Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Bloodhound.Sonar.9 - false positive

Created: 23 Oct 2012 • Updated: 10 Dec 2012 | 2 comments
This issue has been solved. See solution.

I am developing a Visual Basic program to manage the encryption of laptop computers.  This program uses the Win32_EncryptableVolume class to manage the TPM and Disk Encryption.  Additionally, it only performs certain tasks when it is connected to the network.  Just as I finished the program, Symantec is now quarantining the program calling it Bloodhound.Sonar.9.   We were intending to use the program on hundreds of computers.  Any ideas what I should do to avoid this?  Are there certain programming algorithms that trigger this alert?

Comments 2 CommentsJump to latest comment

.Brian's picture

You can have it whitelisted here:

https://submit.symantec.com/whitelist/isv/

You can also set it as an exception so it will no longer be detected.

See this KB article relating to SONAR:

https://www.symantec.com/business/support/index?pa...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
Mithun Sanghavi's picture

Hello,

Bloodhound.Sonar.9 is a heuristic detection for processes based on certain attributes.

http://www.symantec.com/security_response/writeup.jsp?docid=2011-122605-0918-99

Files that are detected as Bloodhound.Sonar.9 may be malicious. We suggest that you submit any such files to Symantec Security Response. For instructions on how to do this using Scan and Deliver, read Submit Virus Samples.

Submitting suspicious files to Symantec allows us to ensure that our protection capabilities keep up with the ever-changing threat landscape. Submitted files are analyzed by Symantec Security Response and, where necessary, updated definitions are immediately distributed through LiveUpdate™ to all Symantec end points. This ensures that other computers nearby are protected from attack. The following resources may help in identifying suspicious files for submission to Symantec.

In case, you want to Whitelist an Application, then check this Article:

Software developer would like to add his/her software to the Symantec White-List.

http://www.symantec.com/docs/TECH132220

 

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.