Endpoint Protection Small Business Edition

 View Only

  • 1.  Sonar Scan and Auto Protect

    Posted Mar 13, 2013 03:07 AM

    Hi guys,

    So we have Auto-Protect that continuously inspects files as they are written to or read from a computer and SONAR scans that offers real-time protection against zero-day attacks stops attacks before traditional signature-based definitions detect a threat.

    Currently on my environment Sonar Scan is not active.

    Question

    Are there any known issues with regards to Sonar Scans on the Windows servers that I need to know of before I enable it on my environment?

    If Auto Protect is enabled do I really need to enable Sonar scan?

    Interms of perfomance on the workstations and servers is there any impact as Im going to have Auto Protect continuously scanning files as they are modified and Sonar scan also scanning files in real-time?

    Can I get clarity on this.... aswell as the benefits of having both scans running of the environment and also keeping in mind the Scheduled Antivirus and Antispyware scans.

     

    Thank you

     

     

     

     



  • 2.  RE: Sonar Scan and Auto Protect

    Posted Mar 13, 2013 03:36 AM

    AP work with definitions.

    sonar will give protection against Zero day threat.

    AP works with bloodhound heuristics

     SONAR uses reputation data in addition to heuristics to make detections

    you can change some settings if performance is hindered.

    I have not seen any issues when these two are running

     

    There are some dependency with respect to SONAR. Check this document

     

    How Symantec Endpoint Protection protection features work together

    http://www.symantec.com/business/support/index?page=content&id=HOWTO55268


  • 3.  RE: Sonar Scan and Auto Protect

    Posted Mar 13, 2013 11:30 AM

    Sonar provides additional level of protection next to Autoprotect :

    SONAR provides "zero-day" protection because it detects threats before traditional virus and spyware detection definitions have been created to address the threats.

     

    About SONAR

    http://www.symantec.com/docs/HOWTO81392



  • 4.  RE: Sonar Scan and Auto Protect

    Posted Mar 13, 2013 11:44 AM

    SONAR is supported on servers. It may be best to test before putting into production if you can, however it should work fine.

    It doesn't use the standard signature definitions. Instead it uses behavioral analysis or heuristics to detect unknown or zero day threats.



  • 5.  RE: Sonar Scan and Auto Protect

    Trusted Advisor
    Posted Mar 15, 2013 12:52 PM

    Hello,

    SONAR offers real-time protection against zero-day attacks. SONAR can stop attacks even before traditional signature-based definitions detect a threat. SONAR uses heuristics as well as file reputation data to make decisions about applications or files.

    Like proactive threat scans, SONAR detects keyloggers, spyware, and any other application that might be malicious or potentially malicious.

    Note: SONAR is only supported on Windows computers that run Symantec Endpoint Protection version 12.1 and later.

    See About SONAR.

    Information on Symantec Endpoint Protection Scans

    https://www-secure.symantec.com/connect/articles/information-symantec-endpoint-protection-scans

    Reference: 

    About the types of scans and real-time protection

    http://www.symantec.com/docs/HOWTO55226

    Hope that helps!!