search cancel

Download Insight detects files from Trusted Web Domains

book

Article ID: 163868

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Symantec Endpoint Protection (SEP) clients detect files downloaded over HTTPS from Web sites that are included in the Exceptions policy as a Trusted Web Domain

Environment

Computers configured with Microsoft's Enhanced Mitigation Experience Toolkit (EMET)

Cause

This problem can happen when computers are configured with Microsoft's EMET. EMET protects the processes running on Windows computers from malicious process injection/tampering. The SEP client gets URL information from HTTPS downloads by injecting IPSEng32.dll into running Web browser processes. When EMET is configured to protect Internet Explorer or other Web browsers, the SEP client is unable to inject IPSEng32.dll into those browser processes and can't check the URL against the Trusted Web Domains exceptions.

Resolution

To use Trusted Web Domains exceptions for HTTPS Web sites, you must disable EMET protection for the Web browser(s) used to download files from these URLs.