Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Symantec Insight download

Created: 11 Sep 2012 • Updated: 11 Sep 2012 | 8 comments
mym's picture

Dear,

I am facing a big problem with new SEP 12.1.

after upgrading all client with new SEP from 11.0.7 to 12.1, I found that many traffics coming to the websense triton RTM.

this means that the current websense license consumed for this insight traffic (https://ent-shasta-rrs.symantec.com:443).

I disabled it from the Symantec policy by uncheck the insight option. please refer to the attached picture.

but with no success.

what should I do to resolve this problem immediately.

Thanks for prompt answer.

Comments 8 CommentsJump to latest comment

Ashish-Sharma's picture

Managing Download Insight detections

http://www.symantec.com/business/support/index?page=content&id=HOWTO54885

Required exclusions for proxy servers to allow Symantec Endpoint Protection to connect to Symantec reputation and licensing servers

http://www.symantec.com/business/support/index?page=content&id=TECH162286

Thanks In Advance

Ashish Sharma

Mithun Sanghavi's picture

Hello,

SEP 12.1 is designed to communicate with certain Internet URLs to validate licenses, submit samples of suspicious files and use the new file reputation security features.  If a proxy or corporate firewall blocks access to these URLs, then errors will result.

Insight: URL that SEP clients send reputation requests to. https://ent-shasta-rrs.symantec.com

Check this Article:

Required exclusions for proxy servers to allow Symantec Endpoint Protection to connect to Symantec reputation and licensing servers

http://www.symantec.com/docs/TECH162286

Expected behavior of Download Insight http://www.symantec.com/docs/TECH171776

How Symantec Endpoint Protection uses reputation data to make decisions about files

http://www.symantec.com/docs/HOWTO55275

VIDEO:

Symantec Download Insight in Symantec Endpoint Protection 12.1

https://www-secure.symantec.com/connect/videos/symantec-download-insight-symantec-endpoint-protection-121

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

mym's picture

Hello,

But I want to prevent all clients to access this URLs any more.

it counting down the websense license.

I really wish to block these traffics to reach the websense server.

Thanks

Mithun Sanghavi's picture

Hello,

Download Insight has the following dependencies:
  • Auto-Protect must be enabled

    If you disable Auto-Protect, Download Insight cannot function even if Download Insight is enabled.

  • Insight lookups must be enabled

    Symantec recommends that you keep the Insight lookups option enabled. If you disable the option, you disable Download Insight completely.

Note: If Download Protection is not installed, Download Insight runs on the client at level 1. Any level that you set in the policy is not applied. The user also cannot adjust the sensitivity level.\

Even if you disable Download Insight, the Automatically trust any file downloaded from an intranet website option continues to function for Insight Lookup.

Reference: How Symantec Endpoint Protection protection features work together

http://www.symantec.com/docs/HOWTO55268

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

mym's picture

Dear,

so?

you mean that in my case mentioned above, I cannot block the traffic ?

are there any workaround to block it?

Please help

Mithun Sanghavi's picture

Hello,

Since you have disabled the Insight Download, the traffic should not generate.

Also, make sure you disable the Insight settings Policy under Virus and Spyware Protection Policy >> Global Scan Policy.

And Make sure this policy is assigned to all client machines.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

.Brian's picture

You disabled Insight. Are you still seeing traffic from it?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Savguy's picture

I have insight disable, yet I still have some traffc going to

ent-shasta-rrs.symantec.com.

It is minimal but I am curious why there is still traffic if insight is turned off.