Symantec Insight download
Created: 11 Sep 2012 | Updated: 11 Sep 2012 | 8 comments
Dear,
I am facing a big problem with new SEP 12.1.
after upgrading all client with new SEP from 11.0.7 to 12.1, I found that many traffics coming to the websense triton RTM.
this means that the current websense license consumed for this insight traffic (https://ent-shasta-rrs.symantec.com:443).
I disabled it from the Symantec policy by uncheck the insight option. please refer to the attached picture.
but with no success.
what should I do to resolve this problem immediately.
Thanks for prompt answer.
Discussion Filed Under:
Comments 8 Comments • Jump to latest comment
Managing Download Insight detections
http://www.symantec.com/business/support/index?page=content&id=HOWTO54885
Required exclusions for proxy servers to allow Symantec Endpoint Protection to connect to Symantec reputation and licensing servers
http://www.symantec.com/business/support/index?page=content&id=TECH162286
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Hello,
SEP 12.1 is designed to communicate with certain Internet URLs to validate licenses, submit samples of suspicious files and use the new file reputation security features. If a proxy or corporate firewall blocks access to these URLs, then errors will result.
Insight: URL that SEP clients send reputation requests to. https://ent-shasta-rrs.symantec.com
Check this Article:
Required exclusions for proxy servers to allow Symantec Endpoint Protection to connect to Symantec reputation and licensing servers
http://www.symantec.com/docs/TECH162286
Expected behavior of Download Insight http://www.symantec.com/docs/TECH171776
How Symantec Endpoint Protection uses reputation data to make decisions about files
http://www.symantec.com/docs/HOWTO55275
VIDEO:
Symantec Download Insight in Symantec Endpoint Protection 12.1
https://www-secure.symantec.com/connect/videos/symantec-download-insight-symantec-endpoint-protection-121
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Hello,
But I want to prevent all clients to access this URLs any more.
it counting down the websense license.
I really wish to block these traffics to reach the websense server.
Thanks
Hello,
Auto-Protect must be enabled
If you disable Auto-Protect, Download Insight cannot function even if Download Insight is enabled.
Insight lookups must be enabled
Symantec recommends that you keep the Insight lookups option enabled. If you disable the option, you disable Download Insight completely.
Note: If Download Protection is not installed, Download Insight runs on the client at level 1. Any level that you set in the policy is not applied. The user also cannot adjust the sensitivity level.\
Even if you disable Download Insight, the Automatically trust any file downloaded from an intranet website option continues to function for Insight Lookup.
Reference: How Symantec Endpoint Protection protection features work together
http://www.symantec.com/docs/HOWTO55268
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Dear,
so?
you mean that in my case mentioned above, I cannot block the traffic ?
are there any workaround to block it?
Please help
Hello,
Since you have disabled the Insight Download, the traffic should not generate.
Also, make sure you disable the Insight settings Policy under Virus and Spyware Protection Policy >> Global Scan Policy.
And Make sure this policy is assigned to all client machines.
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
You disabled Insight. Are you still seeing traffic from it?
SEP Knowledge Base
Endpoint SWAT
I have insight disable, yet I still have some traffc going to
ent-shasta-rrs.symantec.com.
It is minimal but I am curious why there is still traffic if insight is turned off.
Would you like to reply?
Login or Register to post your comment.