Managing Download Insight detections
Auto-Protect includes a feature that is called Download Insight, which examines the files that users try to download through Web browsers, text messaging clients, and other portals.
Supported portals include Internet Explorer, Firefox, Microsoft Outlook, Outlook Express, Google Chrome, Windows Live Messenger, and Yahoo Messenger.
Download Insight determines that a downloaded file might be a risk based on evidence about the file's reputation. Download Insight is supported only for the clients that run on Windows computers.
If you install Auto-Protect for email on your client computers, Auto-Protect also scans the files that users receive as email attachments.
For more information, see:
Learn how Download Insight uses reputation data to make decisions about files
Download Insight uses reputation information exclusively when it makes decisions about downloaded files. It does not use signatures or heuristics to make decisions. If Download Insight allows a file, Auto-Protect or SONAR scans the file when the user opens or runs the file. See:
View the Download Risk Distribution report to view Download Insight detections
You can use the Download Risk Distribution report to view the files that Download Insight detected on your client computers. You can sort the report by URL, Web domain, or application. You can also see whether a user chose to allow a detected file.
Risk details for a Download Insight detection show only the first portal application that attempted the download. For example, a user might use Internet Explorer to try to download a file that Download Insight detects. If the user then uses Firefox to try to download the file, the risk details show Internet Explorer as the portal.
The user-allowed files that appear in the report might indicate false positive detections.
You can also specify that you receive email notifications about new user-allowed downloads. See:
Users can allow files by responding to notifications that appear for detections.
Administrators receive the report as part of a weekly report that
Symantec Endpoint Protection Managergenerates and emails. You must have specified an email address for the administrator during installation or configured as part of the administrator properties. You can also generate the report from the
Reportstab in the console. See:
Create exceptions for specific files or Web domains
You can create an exception for an application that your users download. You can also create an exception for a specific Web domain that you believe is trustworthy. See:
If your client computers use a proxy with authentication, you must specify trusted Web domain exceptions for Symantec URLs. The exceptions let your client computers communicate with Symantec Insight and other important Symantec sites.
For information about the recommended exceptions, see the following articles:
By default, Download Insight does not examine any files that users download from a trusted Internet or intranet site. You configure trusted sites and trusted local intranet sites on the
Windows Control Panel > Internet Options > Securitytab. When the
Automatically trust any file downloaded from an intranet siteoption is enabled,
Symantec Endpoint Protectionallows any file that a user downloads from any sites in the lists.
Symantec Endpoint Protectionchecks for updates to the Internet Options trusted sites list at user logon and every four hours.
Download Insight recognizes only explicitly configured trusted sites. Wildcards are allowed, but non-routable IP address ranges are not supported. For example, Download Insight does not recognize 10.*.*.* as a trusted site. Download Insight also does not support the sites that are discovered by the
Internet Options > Security > Automatically detect intranet networkoption.
Make sure that Insight lookups are enabled
Download Insight requires reputation data from Symantec Insight to make decisions about files. If you disable Insight lookups, Download Insight runs but detects only the files with the worst reputations. Insight lookups are enabled by default. See:
Customize Download Insight settings
You might want to customize Download Insight settings for the following reasons:
For more information, see:
Allow clients to submit information about reputation detections to Symantec
By default, clients send information about reputation detections to Symantec.
Symantec recommends that you enable submissions for reputation detections. The information helps Symantec address threats. See: