![]() Symantec claims SONAR can also prevent attackers from leveraging unpatched software vulnerabilities. The main use of SONAR is to enhance detection of zero day threats. Both of those factors would indicate the program is not malware. Various factors are considered before determining that a program is malicious, such as if the program adds a shortcut on the desktop or creates a Windows Add/Remove programs entry. NOTE: Socar.exe will not be convicted by SONAR unless Download Insight (Reputation) is enabled.An algorithm is used to evaluate hundreds of attributes relating to software running on a computer. As with other detections, an Event ID 51 "Security Risk Found!" event entry appears in the Windows Application Event logs. The action taken to the socar.exe file (quarantined, log only, and so on) depends on the Symantec Endpoint Protection client's configured policy. ![]() Check the Proactive Threat Protection logs to see if socar.exe triggered an event. Note that if Show alert upon detection is unchecked, then no on-screen pop-up will be displayed. To use Socar.exe, Download the socar.zip file from this article's Download Files section, extract all contents using the password "symantec", and then double-click Socar.exe. Detections on Endpoint Protection clients with SONAR engine 12.3 and earlier will be detected as. If Socar.exe does not trigger an event, SONAR is not running correctly.Īs of May 16th 2022, Symantec Endpoint Protection detects Socar.exe as SONAR.Socar!gen1 on Endpoint Protection clients running SONAR engine 12.4 or greater. If SONAR is running, Socar.exe triggers a Proactive Threat Protection event. Symantec created Socar.exe to test whether SONAR works on a computer.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |