Configuring client groups to use private servers for reputation queries and submissions

You can direct client reputation queries (Insight lookups) from a group to a private intranet server. The private server can be the
Symantec Endpoint Detection and Response
appliance or the Symantec Insight for Private Clouds server that you purchase and install separately in your network.
The following are the private server options for groups:
  • Symantec Endpoint Detection and Response
    Symantec EDR
    servers gather data about client detections and provide forensic analysis. When you use a
    Symantec EDR
    server,
    Symantec Endpoint Protection
    sends all reputation queries (lookups) and most types of client submissions to
    Symantec EDR
    .
    Symantec EDR
    then sends the queries or submissions to Symantec. Note that
    Symantec EDR
    receives antivirus, SONAR, and IPS submissions, but it does not receive file reputation submissions.
    Symantec Endpoint Protection
    always sends file reputation submissions directly to Symantec.
  • Symantec Insight for Private Clouds
    This option redirects the reputation queries from clients in the group to a private Insight server. The private Insight server stores a copy of Symantec's Insight reputation database. The private Insight server handles the reputation queries rather than Symantec’s Insight server. When you use a private Insight server, clients continue to send submissions about detections to Symantec. Typically, you use a private Insight server in a dark network, which is a network that is disconnected from the Internet. In that case, Symantec cannot receive any client submissions.
For more information, see:
You can also copy the private server configuration to other client groups.
You can specify multiple private servers to load balance network traffic. You can also specify multiple groups of servers to manage failover.
When you choose to enable an EDR server, the EDR connection status appears in the client user interface as well as the management console logs and reports . To communicate with the EDR server, the
Symantec Endpoint Protection
client must at a minimum run Virus and Spyware Protection.
  1. To configure client groups to use a private server
  2. In the console, go to
    Clients
    and select the group that should use the private server list.
  3. On the
    Policies
    tab, click
    External Communications Settings
  4. On the
    Private Cloud
    tab, click
    Enable private servers to manage my data
    .
  5. Depending on which type of server you use, click
    Use an Advanced Threat Protection server for Insight lookups and submissions
    or
    Use a private Insight server for Insight lookups
    .
    You should not mix server types in the priority list.
  6. Click
    Use Symantec servers when private servers are not available
    if you want clients to use Symantec servers for reputation queries and client antivirus and SONAR submissions.
    Clients always send file reputation submissions to Symantec.
  7. Under
    Private Servers
    , click
    Add > New Server
    .
  8. In the
    Add Private Server
    dialog, select the protocol and then enter the host name for the URL.
  9. Specify the port number for the server.
  10. To add a priority group, click
    Add > New Group
    .
  11. To apply the settings to additional client groups, click
    Copy settings
    . Select the groups and locations, and then click
    OK
    .