Endpoint Protection

 View Only
  • 1.  Does Insight require client access to Internet?

    Posted Dec 04, 2012 06:11 AM

    Hi all.

    The question is simple: if I enable the Insight Lookup for Scan or the Insight for Download, the client must connect to Internet directly (with or without proxy) or is the SEP Manager that perform the enquiry?

    In other words, my clients don't have Internet connection: could I use Insight or not?

     

    Thanks in advance

     

    PS If this can help, I'm on SEP 12.1.2



  • 2.  RE: Does Insight require client access to Internet?

    Posted Dec 04, 2012 06:25 AM

    Its a part of Autoprotect , so those definitions will take care of it. The update can be from manager or internet

    Auto-Protect includes a feature that is called Download Insight, which examines the files that users try to download through Web browsers, text messaging clients, and other portals.

    https://www-secure.symantec.com/connect/blogs/download-insight-sep-121



  • 3.  RE: Does Insight require client access to Internet?

    Trusted Advisor
    Posted Dec 04, 2012 06:37 AM

    Hello,

    SEP 12.1 is designed to communicate with certain Internet URLs to validate licenses, submit samples of suspicious files and use the new file reputation security features.  If a proxy or corporate firewall blocks access to these URLs, then errors will result.

    Insight: URL that SEP clients send reputation requests to. https://ent-shasta-rrs.symantec.com

    Check this Article:

    Required exclusions for proxy servers to allow Symantec Endpoint Protection to connect to Symantec reputation and licensing servers

    http://www.symantec.com/docs/TECH162286

    Expected behavior of Download Insight http://www.symantec.com/docs/TECH171776

    How Symantec Endpoint Protection uses reputation data to make decisions about files

    http://www.symantec.com/docs/HOWTO55275

    VIDEO:

    Symantec Download Insight in Symantec Endpoint Protection 12.1

    https://www-secure.symantec.com/connect/videos/symantec-download-insight-symantec-endpoint-protection-121

     

    Secondly, Download Insight has the following dependencies:
    • Auto-Protect must be enabled

      If you disable Auto-Protect, Download Insight cannot function even if Download Insight is enabled.

    • Insight lookups must be enabled

      Symantec recommends that you keep the Insight lookups option enabled. If you disable the option, you disable Download Insight completely.

    Note: If Download Protection is not installed, Download Insight runs on the client at level 1. Any level that you set in the policy is not applied. The user also cannot adjust the sensitivity level.\

    Even if you disable Download Insight, the Automatically trust any file downloaded from an intranet website option continues to function for Insight Lookup.

    Reference: How Symantec Endpoint Protection protection features work together

    http://www.symantec.com/docs/HOWTO55268

    Hope that helps!!


  • 4.  RE: Does Insight require client access to Internet?
    Best Answer

    Posted Dec 04, 2012 06:38 AM

    The clients needs to access the internet to check the cloud. If not, Insight portion will not work as designed.



  • 5.  RE: Does Insight require client access to Internet?

    Posted Dec 04, 2012 06:38 AM

    For what I know, autoprotect perform a first check. If the file is seen as suspicious, a lookup must be performed.

     

    In the reported documents, I read:

    "While some reputation information is cached on each client, reputation lookups for newly downloaded files require a connection to Symantec."

    Not so clear to me. That connection must be performed from the client or is the Manager that take care of it?

     

    So my question is still "alive": does the client need an Internet connection in order to use all the funcionality provided by Insight (scan, download and so on)?



  • 6.  RE: Does Insight require client access to Internet?

    Posted Dec 04, 2012 06:43 AM

    The Manager could reach all the *.symantec.com domains so the functionalities of the Manager itself are verified (LiveUpdate, license verification and so on).

    The clients, otherwise, cannot reach any Internet address so from what I read in that document, this functionality will not be used.



  • 7.  RE: Does Insight require client access to Internet?

    Posted Dec 04, 2012 06:44 AM

    Perfect Brian, this is exactly what I need to know smiley

    So I will simply disable all the Insight functionalities from the group of clients without Internet access.

     

    Thanks