How to configure SONAR to prevent false positive detections ?
SONAR is a real-time protection that detects potentially malicious applications when they run on your computers. SONAR provides "zero-day" protection because it detects threats before traditional virus and spyware detection definitions have been created to address the threats. SONAR uses heuristics as well as reputation data to detect emerging and unknown threats. SONAR provides an additional level of protection on your client computers and complement your existing Virus and Spyware Protection, intrusion prevention, and firewall protection.
SONAR might make false positive detections for certain internal custom applications. Also, if you disable Insight lookups, the number of false positives from SONAR increases.
We can change SONAR settings to mitigate false positive detections in general. We can also create exceptions for a specific file or a specific application that
SONAR detects as a false positive. You can also adjust settings and create exceptions for TruScan proactive threat scans, which run on legacy clients.
To change SONAR settings
1 In the client, in the sidebar, click Change settings.
2 Next to Proactive Threat Protection, click Configure Settings
3 On the SONAR tab, change the actions for high risk or low risk heuristic threats.
( We can enable aggressive mode for low risk detections. This setting increases
SONAR sensitivity to low risk detections. It might increase the false positive detections.)
4 Optionally, change the notification settings.
5 On the Suspicious Behavior Detection tab, change the action for high risk or low risk detections. SONAR makes these detections when trusted files are associated with suspicious behavior.
6 On the System Change Events tab, change the scan action for detections of changes to the DNS server settings or a host file.
7 Click OK.