Understanding server data collection and client submissions and their importance to the security of your network

By default,
Symantec Endpoint Protection
clients and
Symantec Endpoint Protection Manager
submit some types of pseudonymous information to Symantec. Clients can also send non-pseudonymous data to Symantec to get customized analysis. You can control whether or not your clients or
Symantec Endpoint Protection Manager
submit information.
Both server data and client submissions are critical to improving the security of your network.
Refer to the following topics for more information:

What is server data collection?

Server data is part of the information that helps Symantec measure and improve the efficacy of detection technologies.
Symantec Endpoint Protection Manager
submits the following types of pseudonymous information to Symantec:
  • Licensing information, which includes the name, version, language, and licensing entitlement data
  • Usage of
    Symantec Endpoint Protection
    protection features
  • Information about
    Symantec Endpoint Protection
    configuration. The information includes operating system information, server hardware and software configuration, CPU size, memory size, and software version and features for installed packages
You can change the server submissions setting during installation, or change the setting on the server's
Site Properties > Data Collection
tab in the console.
Symantec always recommends that you keep server data collection enabled.

What are pseudonymous client submissions?

Symantec Endpoint Protection
clients automatically submit pseudonymous information about detections, network, and configuration to Symantec Security Response. Symantec uses this pseudonymous information to address new and changing threats as well as to improve product performance. Pseudonymous data is not directly identified with a particular user.
The detection information that clients send includes information about antivirus detections, intrusion prevention, SONAR, and file reputation detections.
Mac client submissions do not include SONAR or file reputation submissions. Linux clients do not support any client submissions.
The pseudonymous information that clients send to Symantec benefits you by:
  • Increasing the security of your network
  • Optimizing product performance
In some cases, however, you might want to prevent your clients from submitting some information. For example, your corporate policies might prevent your client computers from sending any network information to outside entities. You can disable a single type of submission, such as submission of network information, rather than disabling all types of client submissions.
Symantec recommends that you always keep client submissions enabled. Disabling submissions might interfere with faster resolution of false positive detections on the applications that are used exclusively in your organization. Without information about the malware in your organization, product response and Symantec response to threats might take longer.
For more information, see:

What are non-pseudonymous client submissions?

You can choose to submit non-pseudonymous client information to Symantec. This type of information provides insight into your security challenges that helps Symantec recommend customized solutions.
  • You should use this option only if you participate in a Symantec-sponsored program that provides you custom analysis.
  • The option is disabled by default.
For more information, see:

Concerns about privacy

Symantec makes every attempt to pseudonymize the client submission data.
  • Only suspicious executable files are submitted.
  • User names are removed from path names.
  • Computers and enterprises are identified by unique pseudonymized values.
  • IP addresses are used for geographic location and then discarded.
For more information about privacy, see the following document:

Concerns about bandwidth usage

Symantec Endpoint Protection
minimizes the impact of client submissions on your network bandwidth.
You can check the Client Activity log to view the types of submissions that your client computers send and to monitor bandwidth usage. See: