Endpoint Protection

 View Only

  • 1.  Level of security in SEPM

    Posted Nov 06, 2011 08:44 PM

    SEPM has been block some of my applications from running normally, and i want to block or quarantine it if its a found risk.

    how do we determine:

     

    -          the level of risk is high risk or low risk?

     

    -          the aggressive mode and automatic of heuristic virus detection?

     

    -          the sensitivity level of truscan?

    How does symantec checks that its is a high risk file?

     

    Thanks



  • 2.  RE: Level of security in SEPM

    Posted Nov 07, 2011 04:59 AM

    Hi Paranormal,

    The technology used in SEP 11 is different from that in SEP 12.1.   Which versions are you using?  The things to check will depend on what technology and components you have, and how they are configured.

    Also: where are you seeing these applications being blocked-?  Are you running a report that shows the applications being blocked-?

    Here is some recommended reading which will shed some light:

    What is new in Symantec Endpoint Protection 12.1?
    Article: TECH163413 | Created: 2011-06-28 | Updated: 2011-08-08 |
    Article URL http://www.symantec.com/docs/TECH163413  
     

    Components of Symantec Endpoint Protection
    Article: HOWTO55091 | Created: 2011-06-29 | Updated: 2011-10-10 |
    Article URL http://www.symantec.com/docs/HOWTO55091  
     

    Feature mapping between 11.x and 12.1 clients
    Article: HOWTO55359 | Created: 2011-06-29 | Updated: 2011-10-10 |
    Article URL http://www.symantec.com/docs/HOWTO55359

    Handling and preventing SONAR false positive detections
    Article: HOWTO55273 | Created: 2011-06-29 | Updated: 2011-10-10 |
    Article URL http://www.symantec.com/docs/HOWTO55273

    Please supply some additional details and the experienced admins in this Connect Forum can provide some recommendations. 

    Thanks and bets regards,

    Mick

     



  • 3.  RE: Level of security in SEPM

    Trusted Advisor
    Posted Nov 07, 2011 07:08 AM

    Hello,

    Make sure you have the Level of "Download Insight" at 5 Typical.

     

     

    Download Insight determines that a downloaded file might be a risk based on evidence about the file's reputation. Symantec collects information about files to determine their reputation and makes the information available to Download Insight. The slider indicates a range of reputations, from most likely to be malicious to least likely to be malicious.
     
    You can adjust the slider to change the reputation level at which files are considered malicious or unproven.
     
    When you set the sensitivity level higher, Download Insight detects more files as malicious and considers fewer files as unproven. At higher levels, Download Insight returns more false positive detections. Only the files with the best reputations are allowed.
     
    At lower sensitivity levels, Download Insight detects fewer files as malicious and returns fewer false positive detections. However, more files are considered unproven.
     
    Note: Move the slider to view a description of each level. Each description provides information about how the level allows or blocks files and its potential false positive rate.