I believe so.
My email notifications contain this:
At least one security risk found:
Risk name: (Unknown)
File path: c:\app\myapplication.exe
Source: Heuristic Scan
Action taken on risk: Left alone
When I log onto the SEP Remote Console, > Monitors > Logs > Log type: SONAR > View Logs...
I see a large number of events on these files on a dozen or so systems from several different types of events.
Potential risk found (Left alone) | Detection Type Unknown > Details >
Category set: Malware
Category type: Heuristic Virus
Actual action: Left alone
Specified primary action: Leave alone (log only)
Specified secondary action: Leave alone (log only)
Detection source: SONAR
Risk detection method: Unknown
URL tracking: Unknown
Source computer:
Event type: Potential risk found
Permitted application reason: Not on the permitted application list
Forced SONAR threat detected (Left alone) Detection Type Unknown > Details >
Risk InformationRisk name:
Risk severity: 1
Discovered: Unknown
Category set: Malware
Category type: Heuristic Virus
Actual action: Left alone
Specified primary action: Leave alone (log only)
Specified secondary action: Forced detection using file name
Detection source: SONAR
Risk detection method: Unknown
URL tracking: Unknown
Source computer:
Event type: Forced SONAR threat detected
Permitted application reason: Not on the permitted application list
There are also a number of events for Risk sample submitted to Symantec for these files.
I have verfiied these PCs are running 11 and that the filename and application exceptions are present for these EXEs.