SONAR
May 29, 2010SONAR is the abbreviation for Symantec Online Network for Advanced Response. Unlike virus signatures, SONAR examines the behavior of applications to decide whether they are malicious. SONAR is built upon technology Symantec acquired in its 2005 purchase of WholeSecurity.
How it works:
An algorithm is used to evaluate hundreds of attributes relating to software running on a computer. Various factors are considered before determining that a program is malicious, such as if the program adds a shortcut on the desktop or creates a Windows Add/Remove programs entry. Both of those factors would indicate the program is not malware. The main use of SONAR is to enhance detection of zero day threats. Symantec claims SONAR can also prevent attackers from leveraging unpatched software vulnerabilities.
Ed Kim, director of product management at Symantec, expressed confidence in SONAR, "We've done extensive testing on emerging threats, and it catches early threats and variants of existing threats."
Turn off or turn on SONAR Protection
Apr 28, 2010SONAR protects you against malicious code even before virus definitions are available through LiveUpdate. By default, SONAR protection is turned on to proactively detect unknown security risks on your computer.
When you turn off SONAR Protection, you are prompted with a protection alert. This protection alert lets you specify the amount of time for which you want SONAR Protection to be turned off.
SONAR Protection
Apr 27, 2010Symantec Online Network for Advanced Response (SONAR) provides real-time protection against threats and proactively detects unknown security risks on your computer. SONAR identifies emerging threats based on the behavior of applications. SONAR identifies quicker than the traditional signature-based threat detection techniques. SONAR detects and protects you against malicious code even before virus definitions are available through LiveUpdate.