wqpadviser.blogg.se - What is symantec endpoint protection sonar

If you disable Insight lookups, Insight Lookup uses the latest definitions only to make decisions about files.) For more information, see Customizing the virus and spyware scans that run on Windows computers.ĭownload Insight is an optional/add-on Auto-Protect feature. (When Insight Lookup is enabled, these scans use the latest definitions from the cloud and the Insight reputation database to make decisions about files. Manual and Scheduled scans can use full internal (IRON) and cloud-based community/Symantec reputation information as part of their scans, when configured to do so.

Also, Symantec Endpoint Protection SONAR can use reputation as part of its defenses.

Symantec Endpoint Protection scheduled/manual scans can use reputation, if configured to do so.

It can use reputation to block malicious downloads as part of the optional Download Insight feature.

Symantec Endpoint Protection Auto-Protect does not use full reputation with every scan.

NOTE: Socar.exe will not be convicted by SONAR unless Download Insight (Reputation) is enabled.With the specific configuration in place as described, this is working as designed. As with other detections, an Event ID 51 "Security Risk Found!" event entry appears in the Windows Application Event logs. The action taken to the socar.exe file (quarantined, log only, and so on) depends on the Symantec Endpoint Protection client's configured policy. Check the Proactive Threat Protection logs to see if socar.exe triggered an event.

Note that if Show alert upon detection is unchecked, then no on-screen pop-up will be displayed. To use Socar.exe, Download the socar.zip file from this article's Download Files section, extract all contents using the password "symantec", and then double-click Socar.exe. Detections on Endpoint Protection clients with SONAR engine 12.3 and earlier will be detected as. If Socar.exe does not trigger an event, SONAR is not running correctly.Īs of May 16th 2022, Symantec Endpoint Protection detects Socar.exe as SONAR.Socar!gen1 on Endpoint Protection clients running SONAR engine 12.4 or greater. If SONAR is running, Socar.exe triggers a Proactive Threat Protection event. Symantec created Socar.exe to test whether SONAR works on a computer.