This issue can occur when the following prerequisites are met:
An administrator has configured set the value data of the Registry value Security_HKLM_only to 1. This value is located here: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Please see Microsoft support article 833633 (http://support.microsoft.com/kb/833633) for more information on this Registry value.
An administrator has enabled the setting "Automatically trust any file downloaded from a trusted Internet or intranet site." within the Download Protection portion of the Virus and Spyware Protection policy for Symantec Endpoint Protection (SEP)
A user has added a internet or intranet site to Trusted sites within Internet Explorer.
Expected behavior: Websites added by users should not be automatically trusted by Symantec Endpoint Protection 12.1 since the Registry value Security_HKLM_only is set to 1.
Actual behavior: Websites added by users can sometimes be automatically trusted by Symantec Endpoint Protection 12.1, even when Security_HKLM_only is set to 1.
Some versions of Internet Explorer save the URL entered by a user into Trusted Sites to both the
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\Domains Registry locations.
When Security_HKLM_only is set to 0 or does not exist, SEP will read from both Registry locations respectively to determine which sites should be trusted. When Security_HKLM_only is set to 1, SEP will only read from the first Registry location (
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\Domains), however, since Internet Explorer has written the website's URL to this location, SEP will trust it.
This is not a Symantec issue. Please upgrade Internet Explorer to a version which does not exhibit this behavior.
Imported Document ID: TECH214758
Subscribing will provide email updates when this Article is updated. Login is required.