Adjusting SONAR settings on your client computers

Article:HOWTO55258  |  Created: 2011-06-29  |  Updated: 2011-12-16  |  Article URL http://www.symantec.com/docs/HOWTO55258
Article Type
How To


Subject


Adjusting SONAR settings on your client computers

You might want to change the SONAR actions to reduce the rate of false positive detections. You might also want to change the SONAR actions to change the number of detection notifications that appear on your client computers.

Note:

The settings for SONAR notifications are also used for TruScan proactive threat scan notifications.

See Managing SONAR

See Creating exceptions for Symantec Endpoint Protection.

Configuring SONAR settings

  1. In the Virus and Spyware Protection policy, select SONAR.

  2. Make sure that Enable SONAR is checked.

  3. Under Scan Details, change the actions for high or low risk heuristic threats.

    You can enable aggressive mode for low risk detections. This setting increases SONAR sensitivity to low risk detections. It might increase the false positive detections.

  4. Optionally change the settings for the notifications that appear on your client computers.

    The SONAR settings also control notifications for TruScan proactive threat scans.

  5. Under System Change Events, change the action for either DNS change detected or Host file change detected.

    Warning:

    If you set the action to Block, you might block important applications on your client computers.

    For example, if you set the action to Block for DNS change detected, you might block VPN clients. If you set the action to Block for Host file change detected, you might block your applications that need to access the host file.

  6. Under Suspicious Behavior Detection, change the action for high or low risk detections.

  7. Click OK.


Legacy ID



v44072025_v59371754


Article URL http://www.symantec.com/docs/HOWTO55258


Terms of use for this information are found in Legal Notices