How Symantec Endpoint Protection uses Symantec Insight to make decisions about files
Symantec Endpoint Protectionuses Symantec Insight to make decisions about files
Symantec collects information about files from its global community of millions of users and its Global Intelligence Network. The collected information is available to Symantec products in the cloud through Symantec Insight. Symantec Insight provides a file reputation database and the latest virus and spyware definitions.
Symantec products leverage Insight to protect client computers from new, targeted, and mutating threats. The data is sometimes referred to as being in the cloud since it does not reside on the client computer.
Symantec Endpoint Protectionmust request or query Insight for information. The queries are called reputation lookups, cloud lookups, or Insight lookups.
Insight reputation ratings
Symantec Insight determines each file's level of risk or security rating. The rating is also known as the file's reputation.
Insight determines a file's security rating by examining the following characteristics of a file and its context:
- The source of the file
- How new the file is
- How common the file is in the community
- Other security metrics, such as how the file might be associated with malware
Scanning features in
Symantec Endpoint Protectionleverage Insight to make decisions about files and applications. Virus and Spyware Protection includes a feature that is called Download Insight. Download Insight requires reputation information to make detections. SONAR also uses reputation information to make detections.
You can change the Insight lookups setting on the
Clientstab. Go to
Policies > Settings > External Communications > Client Submissions.
Starting in 14, on standard and embedded/VDI clients, the Insight lookups option also allows Auto-Protect and scheduled and manual scans to look up file reputation information as well as definitions in the cloud. Symantec recommends that you keep the option enabled.
Download Insight, SONAR, and virus and spyware scans use Insight lookups for threat detection. Symantec recommends that you always allow Insight lookups. Disabling lookups disables Download Insight and impairs the functionality of SONAR heuristics and virus and spyware scans.
File reputation submissions
By default, a client computer sends information about reputation detections to Symantec Security Response for analysis. The information helps to refine Insight's reputation database and the latest definitions in the cloud. The more clients that submit information the more useful the reputation database becomes.
Symantec recommends that you keep client submissions for reputation detections enabled.