Adjusting SONAR settings on your client computers
|Article:HOWTO80972|||||Created: 2012-10-24|||||Updated: 2013-01-30|||||Article URL http://www.symantec.com/docs/HOWTO80972|
You might want to change the SONAR actions to reduce the rate of false positive detections. You might also want to change the SONAR actions to change the number of detection notifications that appear on your client computers.
The settings for SONAR notifications are also used for TruScan proactive threat scan notifications.
To adjust SONAR settings on your client computers
In the Virus and Spyware Protection policy, select SONAR.
Make sure that Enable SONAR is checked.
Under Scan Details, change the actions for high or low risk heuristic threats.
You can enable aggressive mode for low risk detections. This setting increases SONAR sensitivity to low risk detections. It might increase the false positive detections.
Optionally change the settings for the notifications that appear on your client computers.
The SONAR settings also control notifications for TruScan proactive threat scans.
Under System Change Events, change the action for either DNS change detected or Host file change detected.
The Prompt action might result in many notifications on your client computers. Any action other than Ignore might result in many log events in the console and email notifications to administrators.
If you set the action to Block, you might block important applications on your client computers.
For example, if you set the action to Block for DNS change detected, you might block VPN clients. If you set the action to Block for Host file change detected, you might block your applications that need to access the host file. You can use a DNS or host file change exception to allow a specific application to make DNS or host file changes.
Under Suspicious Behavior Detection, change the action for high or low risk detections.
See Managing SONAR
Article URL http://www.symantec.com/docs/HOWTO80972