Hello,
SONAR has the following dependencies:
-
Download Protection must be installed.
-
Auto-Protect must be enabled.
If Auto-Protect is disabled, SONAR loses some detection functionality and appears to malfunction on the client. SONAR can detect heuristic threats, however, even if Auto-Protect is disabled.
-
Insight lookups must be enabled.
Without Insight lookups, SONAR can run but cannot make detections. In some rare cases, SONAR can make detections without Insight lookups. If Symantec Endpoint Protection has previously cached reputation information about particular files, SONAR might use the cached information.
Insight Lookup uses the latest definitions from the cloud and the Insight reputation database to make decisions about files. If you disable Insight lookups, Insight Lookup uses the latest definitions only to make decisions about files.
Insight Lookup also uses the Automatically trust any file downloaded from an intranet website option.
NOTE: Insight Lookup uses the configured Insight Lookup slider level value to evaluate the files that were downloaded from a supported portal. If the files were not downloaded from a supported portal, then Insight Lookup detects them only if they have the worst reputation (similar to level 1).
Check these Articles:
Managing SONAR
http://www.symantec.com/docs/HOWTO80929
Adjusting SONAR settings on your client computers
http://www.symantec.com/docs/HOWTO80972
Regards,