Endpoint Protection

 View Only

Download Insight in SEP 12.1 

May 17, 2012 06:21 AM

Hello Everyone,

Auto-Protect includes a feature that is called Download Insight, which examines the files that users try to download through Web browsers, text messaging clients, and other portals.

Supported portals include Internet Explorer, Firefox, Microsoft Outlook, Outlook Express, Windows Live Messenger, and Yahoo Messenger.

Download Insight determines that a downloaded file might be a risk based on evidence about the file's reputation. Download Insight is supported only for the clients that run on Windows computers.

You can enable or disable Download Insight and change how sensitive Download Insight is to potentially malicious files. You can also specify the additional criteria that Download Insight uses when it makes a decision about a file. Use these settings to help control the number of false positive detections.

You might want to customize Download Insight settings to decrease false positive detections on client computers. You can change how sensitive Download Insight is to the file reputation data that it uses to characterize malicious files. You can also change the notifications that Download Insight displays on client computers when it makes a detection

Few Helpful Articles:

Customizing Download Insight settings


Why in spite of having Download Insight and Autoprotect enabled in SEP client 12.1, some files are only detect after being downloaded?


Managing Download Insight detections


“Expected behavior of Download Insight”



0 Favorited
1 Files
pdf file
Insight FAQ version 2.pdf   437 KB   1 version
Uploaded - Apr 10, 2020

Tags and Keywords


Oct 12, 2017 01:24 PM

hi guys i see you have the http://sh.st/AeotZ problem as well so i scanned my pc with malwarebytes and here is a pic of the important things 

https://ibb.co/cw3Mdw  here is the pic  i will give you the code of the file here  -------------------------------------------------------------------------------------------------------------------------------- 

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">  
<Actions Context="Author">    
<Principal id="Author">      

the first interesting thing in this code is that it sets the author to your account name on your pc it probably it is just because windows needs a author in a task file

but by that logic we can know on which account the virus was injected on.

then we have this set of lines
this just executes the link through explorer so it opens in the default browser

also on the start of the code it has a date so we can know when the computer was infected with the virus 

so i have nothing more to say so if you guys have any idea why symantec is doing this please let me know

but i think it's because the products were not selling well

so they made a little malware\virus pointing to their website but throught a sh.st link so they can make money but that is just my idea :P

**also if the link to the pic is not working then delete "%C2%A0" at the end of it

Sep 18, 2017 07:17 AM

打开计算机管理,找到 SVC Update,禁用就行了....

Sep 15, 2017 09:07 AM

Thank you very much.But  something still opens my browser,jump to this webpage,I can't find the "PPI Updatesas Weiho above.

Sep 14, 2017 07:53 AM

Use Cleanwipe:


Sep 14, 2017 07:51 AM

hi,symantec,I have uninstalled the symantec ,but everyday ,my brower will auto run and open the link "http://sh.st/AeotZ" ,and play ads.When I click the button "skip this ad",it will jump to the "https://www.symantec.com/connect/blogs/download-insight-sep-121" page.So please tell me how to get rid of symantec completely

Sep 04, 2016 11:53 AM

it works, thanks~

Sep 03, 2016 01:18 PM

I have had the same problem and I just solved it. You can either disable or delete the ''PPI Updates'' in Task scheduler. You should be able to find it in the main window if not you should be find it somewhere in the task scheduler library. Since I deleted it I have no more issues.

Aug 27, 2016 07:37 AM

This is Norton NOT SEP. Post over in the Norton community:


Aug 27, 2016 03:13 AM

Hello, i just registered in this page just to comment. i tried every method but i couldn't stop your link from making a chrome redirect pop-up tab. it ususlly happenes when i'm idle or playing a game. it looks like your product is made to help other computers' security, but i think this kind of advertising method is not safe at all. and it seems like i'm not the only one having this problem. if you are confident that your product is made to protect our browsers and computers, please help me to get protected from your illegal adware. please prove your product is worth downloading by advertising your product legally, properly and formerly so you will gain more trust from people. that's how you make more people make use of your product.


in one sentence, please tell me how to stop your pop-up ads. thank you.

Jun 27, 2016 11:19 PM

Having the same problem as Weiho above. Every night at about 10 pm chrome opens a link to this page. I can assure you I will not be using any of your products in the future as I consider this harrasment.

Jun 26, 2016 12:02 PM


My chrome brower always pop out this webpage everydayat 23:48p.m. 

The only connection is that once I used the symantec to clean virus ramnit.A or ramnit.B. 

After the behavior of poping out webpage, I used the "Spyhunter"&"Norton", but they didn't work.

Hope that I didn't bother you but it's annoying indeed. Would you give me some advices? Thx~~


Hsu weiho


Dec 21, 2012 08:09 AM

Thanks for the fast response, the information you have provided is very useful.




Dec 21, 2012 07:41 AM


Supported Web browsers are as per the following.

• Microsoft Internet Explorer 7, 8, 9, or 10
• Mozilla Firefox 3.6 through 15.0.1
• Google Chrome, through 22.0.1229.79

Note: This list of supported browsers applies to the Symantec Endpoint Protection Manager only. For a list of supported browsers for Browser Intrusion Prevention, please see Supported Browser versions for Browser Intrusion Prevention


Also check this article.

System Requirements for Symantec Endpoint Protection, Enterprise and Small Business Editions, and Network Access Control 12.1.2


Dec 21, 2012 07:33 AM

Hi Chetan,


Is chrome support on the roadmap? (We have many web devs using chrome)




May 29, 2012 11:04 AM


It won't degrade the performance. 

May 29, 2012 07:34 AM


Thanks for the info..iam having one doubt..whether it will affect the performance if we turned ON both insight and auto protect?

Related Entries and Links

No Related Resource entered.