Hi Team,

1. As I understand when fisrt time Scheduled/Manual scan strarts it connect to Symantec Reputation data and upload all hash (MD5) entries of all files, and during second or every scan it will again connect to Symantec Reputation data, verify all entries and scan only those files which are modified. Please correct me If am wrong anywhere.

2. During each scanning when SEP clients connect to reputation data then how much bandwidth will be utilized.

3. Does SEP store any information data of all MD5 entries into the same systems to verify and skipped files during scanning or SEP needed Internet connectivity to verify all MD5 entries from Symantec Reputation Data.

4. What are the websites need to exclude from proxy so all clients can connect Symantec Reputation Data.

5. Does Reputation Data verify all entries which are uploaded during my first scanned or it will only verify the known software files which are globally used in widows environment.

6. I wanted to know what is the process behind insight technology.

Note: The above query is not relates to Symantec Shared Insight Cache. And I need to understand how can we reduce the time of Schedule/Manual scanning to complete which takes long in SEP 11.x.

Regards,

M.R.

Waiting response on above......

Submitting information about detections to Symantec Security Response

https://www-secure.symantec.com/connect/articles/submitting-information-about-detections-symantec-security-response

Installation and Configuration of Shared Insight Cache

https://www-secure.symantec.com/connect/articles/installation-and-configuration-shared-insight-cache

The provided KB's not worth for my above queries......

check these links

Symantec Insight is a reputation-based security technology that leverages the anonymous software adoption patterns of Symantec’s hundreds of millions of users to automatically discover and classify every single software file, good or bad, on the Internet. Based on advanced data mining techniques, Insight seeks out mutating code separating out risky, low-reputation files from those that are safe.

To know more check this Whitepaper on Symantec Insight on 

https://www-secure.symantec.com/connect/downloads/insight-deployment-best-practices-whitepaper

Incase, you want to check the Symantec Download Insight, check this Video:

https://www-secure.symantec.com/connect/videos/symantec-download-insight-symantec-endpoint-protection-121

https://www-secure.symantec.com/connect/forums/insight-any-idea

Thanks Pete for the info.

Does Reputation Data verify all entries which are uploaded during my first scanned or it will only verify the known software files which are globally used in widows environment?

it's only process exe's and binaries of unknown application. It could be any application, if we do not have any data , it will be submitted.

\also check this link

How does Insight Lookup work?

http://www.symantec.com/business/support/index?page=content&id=TECH169282

During every scan it will connect to reputation data and skipped highly trusted files?

And how insight rate as low reputation bad files?

During every scan it will connect to reputation data and skipped highly trusted files?

 Not necessarily, if there is new files that do not have reputation data  then yes it will submit the file.

And how insight rate as low reputation bad files?

The files which are checked by Symantec Security reposnse will tag the files with low reputation data or clean.

Here I have cleared my some doubt about how scanning performance to get improve:

When full scanning starts it compare the hash value of all files with definition signature and give a tag value to all and scan only those files which are modified. Please correct me.

On every next scan If none of the files are modified but  here SEP will takes some to compare the hash values with definition. Please correct me.

Not all files, only executables. If the files are trusted, it will not scan.

You mean to say that all executable files will get compare with signature and  skipped If match right?

yes, trusted files will be skipped..

But it not might compare other than executable files?

yes, only process executables like exe, msi, dll etc will be having reputation.

Once scanning starts it will verify only all executable hash values and rest of all files will get automatically exclude from scanning. And its scan only modified executable files.

And Reputation data mean definition signature which downloaded from internet and internet connectivity is not require on clients.

Reputation is only of process executables.