You can direct client reputation queries (Insight lookups) from a group to a private intranet server. The private server can be the Symantec Endpoint Detection and Response appliance or the Symantec Insight for Private Clouds server that you purchase and install separately in your network.
The following are the private server options for groups:
Symantec Endpoint Detection and Response
Symantec EDR servers gather data about client detections and provide forensic analysis. When you use a Symantec EDR server, Symantec Endpoint Protection sends all reputation queries (lookups) and most types of client submissions to Symantec EDR. Symantec EDR then sends the queries or submissions to Symantec. Note that Symantec EDR receives antivirus, SONAR, and IPS submissions, but it does not receive file reputation submissions. Symantec Endpoint Protection always sends file reputation submissions directly to Symantec.
Symantec Insight for Private Clouds
This option redirects the reputation queries from clients in the group to a private Insight server. The private Insight server stores a copy of Symantec's Insight reputation database. The private Insight server handles the reputation queries rather than Symantec's Insight server. When you use a private Insight server, clients continue to send submissions about detections to Symantec. Typically, you use a private Insight server in a dark network, which is a network that is disconnected from the Internet. In that case, Symantec cannot receive any client submissions.
You can also copy the private server configuration to other client groups.
You can specify multiple private servers to load balance network traffic. You can also specify multiple groups of servers to manage failover.
When you choose to enable an EDR server, the EDR connection status appears in the client user interface as well as the management console logs and reports. To communicate with the EDR server, the Symantec Endpoint Protection client must at a minimum run Virus and Spyware Protection.
If you enable private servers for groups, 12.1.5 and earlier clients in those groups cannot use Symantec servers if the designated private server is not available. 12.1.5 and earlier clients cannot use the priority list and must be configured to use a single server.
To configure client groups to use a private server
In the console, go to Clients and select the group that should use the private server list.
On the Policies tab, click External Communications Settings
On the Private Cloud tab, click Enable private servers to manage my data.
Depending on which type of server you use, click Use an Advanced Threat Protection server for Insight lookups and submissions or Use a private Insight server for Insight lookups.
You should not mix server types in the priority list.
Click Use Symantec servers when private servers are not available if you want clients to use Symantec servers for reputation queries and client antivirus and SONAR submissions.
Clients always send file reputation submissions to Symantec.
Under Private Servers, click Add > New Server.
In the Add Private Server dialog, select the protocol and then enter the host name for the URL.
Specify the port number for the server.
To designate this server as the single server that 12.1.5 and earlier clients use, click Use this server as the private Insight server for 12.1.5 clients and earlier. The 12.1.5 and earlier clients cannot use a server list, so you must specify which server these legacy clients should use.
To add a priority group, click Add > New Group.
To apply the settings to additional client groups, click Copy settings. Select the groups and locations, and then click OK.
Subscribing will provide email updates when this Article is updated. Login is required.