Endpoint Protection

 View Only

  • 1.  traffic to connect to Symantec reputation...

    Posted Dec 30, 2011 08:42 AM
      |   view attached

    Hi

    I have a question about proxy connectión, Messages go to page https://ent-shasta-rrs.symantec.com, is this normal? why it happens?

    attached an image for more details...

    thanks...

     

    Hola 

    Tengo una consulta acerca de la conexion hacia el proxy, existen mensajes de solicitud a la pagina https://ent-shasta-rrs.symantec.com, es esto normal? porque esta sucediendo?

     

    adjunto una imagen para mayores detalles...

     

    gracias 



  • 2.  RE: traffic to connect to Symantec reputation...

    Posted Dec 30, 2011 09:01 AM

    Answer:-

     

     

    Insight: URL that SEP clients send reputation requests to.
    • https://ent-shasta-rrs.symantec.com

     

     

    Refer:

    http://www.symantec.com/business/support/index?page=content&id=TECH162286



  • 3.  RE: traffic to connect to Symantec reputation...

    Posted Dec 30, 2011 09:40 AM

     

    do i have to give access to that page ¿?,it is not possible to execute that query just from sepm ¿?
    These questions are because vast majority of users doesn't have acces to internet, because of bussiness policies.

     

     se debería dar acceso hacia esa pagina? no se puede hacer que solo haga la consulta SEPM?Esta pregunta la hago porque la mayoria de los usuarios de la red no tienen salida a internet por politicas de la empresa.



  • 4.  RE: traffic to connect to Symantec reputation...

    Posted Dec 30, 2011 09:54 AM

    Yes, you should have those websites in the proxy server configuration to allow the traffic.



  • 5.  RE: traffic to connect to Symantec reputation...

    Broadcom Employee
    Posted Dec 30, 2011 09:56 AM

    the internet should allow the proxy settings for those URL's mentioned in the above link.



  • 6.  RE: traffic to connect to Symantec reputation...

    Posted Dec 30, 2011 10:05 AM

    there we have about 300 computers without internet access, enabling this page won't cause high web traffic for all network ¿?



  • 7.  RE: traffic to connect to Symantec reputation...

    Posted Dec 30, 2011 10:05 AM

     

    there we have about 300 computers without internet access, enabling this page won't cause high web traffic for all network ¿?



  • 8.  RE: traffic to connect to Symantec reputation...

    Broadcom Employee
    Posted Dec 30, 2011 11:06 AM

    check this link to know the bandwidth that be used

    https://www-secure.symantec.com/connect/sites/default/files/Insight%20FAQ%20version%202.pdf  

    After a client has installed the product, we will have our first chance to review the files that are installed and running on the machine. We will typically send between 300 kilobytes and 1 megabyte of data during the first few weeks. In some extreme cases, we may send as much as 3 megabytes of data depending on the amount of software installed and actively in use on the machine. Submissions will take place when the machine is idle, but queries will be scattered across the period of time as our detection technologies analyze files for the first time.



  • 9.  RE: traffic to connect to Symantec reputation...
    Best Answer

    Trusted Advisor
    Posted Jan 02, 2012 12:17 PM

    Hello,

     

    This is an Insight website: https://ent-shasta-rrs.symantec.com

    SEP Clients connect to the Insight website, this could not be disabled. This is by design.
     
    How to test connectivity with Insight and Symantec Licensing servers
     
     
    Required exclusions for proxy servers to allow Symantec Endpoint Protection to connect to Symantec reputation and licensing servers
     
     

    Also, To test connectivity from a SEP client system to the Symantec Reputation server, at the SEP client system, type the following URL In a web browser:

    https://ent-shasta-rrs.symantec.com/mrclean

    Receiving the error 405 means the server is visible to the client.

    If the connection is working correctly, you will see HTTP 400 Bad Request.

    How to disable this: 

     

    1 In the console, select Clients then click the Policies tab.
    2 In the Settings pane, click External Communications Settings.
    3 Click the Submissions tab.

    Uncheck what you don't want to submit to Symantec.

    Ref: Implementation_guide_SEP12.1.pdf (it's in the installation media).

     

    This Option would Let Symantec Endpoint Protection use Symantec's reputation database to make decisions about threats. The reputation database is called Symantec Insight. Queries to the database are called Insight lookups.

    Download Insight, Insight Lookup, and SONAR use Insight lookups for threat detection. Symantec recommends that you allow Insight lookups if possible. Disabling Insight lookups disables Download Insight and may impair the functionality of SONAR and Insight Lookup.

    However, you can disable this option if you do not want to allow Symantec to query Symantec Insight. For example, your company may require you to turn off external communications with the network so that data never leaves the client.

    This option is enabled by default.

    Hope that helps!!



  • 10.  RE: traffic to connect to Symantec reputation...

    Posted Jan 13, 2012 02:54 PM

     

    thanks for the helps..

    gracias por la ayuda...