SONAR False Positive
The issue described below is on all Windows XP SP3 machines and Symantec Endpoint Protection 12.1 RU1.
We have an in house developed application that was recently changed/upgraded and deployed to about 500 machines. What is weird is about 75% of the machines detected the application as a (Unknown) Trojan Worm by SONAR, and the other 25% were fine with the application. I verfied that all 500 have the same policies definitions etc.
Is this normal for SONAR to do something like this?