Endpoint Protection

 View Only

  • 1.  Endpoint without SONAR

    Posted Jul 23, 2014 11:14 AM

    I've installed Endpoint Protection 12.1 on some clients machines and they're complaining it's making them run very slowly (they are quite old machines, and running Windows XP)

    I decided to turn off the Proactive threat prevention features from the client options and apparently this has made a significant improvement.

    How effective is EP without SONAR running? I've read several articles like this http://en.wikipedia.org/wiki/SONAR_(Symantec) about SONAR but how safe is the system with only the basic AV feature enabled? Does the basci AV in EP only look for viruses when a scan is run or when a new files is introduced?



  • 2.  RE: Endpoint without SONAR

    Posted Jul 24, 2014 12:37 PM

    SONAR uses heuristics to find unknown or zero day threats in apps. Without it you lose this ability. Basic AV provides protection in real-tme (files accessed or modified) and scheduled scan.

    Do make sure you run both the IPS and firewall as well.



  • 3.  RE: Endpoint without SONAR

    Posted Jul 24, 2014 01:38 PM

    AV is for file, Sonar is for Processes.

    AV uses signature, Sonar mointors processes and based on there behaviour it gonna find out if its malicious or not.



  • 4.  RE: Endpoint without SONAR

    Broadcom Employee
    Posted Jul 24, 2014 02:21 PM

    Hi,

    Thank you for posting in Symantec community.

    It's not safe/recommended to run SEP without SONAR.

    SONAR uses heuristics as well as reputation data to detect emerging and unknown threats. SONAR provides an additional level of protection on your client computers and complement your existing Virus and Spyware Protection, intrusion prevention, and firewall protection.

    About SONAR

    http://www.symantec.com/docs/HOWTO55254

    Managing SONAR

    http://www.symantec.com/docs/HOWTO55215

    I would recommend to make further troubleshooting on this issue instead of disabling SONAR.



  • 5.  RE: Endpoint without SONAR

    Posted Jul 25, 2014 04:04 AM

    Hi Fred2k,

    AV and IPS are the two absolute "must haves" in my opinion.  Together they are responsible for about 90% of what SEP typically stops.  However, both rely upon definitions.  For brand new threats that definitions are not yet in place against, SONAR is a great tool to detect malicious processes.  It's an extra line of defenses for anything that gets past IPS and AV, and it's definitely recommended. (I recommend Download Insight and Firewall, too.)

    SONAR is not usually something that has much of an impact on performance... you may wish to perform a few studies/tests or get in touch with Tech Support.

    All the best- please keep this thread up-to-date with your progress!

    Mick