With the specific configuration in place as described, this is working as designed.
- Symantec Endpoint Protection Auto-Protect does not use full reputation with every scan. It can use reputation to block malicious downloads as part of the optional Download Insight feature.
- Symantec Endpoint Protection scheduled/manual scans can use reputation, if configured to do so.
- Also, Symantec Endpoint Protection SONAR can use reputation as part of its defenses.
Manual and Scheduled scans can use full internal (IRON) and cloud-based community/Symantec reputation information as part of their scans, when configured to do so. (When Insight Lookup is enabled, these scans use the latest definitions from the cloud and the Insight reputation database to make decisions about files. If you disable Insight lookups, Insight Lookup uses the latest definitions only to make decisions about files.) For more information, see Customizing the virus and spyware scans that run on Windows computers.
Download Insight is an optional/add-on Auto-Protect feature. It is purely reputation based. If there is no reputation in use (or no Auto-Protect), then Download Insight cannot function. See Managing Download Insight detections.
SONAR (PTP) uses reputation data in addition to heuristics to make detections. It is possible to run SONAR with reputation-checking disabled, but then it is purely heuristic and not as effective. See About SONAR.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)