Endpoint Protection

 View Only
  • 1.  Download Insight Trusted Web domain exception

    Posted Mar 23, 2020 04:34 AM
    Hello,

    Does anyone know if this "Trusted Web domain" exception applies to SCCM deployments? We are still getting a lot of WS.Reputation.1 detections (mainly Unproven file detections).
    Are these SCCM deployments classified as non-portal files because as per the definition below I suppose yes?
    Also note that in the risk report, for Web domain it is blank so will really "Trusted Web domain" exception work for such deployments and if not, what is the solution so we can exclude the SCCM servers from Download Insight detections?

    What are portal files?
    Download Insight marks a file as a portal file when it examines a file that a user downloads
    from a supported portal. Scheduled and on-demand scans, Auto-Protect, and Download Insight
    evaluate the reputation of portal files using the sensitivity level that is set for Download Insight.
    Note: Download Insight must be enabled to mark files as portal files.
    Supported portals include: Internet Explorer, Firefox, Microsoft Outlook, Outlook Express,
    Google Chrome, Windows Live Messenger, and Yahoo Messenger. The portal list (or
    Auto-Protect portal list) is part of the Virus and Spyware Protection content that LiveUpdate
    downloads to the management server or the client.
    Scans and Download Insight always evaluate non-portal files with a default internal sensitivity
    level that Symantec sets. The internal default detects only the most malicious files.


    Regards,
    Stefan


  • 2.  RE: Download Insight Trusted Web domain exception

    Posted Mar 26, 2020 09:08 AM
    Is anyone from Symantec monitoring the forum?


  • 3.  RE: Download Insight Trusted Web domain exception

    Broadcom Employee
    Posted Mar 27, 2020 01:23 PM
    Hi there,

    SCCM uses SMB which is not a supported portal so I don't believe Trusted Web Domain exception will work in that regard.  You could set up exclusions for the specific files being detected as well.  You can also submit as a False Positive as well.

    If you need more information I would def suggest opening up a Support case.

    Thanks,

    ------------------------------
    John Owens
    Principal Product Support
    Symantec
    United States
    ------------------------------



  • 4.  RE: Download Insight Trusted Web domain exception

    Posted Mar 28, 2020 03:17 AM

    Hi John, 

    I understand that it will not be a supported portal, but then Download Insight should mark these files that are downloaded from the SCCM server as non-portal files, am I wrong? And as per the definition that I posted above it should be:

    "Scans and Download Insight always evaluate non-portal files with a default internal sensitivity level that Symantec sets. The internal default detects only the most malicious files"

    So does it mean that "Trusted Web Domain" exception works only for portal files and doesn't work for non-portal files?

    Regards,
    Stefan




  • 5.  RE: Download Insight Trusted Web domain exception

    Posted Apr 08, 2020 12:19 PM
    Thanks for the great feedback.  mcdvoice


  • 6.  RE: Download Insight Trusted Web domain exception

    Posted Mar 30, 2023 10:15 AM

    Thanks for this thread!



    ------------------------------
    https://vanityroofing.cahttps://vanityroofing.ca
    ------------------------------