IT Consultant Group

 View Only
  • 1.  How calculate Sonar Risk

    Posted Apr 03, 2015 12:48 PM

    Hello

    I want to clarify SONAR. I know that SONAR work on executable files.

    For Sonar detection I have question about

    • Sonar risk level
    • Sesitivity
    • Detection Score

    Sonar Risk level corespondig High risk detection on Scan Details or Suspicious Behavior Detection or not ?

    How is calculate sesitivity and  Detection Score?

    SONAR.jpg



  • 2.  RE: How calculate Sonar Risk

    Posted Apr 03, 2015 12:51 PM

    This is proprietary information within Symantec. They have algorithms in place to do this and isn't something released publicly. The only setting you can change within the policy is to set the detection level for High and Low risks but there is no infor to say what is considered high or low.



  • 3.  RE: How calculate Sonar Risk

    Posted Apr 03, 2015 12:57 PM

    I understand but I  want know same more daitails about this



  • 4.  RE: How calculate Sonar Risk

    Posted Apr 03, 2015 01:02 PM

    As I said this info isn't public.

    Perhaps support can shed more light on it.

    What is available:

    About SONAR

    About the files and applications that SONAR detects

    Managing SONAR

    Handling and preventing SONAR false positive detections



  • 5.  RE: How calculate Sonar Risk

    Trusted Advisor
    Posted Apr 07, 2015 06:06 AM

    Hello,

    SONAR has the following dependencies:

    • Download Protection must be installed.

    • Auto-Protect must be enabled.

      If Auto-Protect is disabled, SONAR loses some detection functionality and appears to malfunction on the client. SONAR can detect heuristic threats, however, even if Auto-Protect is disabled.

    • Insight lookups must be enabled.

      Without Insight lookups, SONAR can run but cannot make detections. In some rare cases, SONAR can make detections without Insight lookups. If Symantec Endpoint Protection has previously cached reputation information about particular files, SONAR might use the cached information.

    Insight Lookup uses the latest definitions from the cloud and the Insight reputation database to make decisions about files. If you disable Insight lookups, Insight Lookup uses the latest definitions only to make decisions about files.

    Insight Lookup also uses the Automatically trust any file downloaded from an intranet website option.

    NOTE: Insight Lookup uses the configured Insight Lookup slider level value to evaluate the files that were downloaded from a supported portal. If the files were not downloaded from a supported portal, then Insight Lookup detects them only if they have the worst reputation (similar to level 1).

    Check these Articles:

    Managing SONAR

    http://www.symantec.com/docs/HOWTO80929

    Adjusting SONAR settings on your client computers

    http://www.symantec.com/docs/HOWTO80972

    Regards,