Endpoint Protection

Today, a user received a Download Insight message about an EXE launched from our internal intranet website.  It said "Our information on this file is inconclusive."

Is there a way to create exceptions for files downloaded and launched from our internal intranet?

hi,

check this artical.

http://www.symantec.com/business/support/index?page=content&id=TECH173432

Hello,

Please try these Symantec Article below:

Excluding a trusted Web domain from scans http://www.symantec.com/docs/HOWTO55211

How to exclude specific Web domains from the Download Insight verification in SEP 12.1?

http://www.symantec.com/docs/TECH162264

Managing Download Insight detections http://www.symantec.com/docs/HOWTO55252

Thanks.  If I wanted to add *.mycompany.com as a trusted Internet domain so that all subdomains under it are included in the exception, what should I put as the URL?

*.mycompany.com

OR

mycompany.com

Do I need to put HTTP:// or HTTPS://

Hello,

Insert mycompany.com

Please try these Symantec Article below:

Excluding a trusted Web domain from scans http://www.symantec.com/docs/HOWTO55211

How to exclude specific Web domains from the Download Insight verification in SEP 12.1?

http://www.symantec.com/docs/TECH162264

Note: The use of port numbers, HTTPS or FTP URLs is not supported.

You specify a URL when you specify a trusted Web domain exception. HTTPS or FTP URLs are not supported. You must create individual exceptions for files or applications that users might download from an HTTPS or FTP URL.

You can find URLs for the Web domains that you want to exclude by viewing the Download Risk Distribution report.

Hope that helps!!

I've created the web domain exception.  The change has propagated, but the user is still getting the same message.  When I run the Download Risk Distribution report, the web domain column is blank.  What should I do next?

Hello,

Could you provided us the Screenshot of the error message which is being received on the client machine?

Secondly, submit file(s) to Symantec and refer them as false positives. Symantec will analyze those files and if it is confirmed that they can be trusted, the information in the file reputation database will be updated accordingly. Especially useful if the files are programs that will be distributed to other companies. The link for submission is: https://submit.symantec.com/false_positive

I would also suggest you to check these Articles below: 

Expected behavior of Download Insight http://www.symantec.com/docs/TECH171776 

Configuring Exceptions for Symantec Endpoint Protection (SEP) 12.1

http://www.symantec.com/docs/TECH176906

Hope that helps!!

I don't want to whitelist the file because that only solves the problem for this file.  I want to solve this problem for all files form our intranet site.

This option checked?

Still not working?

Yes, that option has always been checked.

Hello,

In your case there are 3 things you could do- 

1) Report a Suspected Erroneous Detection and Fill the Insight Dispute Submission Form by following the steps below:

• Connect to the website: https://submit.symantec.com/false_positive/
• Select "When downloading a file" and click on NEXT
• Select "Symantec Endpoint Protection 12.x " and click on NEXT
• Select "Download Insight"
• Click on the Button "Take me to the Insight Dispute Submission Form"
• Fill all the important Details (* marked in red)

2) Sign your files with Class-3 digital certificates (X.509) from a Certificate Authority if you need to publish softwares/files.

3) Also participate in white-listing program if needed http://www.symantec.com/docs/TECH132220

Hope that helps!!!

If its genuine please exclude it from centralized exceptions

Regards