Symantec Endpoint Protection 14 utilizes new and improved Reputation checks to further aid in our Proactive Threat Protection in determining what files may pose a risk to a client system. It's important to understand how these requests are made to understand associated network overhead and security issues based on contacting Symantec for reputation information.
The average size of reputation request is 3KB.
Data in a reputation request:
SEP engine making the reputation request
Hash of the file (SHA256 and MD5)
Additional data, if applicable or available:
Company name from signature
URL (and corresponding IP address)
Once a request is made, the result of that request is stored locally. The local reputation database is typically 4 to 6MB in size, but may grow to 20MB if hundreds of applications are installed on the client.
Repeat reputation requests to Symantec are only made when a file is considered to be untrustworthy and SEP determines that the trust level requires rechecking.