After upgrading to Symantec Endpoint Protection 14.3 RU5 an increase of Unproven.Insight detections are being quarantined in the environment.
Symantec Endpoint Protection 14.3 RU5
Prior to 14.3 RU5, if Network Intrusion Prevention was not installed the Download Insight (DI) sensitivity level would be restricted to <1>. At DI sensitivity level <1> only items with an ultra-high confidence level of malicious are detected and blocked.
In 14.3 RU5, this restriction was eliminated which means DI now follows the level defined within the policy. In most cases, this means the level is now at <5>. This means that unproven files may be detected by DI.
There are options available to tune DI to meet the environment's needs: