Endpoint Protection

I need to know what data is sent from a client to the Insight website https://ent-shasta-rrs.symantec.com whenever it queries the reputation risk database about an unknown file.

Does it actually transmit the suspect file, or just the name? Does the computer name and/or IP address get sent? 

I do know the hash gets uploaded.

If no one else checks in, you may want to engage support.

Hello,

This is the URL that SEP clients send reputation requests to.

A client computer sends information about reputation detections to Symantec Security Response for analysis. The information helps to refine Insight's reputation database. The more clients that submit information the more useful the reputation database becomes.

Reference:

What's included in a Reputation Request made by the SEP 12.1 Reputation Engine?

http://www.symantec.com/docs/HOWTO59336

You can disable the submission of reputation information. Symantec recommends, however, that you keep submissions enabled.

Check this Article:

How Symantec Endpoint Protection uses reputation data to make decisions about files

https://support.symantec.com/en_US/article.HOWTO80989.html

Insight determines a file's security rating by examining the following characteristics of the file and its context:

• The source of the file

• How new the file is

• How common the file is in the community

• Other security metrics, such as how the file might be associated with malware

Regards,

Hello,

here's the most detailed answer for you:

What's included in a Reputation Request made by the SEP 12.1 Reputation Engine?
Article URL: http://www.symantec.com/docs/HOWTO59336
 

Thank you. This is exactly what I was looking for.