Endpoint Protection Manager sends "File Reputation Lookup Alert" error notification
search cancel

Endpoint Protection Manager sends "File Reputation Lookup Alert" error notification

book

Article ID: 215124

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

The Symantec Endpoint Protection Manager (SEPM) is emailing the "File reputation lookup alert" concerning some endpoints.

Sample email: 

-------------------------------------------------------------------------------------------------------

 Message from:     Server name: servername     Server IP: x.x.x.x     Administrator Email: [email protected] 

Message from: 
    Server name: servername
    Server IP: x.x.x.x 
    Administrator Email: [email protected] 
    Company Name: Broadcom

4 computer reported file reputation lookup issues. 

 Symantec Endpoint Protection  
  
File Reputation Detection Triggering Notification on 05/13/2021 03:03:32  

Updated since 05/12/2021 03:03:00     

Computer
Current User
IP Address  Domain Name 
 Server Name 
 Group Name  Product Version  File Reputation Detection   Event Time  
 computername 
 admin 
 x.x.x.x   Default 
 servername 
 My Company\Servers\  14.3.1148.0100  Reputation check for unproven files failed because of network errors for the last 3 days.  05/13/2021 01:35:01 

-------------------------------------------------------------------------------------------------------

Cause

We check many files a day on every endpoint, and a rare occasional failures is not uncommon. It can be a timeout of the submission, where the server doesn't respond in a timely manner, or the client might have little bandwidth at the time of submission.

The other cause can be there is no internet connection at all on the client or connection to Reputation server is not working.

Resolution

File Reputation lookup alert is one of the preconfigured notifications.

Verify the communication with Symantec Reputation server.

If there is no internet connection on the client or connection to reputation server is not working/cannot be allowed, disable the Submissions as follows from SEPM:
- Click on Clients, go to Policies > Settings > External Communications > Client Submissions.
- To change the Insight lookups setting on the Windows client
Change Settings > Client Management > Submissions.

This notification can be also disabled on SEPM by unchecking "Log the notification" option.

If the frequent emails are bothersome, it can be disabled by unchecking the "Send email to system administrators" option.

Navigate to SEPM --> Monitor --> Notifications --> Notifications Conditions

Powered by Wolken Software