Endpoint Protection

 View Only
  • 1.  Symantec Insight - How does it work with the Outlook Plugin?

    Posted Feb 14, 2012 11:44 AM

    I know Insight has various degrees in terms of how it works when looking at download insight, right-click scan, and auto-protect. It's my understanding that the Outlook plugin in SEP 12.1 leverages Insight as well.

    We don't normally use the Outlook plugin because we scan the mail before it hits the client and the performance hit was not worth it. Anyways I decided to test the outlook plug-in with SEP 12.1 and had someone send me an unknown variant of the zues trojan. I was able to receive the message and copy the malware to my system and SEP 12.1 did not detect it. Scanned it and it still did not detect. Copied the malware to a IIS server running on a local VM and downloaded it and Insight caught it right away. I like the fact that download insight did it's job but I was hoping the outlook integration would do the same.

    Thoughts?



  • 2.  RE: Symantec Insight - How does it work with the Outlook Plugin?

    Broadcom Employee
    Posted Feb 14, 2012 12:43 PM

    wasthe file in zip file ? was it password protected?

    when file was accessed, didn't AP detect?

    What was the detection from insight?



  • 3.  RE: Symantec Insight - How does it work with the Outlook Plugin?



  • 4.  RE: Symantec Insight - How does it work with the Outlook Plugin?

    Posted Feb 23, 2012 10:23 AM

    Ok we had another malware file get delivered via email. SEP 12.1. No detection from SEP 12.1 if I accessed the email, moved it to a PST, or saved the attachment to the desktop.

    Right-click scan detected nothing. Placed the file (zip) on a webserver I run on a VM and used the same PC to download the file. SEP 12.1 Download Insight flagged it.

    I'm guessing Outlook doesn't use the full potential of Insight or something else is going on. I know that right-click scan has limited Insight capabilities but I was hoping outlook would have full Insight enabled since it's considered one of the portals supported by Insight

    File was in ZIP format, no password. Download Insight caught it as WS.Reputation.1