Hi All,

I have three questions :

1)  What is the major difference between Sonar and auto protect?

2)  what are the type of threats that SEP Endpoint protection treats

3)  Is that SEP Endpint protection is compatible with System center 2012 Endpoint Protection?

Thanks for your answers

1)  What is the major difference between Sonar and auto protect?

SONAR: is heuristic scanning.

about SONAR

http://www.symantec.com/business/support/index?page=content&id=HOWTO80968

Auto protect : scan the files in real time.

about typoes of auto protect

http://www.symantec.com/business/support/index?page=content&id=HOWTO80944

2)  what are the type of threats that SEP Endpoint protection treats

It detects the malwares. is there anything you specifically looking for.

3)  Is that SEP Endpint protection is compatible with System center 2012 Endpoint Protection?

No 2 AV should be installed on machine.

Hi pete_4u2002

I just noticed that when i have installed System center 2012 End point protection, it detected many virus that SEP haven't detected. How can you explain it?

Regards.

What to do when a competitor's antivirus, adware scanner, or spyware scanner detects a threat that Symantec AntiVirus does not detect

Hello,

Questions and Answers - 

1)  What is the major difference between Sonar and auto protect?

Check this Article:

https://www-secure.symantec.com/connect/articles/information-symantec-endpoint-protection-scans

2)  what are the type of threats that SEP Endpoint protection treats

All type of Malwares.

Security Best Practices for stopping malware and other threats    

http://www.symantec.com/theme.jsp?themeid=stopping...

3)  Is that SEP Endpint protection is compatible with System center 2012 Endpoint Protection?

Running more then one antivirus program on the same computer is not recommended. You may experience a false positive detection in one of the antivirus programs in this situation.

Risks of using more than one antivirus program

Antivirus and antispyware programs are generally written with the expectation that they will interrupt actions taken by other programs, in the interest of security. If more than one such program is running, there are a number of ways in which they can interfere with each other.

To give a simple example, suppose that antivirus scanners A and B are installed on a computer. Program A copies a file to a temporary location for scanning. Program B notices the file activity, and copies the file from program A's temporary location to its own. Program A notices that file activity and makes another copy, and so an infinite loop forms. This could end with the computer running out of memory or hard drive space, hangs or crashes in the antivirus scanners, or other undesirable behaviors.

Check this Article:

Should you run more than one antivirus program at the same time?

http://www.symantec.com/docs/TECH104806

4) I just noticed that when i have installed System center 2012 End point protection, it detected many virus that SEP haven't detected. How can you explain it?

You may be interested in checking these articles:

What to do when a competitor's antivirus, adware scanner, or spyware scanner detects a threat that Symantec AntiVirus does not detect

http://www.symantec.com/docs/TECH99494

What to do when you suspect that a Symantec AntiVirus product is not detecting viruses

http://www.symantec.com/docs/TECH99222

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-help-symhelp-tool-how-do-we-collect-suspicious-files-and-submit-same-symante

Could you please zip each of those files detected by Third party Antivirus and submit the zip files (without password) to the Symantec Security Response Team on :

https://submit.symantec.com/websubmit/essential.cgi

We also offer a self-service site to analyze files, at http://www.threatexpert.com, which can give you more information on the files you submit to it.

Hope that helps!!

Hello,

1)  What is the major difference between Sonar and auto protect?

--> SONAR is the latest technology used in SEP 12.1. While autoprotect is use in SEP 11 & SEP 12.1 platform.

2)  what are the type of threats that SEP Endpoint protection treats

--> There is no thumb rule for it. It' totally depend upon database what Symantec maintain, like reputation database, Download protection etc.

3)  Is that SEP Endpint protection is compatible with System center 2012 Endpoint Protection?

--> System center 2012 is Symnatec product? Another antivirus product?

Hi All,

I have three questions :

1)  What is the major difference between Sonar and auto protect?

Sonar is a honeypot system (http://en.wikipedia.org/wiki/Honeypot_(computing)), designed to detect the behavior of new, unknown viruses and malware and submit them to Symantec for review.  It is a big help for companies like Symantec against zero-day threats, that they do not currently have in their auto protect detection database.

Auto protect is the tradition definition based antivirus solution that Symantec has incorporated into Symantec Endpoint.  Without auto protect, Sonar is for the most part useless as it will not be able to recognize all of the various attacks.

Sonar is a product meant to enhance auto protect.  Auto protect is most definetly needed for protection, Sonar is a complemtary product.

2)  what are the type of threats that SEP Endpoint protection treats

Most virus and malware files that Symantec has current definitions for.  Also, the intrusion protection protects against network and internet based attacks that Symantec has defintions for.

3)  Is that SEP Endpint protection is compatible with System center 2012 Endpoint Protection?

System Center 2012 Endpoint Protection is the successor of Microsoft's Forefront Antimalware detection (http://en.wikipedia.org/wiki/Microsoft_Forefront) and is the business version of Microsoft Security Essentials (http://en.wikipedia.org/wiki/Microsoft_Security_Essentials)

System Center 2012 Endpoint Protection is a Microsoft standlone antivirus product.  As such, running it and the full Symantec Endpoint Protection at the same time will have disasterous results.  Both have an autoprotect module that will both attempt to scan system changes simultaneously and this will result in cpu usage and memory issues.

System Center 2012 Endpoint Protection can be used with the Intrusion Protection System from Symantec Endpoint or the Symantec Endpoint firewall and Intrusion Protection System can be used instead of the Microsoft firewall, if a person is looking for a two vendor security approach.

Symantec's auto protect and Sonar can not be used with System Center 2012 Endpoint Protection thought and using the two together would likely result in disasterous results for a user, as mentioned earler.  Sonar specifically can not be used with System Center 2012 Endpoint Protection because it relies on Symantec Endpoint's autoprotect.  As mentioned earler, using autoprotect from Symantec Endpoint with System Center 2012 Endpoint Protection is a horrible idea.