About the files and applications that SONAR detects
|Article:HOWTO55292|||||Created: 2011-06-29|||||Updated: 2011-12-17|||||Article URL http://www.symantec.com/docs/HOWTO55292|
SONAR uses a heuristics system that leverages Symantec's online intelligence network with proactive local monitoring on your client computers to detect emerging threats. SONAR also detects changes or behavior on your client computers that you should monitor.
SONAR does not make detections on application type, but on how a process behaves. SONAR acts on an application only if that application behaves maliciously, regardless of its type. For example, if a Trojan horse or keylogger does not act maliciously, SONAR does not detect it.
If you disable Auto-Protect, you limit SONAR's ability to make detections of high and low risk files. If you disable Insight lookups (reputation queries), you also limit the SONAR's detection capability.
See Managing SONAR
Article URL http://www.symantec.com/docs/HOWTO55292