Endpoint Protection

 View Only

  • 1.  SEP12.1 - Download insight intranet detection

    Posted Sep 14, 2011 05:19 AM

    Hello,

    According to the documentation, Download insight doesn't check download from intranet website if those are in the "trusted sites" in Internet options.

    "Download Insight recognizes explicitly configured trusted sites only. Wildcards are allowed, but non-routable IP address ranges are not supported. For example, Download Insight does not recognize 10.*.*.* as a trusted site. Download Insight also does not support the sites that the Internet Options > Security > Automatically detect intranet network option discovers. FTP sites are also not supported."

    However, after some tests, this is not working.

    Exemple:

    I add "http://myserver.mydom.com" in the trusted web site list in internet options.

    I download a virus file (which is actually not recognize as a virus with the standard auto protect) from IE: http://myserver.mydom.com/services.exe

    Download insight still put my download under quarantine and show me the windows alert...

    Is there something I'm missing / I have to check ?

     

    Thank you,

    Regards



  • 2.  RE: SEP12.1 - Download insight intranet detection

    Posted Sep 14, 2011 05:36 AM

    "Automatically trust any file downloaded from an intranet website" is already checked in antivirus policy



  • 3.  RE: SEP12.1 - Download insight intranet detection
    Best Answer

    Trusted Advisor
    Posted Sep 14, 2011 11:44 AM

    Hello,

    Please try these Symantec Article below:

     

    Excluding a trusted Web domain from scans
     
     
    How to exclude specific Web domains from the Download Insight verification in SEP 12.1?
     
     
    Managing Download Insight detections
     
     
     
    NOTE: Download Insight has the following dependencies:

    • Auto-Protect must be enabled

      If you disable Auto-Protect, Download Insight cannot function even if Download Insight is enabled.

    • Insight lookups must be enabled

      Symantec recommends that you keep the Insight lookups option enabled. If you disable the option, you disable Download Insight completely.

     

    Note: If Download Protection is not installed, Download Insight runs on the client at level 1. Any level that you set in the policy is not applied. The user also cannot adjust the sensitivity level.

    Even if you disable Download Insight, the Automatically trust any file downloaded from an intranet website option continues to function for Insight Lookup.
     
     
    Hope that helps!!


  • 4.  RE: SEP12.1 - Download insight intranet detection

    Posted Sep 15, 2011 04:39 AM

    The exclusion policy solve the problem, thank you !