The Symantec Endpoint Protection (SEP) 12.1 client detects a file using Download Insight, but is unable to detect or display the origin domain.

Download Insight
Origin
Downloaded from N/A
 

The file is downloaded through a proxy server, and the proxy server IP address is listed in the Network Intrusion Prevention excluded hosts.

The issue may also occur with HTTPS downloads in SEP versions prior to 12.1 RU2 (without the proxy server exclusion configuration described above).

Remove the proxy server IP address from the Network Intrusion Prevention list of excluded hosts.

In the Symantec Endpoint Protection Manager (SEPM):

• Configure the Intrusion Prevention Policy
• Select the Settings tab
• Open the Excluded Hosts dialog, and verify if the proxy server IP address is included within the ranges, subnets, or individual IP addresses that are excluded.