Endpoint Protection

Hi Expert. 

Is there anyway we can prevent SEP connect to "ent-shasta-rrs.symantec.com" ??

Based on my finding, the URL above is related to Insight (https://knowledge.broadcom.com/external/article/154433/required-exclusions-for-proxy-servers-to.html)

Is there anyway we can disable this features and preventing SEP client connect to "ent-shasta-rrs.symantec.com" ?

Regards

Hi,

I would strongly advice you from disabling Insight. Care to elaborate on why?

https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/Using-policies-to-manage-security/preventing-and-handling-virus-and-spyware-attacks-v40739565-d49e172/how-uses-symantec-insight-to-make-decisions-about-v45204303-d49e3040.html
Original Message:
Sent: Jul 26, 2022 04:38 AM
From: Aaron Law
Subject: How to stop SEP connect to "ent-shasta-rrs.symantec.com"

Hi Expert.

Is there anyway we can prevent SEP connect to "ent-shasta-rrs.symantec.com" ??

Based on my finding, the URL above is related to Insight (https://knowledge.broadcom.com/external/article/154433/required-exclusions-for-proxy-servers-to.html)

Is there anyway we can disable this features and preventing SEP client connect to "ent-shasta-rrs.symantec.com" ?

Regards

Hi atb86 

Because we have few clients located in DMZ and internet is not needed. From the logs we notice the clients are trying to connect to "ent-shasta-rrs.symantec.com", so we are trying to stop the logs to generate.
Original Message:
Sent: Jul 27, 2022 02:01 AM
From: Andreas Brogren
Subject: How to stop SEP connect to "ent-shasta-rrs.symantec.com"

Hi,

I would strongly advice you from disabling Insight. Care to elaborate on why?

https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/Using-policies-to-manage-security/preventing-and-handling-virus-and-spyware-attacks-v40739565-d49e172/how-uses-symantec-insight-to-make-decisions-about-v45204303-d49e3040.html
Original Message:
Sent: Jul 26, 2022 04:38 AM
From: Aaron Law
Subject: How to stop SEP connect to "ent-shasta-rrs.symantec.com"

Hi Expert.

Is there anyway we can prevent SEP connect to "ent-shasta-rrs.symantec.com" ??

Based on my finding, the URL above is related to Insight (https://knowledge.broadcom.com/external/article/154433/required-exclusions-for-proxy-servers-to.html)

Is there anyway we can disable this features and preventing SEP client connect to "ent-shasta-rrs.symantec.com" ?

Regards

Hi,

On networks without internet connectivity, install the Dark Network client instead so you get the full definition set when "Definitions in the cloud" is unavailable. You can turn off Insight under the external communication tab for the group where those clients resides.

I would strongly recommend to enable internet connectivity to recommended Symantec/Broadcom adresses to take full advantage of the product.
Original Message:
Sent: Jul 29, 2022 11:06 AM
From: Aaron Law
Subject: How to stop SEP connect to "ent-shasta-rrs.symantec.com"

Hi atb86

Because we have few clients located in DMZ and internet is not needed. From the logs we notice the clients are trying to connect to "ent-shasta-rrs.symantec.com", so we are trying to stop the logs to generate.
Original Message:
Sent: Jul 27, 2022 02:01 AM
From: Andreas Brogren
Subject: How to stop SEP connect to "ent-shasta-rrs.symantec.com"

Hi,

I would strongly advice you from disabling Insight. Care to elaborate on why?

https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/Using-policies-to-manage-security/preventing-and-handling-virus-and-spyware-attacks-v40739565-d49e172/how-uses-symantec-insight-to-make-decisions-about-v45204303-d49e3040.html
Original Message:
Sent: Jul 26, 2022 04:38 AM
From: Aaron Law
Subject: How to stop SEP connect to "ent-shasta-rrs.symantec.com"

Hi Expert.

Is there anyway we can prevent SEP connect to "ent-shasta-rrs.symantec.com" ??

Based on my finding, the URL above is related to Insight (https://knowledge.broadcom.com/external/article/154433/required-exclusions-for-proxy-servers-to.html)

Is there anyway we can disable this features and preventing SEP client connect to "ent-shasta-rrs.symantec.com" ?

Regards

Hi,

thank you for your advice. we have turn off insight under the external communication > submission tab, but the client is still connecting to "ent-shasta-rrs.symantec.com".
Original Message:
Sent: Aug 01, 2022 01:52 AM
From: Andreas Brogren
Subject: How to stop SEP connect to "ent-shasta-rrs.symantec.com"

Hi,

On networks without internet connectivity, install the Dark Network client instead so you get the full definition set when "Definitions in the cloud" is unavailable. You can turn off Insight under the external communication tab for the group where those clients resides.

I would strongly recommend to enable internet connectivity to recommended Symantec/Broadcom adresses to take full advantage of the product.
Original Message:
Sent: Jul 29, 2022 11:06 AM
From: Aaron Law
Subject: How to stop SEP connect to "ent-shasta-rrs.symantec.com"

Hi atb86

Because we have few clients located in DMZ and internet is not needed. From the logs we notice the clients are trying to connect to "ent-shasta-rrs.symantec.com", so we are trying to stop the logs to generate.
Original Message:
Sent: Jul 27, 2022 02:01 AM
From: Andreas Brogren
Subject: How to stop SEP connect to "ent-shasta-rrs.symantec.com"

Hi,

I would strongly advice you from disabling Insight. Care to elaborate on why?

https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/Using-policies-to-manage-security/preventing-and-handling-virus-and-spyware-attacks-v40739565-d49e172/how-uses-symantec-insight-to-make-decisions-about-v45204303-d49e3040.html
Original Message:
Sent: Jul 26, 2022 04:38 AM
From: Aaron Law
Subject: How to stop SEP connect to "ent-shasta-rrs.symantec.com"

Hi Expert.

Is there anyway we can prevent SEP connect to "ent-shasta-rrs.symantec.com" ??

Based on my finding, the URL above is related to Insight (https://knowledge.broadcom.com/external/article/154433/required-exclusions-for-proxy-servers-to.html)

Is there anyway we can disable this features and preventing SEP client connect to "ent-shasta-rrs.symantec.com" ?

Regards