Endpoint Protection

I am developing a Visual Basic program to manage the encryption of laptop computers.  This program uses the Win32_EncryptableVolume class to manage the TPM and Disk Encryption.  Additionally, it only performs certain tasks when it is connected to the network.  Just as I finished the program, Symantec is now quarantining the program calling it Bloodhound.Sonar.9.   We were intending to use the program on hundreds of computers.  Any ideas what I should do to avoid this?  Are there certain programming algorithms that trigger this alert?

You can have it whitelisted here:

https://submit.symantec.com/whitelist/isv/

You can also set it as an exception so it will no longer be detected.

See this KB article relating to SONAR:

https://www.symantec.com/business/support/index?page=content&id=HOWTO55258

Hello,

Bloodhound.Sonar.9 is a heuristic detection for processes based on certain attributes.

http://www.symantec.com/security_response/writeup.jsp?docid=2011-122605-0918-99

Files that are detected as Bloodhound.Sonar.9 may be malicious. We suggest that you submit any such files to Symantec Security Response. For instructions on how to do this using Scan and Deliver, read Submit Virus Samples.

Submitting suspicious files to Symantec allows us to ensure that our protection capabilities keep up with the ever-changing threat landscape. Submitted files are analyzed by Symantec Security Response and, where necessary, updated definitions are immediately distributed through LiveUpdate™ to all Symantec end points. This ensures that other computers nearby are protected from attack. The following resources may help in identifying suspicious files for submission to Symantec.

• Locate a sample of a threat
• Submit a suspicious file to Symantec
• Best Practice when Symantec Endpoint Protection or Symantec AntiVirus is Detecting a File that is Believed to be Safe
• About managing false positives detected by TruScan proactive threat scans

In case, you want to Whitelist an Application, then check this Article:

Software developer would like to add his/her software to the Symantec White-List.

http://www.symantec.com/docs/TECH132220

Hope that helps!!