Configuring client groups to use private servers for reputation queries and submissions
You can direct client reputation queries (Insight lookups) from a group to a private intranet server. The private server can be the
Symantec Endpoint Detection and Responseappliance or the Symantec Insight for Private Clouds server that you purchase and install separately in your network.
The following are the private server options for groups:
- Symantec Endpoint Detection and ResponseSymantec EDRservers gather data about client detections and provide forensic analysis. When you use aSymantec EDRserver,Symantec Endpoint Protectionsends all reputation queries (lookups) and most types of client submissions toSymantec EDR.Symantec EDRthen sends the queries or submissions to Symantec. Note thatSymantec EDRreceives antivirus, SONAR, and IPS submissions, but it does not receive file reputation submissions.Symantec Endpoint Protectionalways sends file reputation submissions directly to Symantec.
- Symantec Insight for Private CloudsThis option redirects the reputation queries from clients in the group to a private Insight server. The private Insight server stores a copy of Symantec's Insight reputation database. The private Insight server handles the reputation queries rather than Symantec’s Insight server. When you use a private Insight server, clients continue to send submissions about detections to Symantec. Typically, you use a private Insight server in a dark network, which is a network that is disconnected from the Internet. In that case, Symantec cannot receive any client submissions.
For more information, see:
You can also copy the private server configuration to other client groups.
You can specify multiple private servers to load balance network traffic. You can also specify multiple groups of servers to manage failover.
When you choose to enable an EDR server, the EDR connection status appears in the client user interface as well as the management console logs and reports . To communicate with the EDR server, the
Symantec Endpoint Protectionclient must at a minimum run Virus and Spyware Protection.
- To configure client groups to use a private server
- In the console, go toClientsand select the group that should use the private server list.
- On thePoliciestab, clickExternal Communications Settings
- On thePrivate Cloudtab, clickEnable private servers to manage my data.
- Depending on which type of server you use, clickUse an Advanced Threat Protection server for Insight lookups and submissionsorUse a private Insight server for Insight lookups.You should not mix server types in the priority list.
- ClickUse Symantec servers when private servers are not availableif you want clients to use Symantec servers for reputation queries and client antivirus and SONAR submissions.Clients always send file reputation submissions to Symantec.
- UnderPrivate Servers, clickAdd > New Server.
- In theAdd Private Serverdialog, select the protocol and then enter the host name for the URL.
- Specify the port number for the server.
- To add a priority group, clickAdd > New Group.
- To apply the settings to additional client groups, clickCopy settings. Select the groups and locations, and then clickOK.