ビデオヘルプ
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Does Insight require client access to Internet?

作成: 04 Dec 2012 • 更新: 04 Dec 2012 | コメント数: 6
diabolicus23 の写真
この問題は解決されました。 ソリューションを参照してください。

Hi all.

The question is simple: if I enable the Insight Lookup for Scan or the Insight for Download, the client must connect to Internet directly (with or without proxy) or is the SEP Manager that perform the enquiry?

In other words, my clients don't have Internet connection: could I use Insight or not?

Thanks in advance

PS If this can help, I'm on SEP 12.1.2

コメント コメント数: 最新のコメントを表示

Rafeeq の写真

Its a part of Autoprotect , so those definitions will take care of it. The update can be from manager or internet

Auto-Protect includes a feature that is called Download Insight, which examines the files that users try to download through Web browsers, text messaging clients, and other portals.

https://www-secure.symantec.com/connect/blogs/down...

diabolicus23 の写真

For what I know, autoprotect perform a first check. If the file is seen as suspicious, a lookup must be performed.

In the reported documents, I read:

"While some reputation information is cached on each client, reputation lookups for newly downloaded files require a connection to Symantec."

Not so clear to me. That connection must be performed from the client or is the Manager that take care of it?

So my question is still "alive": does the client need an Internet connection in order to use all the funcionality provided by Insight (scan, download and so on)?

Mithun Sanghavi の写真

Hello,

SEP 12.1 is designed to communicate with certain Internet URLs to validate licenses, submit samples of suspicious files and use the new file reputation security features.  If a proxy or corporate firewall blocks access to these URLs, then errors will result.

Insight: URL that SEP clients send reputation requests to. https://ent-shasta-rrs.symantec.com

Check this Article:

Required exclusions for proxy servers to allow Symantec Endpoint Protection to connect to Symantec reputation and licensing servers

http://www.symantec.com/docs/TECH162286

Expected behavior of Download Insight http://www.symantec.com/docs/TECH171776

How Symantec Endpoint Protection uses reputation data to make decisions about files

http://www.symantec.com/docs/HOWTO55275

VIDEO:

Symantec Download Insight in Symantec Endpoint Protection 12.1

https://www-secure.symantec.com/connect/videos/symantec-download-insight-symantec-endpoint-protection-121

Secondly, Download Insight has the following dependencies:
  • Auto-Protect must be enabled

    If you disable Auto-Protect, Download Insight cannot function even if Download Insight is enabled.

  • Insight lookups must be enabled

    Symantec recommends that you keep the Insight lookups option enabled. If you disable the option, you disable Download Insight completely.

Note: If Download Protection is not installed, Download Insight runs on the client at level 1. Any level that you set in the policy is not applied. The user also cannot adjust the sensitivity level.\

Even if you disable Download Insight, the Automatically trust any file downloaded from an intranet website option continues to function for Insight Lookup.

Reference: How Symantec Endpoint Protection protection features work together

http://www.symantec.com/docs/HOWTO55268

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

diabolicus23 の写真

The Manager could reach all the *.symantec.com domains so the functionalities of the Manager itself are verified (LiveUpdate, license verification and so on).

The clients, otherwise, cannot reach any Internet address so from what I read in that document, this functionality will not be used.

.Brian の写真

The clients needs to access the internet to check the cloud. If not, Insight portion will not work as designed.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

ソリューション
diabolicus23 の写真

Perfect Brian, this is exactly what I need to know smiley

So I will simply disable all the Insight functionalities from the group of clients without Internet access.

Thanks