Insight is a technology included with Symantec Protection Engine (SPE) which performs SHA256 hash matching requests to external Symantec servers for Portable Executable (PE) files. In some instances the process fails to complete with an error.
When a scan request is sent to the Symantec Protection Engine there are several different evaluations performed against each file. For the purposes of Insight the following occurs:
In nearly all circumstances a ResultID 17 indicates the external Symantec server had an issue completing the request. As a response the server sends back RESULT_INSIGHT_INTERNAL_ERROR which Symantec Protection Engine assigns to the code pair Insight:17.
There is an expectation that a small percentage of requests will not be successful resulting in an Insight ID 17 return. Since the files are scanned prior to the Insight evaulation by AV definitions there is very little risk if the virus definitios are current.
The situation to be concerned about is as follows:
If the above is true, it is recommended to contact Symantec Support. There is a possibility of an Insight server outage or some currently unknown cause that can result in Insight ID 17 error returns.
By default Symantec Protection Engine logging does not log successful scans. To determine if the above scenario applies please ensure that logging is set to "Verbose" level and that all Portable Executable (PE) files are resulting in Insight ID 17.