookup issues.

2. how do I set clients to LiveUpdate from management server and NOT from Symantec LiveUpdate web..

- In liveupdate policy for the group just make sure on use default managment server is checked this will only use the SEPM for updates. 

File reputation is used by Symantec to check the credibility of file. symantec uses various metrics to check this out. it is used to determine the unknown or new files.

check this article, just in case you want to allow your machines to connect to reputation server.

Required exclusions for proxy servers to allow Endpoint Protection to connect to reputation and licensing servers

if you don't want them to connect to reputation server then simply follow the below steps,

1 In the console, select Clients then click the Policies tab.
2 In the Settings pane, click External Communications Settings.
3 Click the Submissions tab.

Uncheck what you don't want to submit to Symantec.

and finally,

by default sep client will look upto SEPM for definitions. just to be sure that clients do go online to download definitions

1 In the console, select policies tab then click the liveupdate polices.

2 double click on the policy assigned to the clients group and select the Server settings under windows settings

make sure to uncheck the Use a LiveUpdate Server

now you are all set

Hi,

Thank you for posting your query on Symantec community.

I would be glad to answer your query.

Symantec collects information about files from its global community of millions of users and its Global Intelligence Network. The collected information forms a reputation database that Symantec hosts. Symantec products leverage the information to protect client computers from new, targeted, and mutating threats. The data is sometimes referred to as being in the cloud since it does not reside on the client computer. The client computer must request or query the reputation database.

This article can be a reference guide: How Symantec Endpoint Protection uses reputation data to make decisions about files

• http://www.symantec.com/docs/HOWTO80989

But it's not necessary to each computer to have internet connection.

You can set clients to take LiveUpdate from management server and NOT from Symantec LiveUpdate web.

Uncheck Enable Liveupdate Scheduling:

1. Click Policies and then click LiveUpdate.

2. On the LiveUpdate Settings tab, right-click the policy that you want, and then click Edit.

3. Under Windows Settings, click Server Settings

4. Uncheck Use a liveupdate Server

Screenshot is attached to the reference.