Endpoint Protection

 View Only

  • 1.  SONAR and winsock

    Posted Aug 08, 2013 02:47 AM

    Hey,

    I have Norton Internet Security 2012 installed on my Win7 system.

    I'm a student and I have homework to do in simple networking. When I create a program using VisualStudio 2012 using winsock, as soon as the program opens a connection SONAR deleted the file and says it acted suspiciously.

    Why is that?

    How can I avoid this?

    Thanks.



  • 2.  RE: SONAR and winsock

    Posted Aug 08, 2013 03:28 AM

    You need to create exception for those programs

    Not sure if you have permissions to do that, Try these documents

    Handling and preventing SONAR false positive detections

    Creating exceptions for Symantec Endpoint Protection

     



  • 3.  RE: SONAR and winsock

    Posted Aug 08, 2013 04:27 AM

    Hi,

    Handling and preventing SONAR false positive detections

    SONAR might make false positive detections for certain internal custom applications. Also, if you disable Insight lookups, the number of false positives from SONAR increases.

    You can change SONAR settings to mitigate false positive detections in general. You can also create exceptions for a specific file or a specific application that SONAR detects as a false positive.

    You can also adjust settings and create exceptions for TruScan proactive threat scans, which run on legacy clients. S.

    Warning:

    If you set the action for high risk detections to log only, you might allow potential threats on your client computers.

    Table: Handling SONAR false positives

    Task

    Description

    Log SONAR high risk heuristic detections and use application learning

    You might want to set detection action for high risk heuristic detections to Log for a short period of time. Let application learning run for the same period of time. Symantec Endpoint Protection learns the legitimate processes that you run in your network. Some true detections might not be quarantined, however.

    After the period of time, you should set the detection action back to Quarantine.

    Note:

    If you use aggressive mode for low risk heuristic detections, you increase the likelihood of false positive detections. Aggressive mode is disabled by default.

    Create exceptions for SONAR to allow safe applications

    You can create exceptions for SONAR in the following ways:

    ·         Use the SONAR log to create an exception for an application that was detected and quarantined

    You can create an exception from the SONAR log for false positive detections. If the item is quarantined, Symantec Endpoint Protection restores the item after it rescans the item in the Quarantine. Items in the Quarantine are rescanned after the client receives updated definitions.

    ·         Use an Exceptions policy to specify an exception for a particular folder or application

    You can exclude an entire folder from SONAR detection. You might want to exclude the folders where your custom applications reside.

    Specific file exceptions by path are not supported for SONAR. To exclude a file from SONAR, use an application exception.

     

    Regards

    Ajin

     



  • 4.  RE: SONAR and winsock

    Posted Aug 08, 2013 05:14 AM

    Hello,

    SONAR is meant to detect unknown applications, they might be a virus...

    Because it is your own application, you need to set an exception for that. For further details on how to do it, please, refer to NIS 2012 manual or open a thread in the proper forum for NIS, this forum is for the AV solution for enterprises, another product.



  • 5.  RE: SONAR and winsock

    Posted Aug 08, 2013 05:53 AM

    For better visibility, you may want to post this in the Norton community

    http://community.norton.com/