Monitoring SONAR detection results to check for false positives
|Article:HOWTO55026|||||Created: 2011-06-29|||||Updated: 2011-12-16|||||Article URL http://www.symantec.com/docs/HOWTO55026|
The client collects and uploads SONAR detection results to the management server. The results are saved in the SONAR log. Legacy clients do not support SONAR. Legacy clients collect similar events from TruScan proactive threat scans, however, and include them in the SONAR log.
The column tells you immediately whether a detected process is a security risk or a possible legitimate process. However, a potential risk that is found may or may not be a legitimate process, and a security risk that is found may or may not be a malicious process. Therefore, you need to look at the and columns for more information. For example, you might recognize the application name of a legitimate application that a third-party company has developed.
To monitor SONAR events
Article URL http://www.symantec.com/docs/HOWTO55026