Managing False positives detected by SONAR
New SONAR technology (SEP12.1) is nice, but after more than 6 months, false positive detections are very high (more than 50% according to virus total).
An idea to manage those SONAR detection would be to add a specific action for them: "Submit to Symantec" (and don't delete !). Or maybe "Copy it to quarantine" but don't delete the files. By copying it to quarantine, we will be able to get the file from a central quarantine and then made specific actions (anaylse, submit to Symantec, ...).