search cancel

After upgrading to 14.3 RU5 Unproven.Insight detections are noticed in the environment


Article ID: 253496


Updated On:


Endpoint Protection


After upgrading to Symantec Endpoint Protection 14.3 RU5 an increase of Unproven.Insight detections are being quarantined in the environment.


Symantec Endpoint Protection 14.3 RU5


Prior to 14.3 RU5, if Network Intrusion Prevention was not installed the Download Insight (DI) sensitivity level would be restricted to <1>.  At DI sensitivity level <1> only items with an ultra-high confidence level of malicious are detected and blocked. 

In 14.3 RU5, this restriction was eliminated which means DI now follows the level defined within the policy. In most cases, this means the level is now at <5>. This means that unproven files may be detected by DI.


There are options available to tune DI to meet the environment's needs:

  • For Unproven Files, the action can be configured to Log-Only or Ignore
  • DI sensitivity level can be configured to <4>, which allows DI to detect and block items with a medium confidence level of malicious and below
  • Submit files for whitelisting or create exceptions


Additional Information