SONAR (Symantec) - SONAR 4


SONAR 4 was introduced with the 2012 BETA versions. Citation from Norton Protection blog "What's new in Norton 2012" located at

  1. Norton Protection Blog: What's new in Norton 2012

"With 2012 we are introducing SONAR Policy Enforcement – We now have the ability to convict a suspicious process based on a behavioral “profile.” To create these profiles, an analyst looks at the 500+ attributes that SONAR tracks and make a series of associations. For example, let’s say a particular process tried to access the system folder and tried to call home, but does not have any running UI. Also, it downloaded more than 15 files the previous day. Any one of these things alone may not be “bad” but taken as a whole, the behavioral profile is bad. The analyst will therefore make a rule that says if we see this string of behaviors, then we should stop the process from executing. Doing all of this is a big deal--we aren’t just looking at what the process does on your computer, we are also looking at its communication characteristics!

Sonar 4.0 also introduces protection against Non Process Threats (NPTs). As the name suggests, these threats are not active processes by themselves, but they inject themselves into legitimate active processes. SONAR 4.0 technology is able to much more aggressively remove threats on pre-infected machines."

Read more about this topic:  SONAR (Symantec)