|Article:HOWTO81373|||||Created: 2012-10-25|||||Updated: 2013-08-20|||||Article URL http://www.symantec.com/docs/HOWTO81373|
You configure SONAR settings for the clients that run Symantec Endpoint Protection Small Business Edition version 12.1. SONAR settings also include TruScan proactive threat scan settings for legacy clients. Many of the settings can be locked so that users on client computers cannot change the settings.
Table: Managing SONAR
Learn how SONAR works
Learn how SONAR detects unknown threats. Information about how SONAR works can help you make decisions about using SONAR in your security network.
See About SONAR.
Check that SONAR is enabled
To provide the most complete protection for your client computers you should enable SONAR. SONAR interoperates with some other Symantec Endpoint Protection Small Business Edition features. SONAR requires Auto-Protect.
You can use the Computers tab to check whether Proactive Threat Protection is enabled on your client computers.
Check the default settings for SONAR
SONAR settings are part of a Virus and Spyware Protection policy.
Make sure that Insight lookups are enabled
SONAR uses reputation data in addition to heuristics to make detections. If you disable Insight lookups, SONAR makes detections by using heuristics only. The rate of false positives might increase, and the protection that SONAR provides is limited.
You enable or disable Insight Lookups in the Submissions dialog.
Monitor SONAR events to check for false positive detections
You can use the SONAR log to monitor events.
You can also view the SONAR Detection Results report (under Risk Reports) to view information about detections.
Prevent SONAR from detecting the applications that you know are safe
SONAR might detect the files or applications that you want to run on your client computers. You can use an Exceptions policy to specify exceptions for the specific files, folders, or applications that you want to allow. For the items that SONAR quarantines, you can create an exception for the quarantined item from the SONAR log.
Prevent SONAR from examining some applications
In some cases an application might become unstable or cannot run when SONAR injects code into the application to examine it. You can create a file, folder, or application exception for the application.
Allow clients to submit information about SONAR detections to Symantec
Symantec recommends that you enable submissions on your client computers. The information that clients submit about detections helps Symantec address threats. The information helps Symantec create better heuristics, which results in fewer false positive detections.
Article URL http://www.symantec.com/docs/HOWTO81373