Endpoint Protection

 View Only

  • 1.  Proactive Threat Protection and Indicators of Compromise

    Posted Feb 24, 2015 02:31 AM

    Hi,

    How actually does the Proactive Threat Protection (zero day protection) of SEP work? does it make use of indicators of compromise (such as those from openIOC) to detect malware and malicious activities? Or is it the Anti virus component that already is openIOC compliant?

    thanks



  • 2.  RE: Proactive Threat Protection and Indicators of Compromise

    Posted Feb 24, 2015 02:36 AM

    Read the article

    Symantec Endpoint Protection 12.1 SONAR - Proactive Threat Protection or Download Insight False Positive Corrections

    Article:TECH168849  |  Created: 2011-09-05  |  Updated: 2014-09-16  |  Article URL http://www.symantec.com/docs/TECH168849


  • 3.  RE: Proactive Threat Protection and Indicators of Compromise

    Posted Feb 24, 2015 03:01 AM

    SONAR is a real-time protection that detects potentially malicious applications when they run on your computers. SONAR provides "zero-day" protection because it detects threats before traditional virus and spyware detection definitions have been created to address the threats

    About SONAR

    Article:HOWTO81392 | Created: 2012-10-25 | Updated: 2014-09-21 | Article URL http://www.symantec.com/docs/HOWTO81392

    Symantec Endpoint Protection 12.1 SONAR - Proactive Threat Protection or Download Insight False Positive Corrections

    Article:TECH168849 | Created: 2011-09-05 | Updated: 2014-09-16 | Article URL http://www.symantec.com/docs/TECH168849

    Managing SONAR

    Article:HOWTO81373 | Created: 2012-10-25 | Updated: 2014-09-21 | Article URL http://www.symantec.com/docs/HOWTO81373


  • 4.  RE: Proactive Threat Protection and Indicators of Compromise

    Posted Feb 24, 2015 06:35 AM

    SONAR is a real-time protection that detects potentially malicious applications when they run on your computers. SONAR provides "zero-day" protection because it detects threats before traditional virus and spyware detection definitions have been created to address the threats.

    SONAR uses heuristics as well as reputation data to detect emerging and unknown threats. SONAR provides an additional level of protection on your client computers and complements your existing Virus and Spyware Protection, intrusion prevention, and firewall protection.

    SONAR uses a heuristics system that leverages Symantec's online intelligence network with proactive local monitoring on your client computers to detect emerging threats. SONAR also detects changes or behavior on your client computers that you should monitor.

    Note:

    Auto-Protect also uses a type of heuristic that is called Bloodhound to detect suspicious behavior in files.

    SONAR might inject some code into the applications that run in Windows user mode to monitor them for suspicious activity. In some cases, the injection might affect the application performance or cause problems with running the application. You can create an exception to exclude the file, folder, or application from this type of monitoring.

     

    http://www.symantec.com/docs/HOWTO81392