Endpoint Protection

 View Only

  • 1.  Zero day threat

    Posted Mar 04, 2013 07:25 AM

    What is the zero day threat vernability in sonar?



  • 2.  RE: Zero day threat

    Posted Mar 04, 2013 07:28 AM

     

    SONAR is a real-time protection that detects potentially malicious applications when they run on your computers. SONAR provides "zero-day" protection because it detects threats before traditional virus and spyware detection definitions have been created to address the threats.

    SONAR uses heuristics as well as reputation data to detect emerging and unknown threats. SONAR provides an additional level of protection on your client computers and complements your existing Virus and Spyware Protection, intrusion prevention, and firewall protection.

    SONAR uses a heuristics system that leverages Symantec's online intelligence network with proactive local monitoring on your client computers to detect emerging threats. SONAR also detects changes or behavior on your client computers that you should monitor.

    About SONAR

    http://www.symantec.com/business/support/index?page=content&id=HOWTO81392



  • 3.  RE: Zero day threat

    Posted Mar 04, 2013 07:39 AM

    SONAR uses heuristics or "behavioral analysis" to determine a potential threat. It will examine the file for malware like characteristics (opening backdoors, file injections, etc) so it will not rely on signature based file detections.



  • 4.  RE: Zero day threat

    Posted Mar 04, 2013 07:39 AM

     

    Hi,

    Please check About SONAR..

     

    Article:HOWTO81392  |  Created: 2012-10-25  |  Updated: 2012-10-27  |  Article URLhttp://www.symantec.com/docs/HOWTO81392

    Re-Edit
    Managing SONAR

     

    Article:HOWTO55215  |  Created: 2011-06-29  |  Updated: 2011-12-17  |  Article URLhttp://www.symantec.com/docs/HOWTO55215

    Configuring TruScan proactive threat scan settings for legacy clients

     

    Article:HOWTO55255  |  Created: 2011-06-29  |  Updated: 2011-12-17  |  Article URLhttp://www.symantec.com/docs/HOWTO55255

    About adjusting TruScan settings for legacy clients

     

    Article:HOWTO55257  |  Created: 2011-06-29  |  Updated: 2011-12-17  |  Article URLhttp://www.symantec.com/docs/HOWTO55257

    Find the attach thread for your knowledge

    https://www-secure.symantec.com/connect/forums/sep-121-sonar-definitions

    https://www-secure.symantec.com/connect/forums/manually-update-sonar-definitions

    https://www-secure.symantec.com/connect/forums/where-are-truscan-logs-sepm-12



  • 5.  RE: Zero day threat

    Posted Mar 05, 2013 12:34 AM

    Hi,

    Have you recieved your answer..



  • 6.  RE: Zero day threat

    Posted Mar 06, 2013 12:01 PM

    Thanks Ashish and Brian for reply.

    Ambesh- I think you have not read my question before repplying on it. My question is What is the zero day threat vernability?



  • 7.  RE: Zero day threat
    Best Answer

    Posted Mar 07, 2013 04:27 AM

    You can find some more information here:

    http://www.symantec.com/threatreport/topic.jsp?id=vulnerability_trends&aid=zero_day_vulnerabilities

    http://en.wikipedia.org/wiki/Zero-day_attack

     

    Zero-Day Vulnerabilities

    Background

    Zero-day vulnerabilities are vulnerabilities against which no vendor has released a patch. The absence of a patch for a zero-day vulnerability presents a threat to organizations and consumers alike, because in many cases these threats can evade purely signature-based detection until a patch is released. The unexpected nature of zero-day threats is a serious concern, especially because they may be used in targeted attacks and in the propagation of malicious code.

    Methodology

    Zero-day vulnerabilities are a sub-set of the total number of vulnerabilities documented over the reporting period. A zero-day vulnerability is one that appears to have been exploited in the wild prior to being publicly known. It may not have been known to the affected vendor prior to exploitation and, at the time of the exploit activity, the vendor had not released a patch. The data for this section consists of the vulnerabilities that Symantec has identified that meet the above criteria.

     



  • 8.  RE: Zero day threat

    Posted Mar 07, 2013 04:47 AM

     

    Thanks Sebastian,

    That is the actuall information which i required.