Adjusting SONAR settings on your client computers

You might want to change the SONAR actions to reduce the rate of false positive detections. You might also want to change the SONAR actions to change the number of detection notifications that appear on your client computers.
A cloud icon appears next to some options when this domain is enrolled in the cloud console. If an Intensive Protection policy is in effect, the policy overrides these options for 14.0.1 clients only.
  1. To adjust SONAR settings on your client computers
  2. In the Virus and Spyware Protection policy, select
    SONAR
    .
  3. Make sure that
    Enable SONAR
    is checked.
    When SONAR is enabled, Suspicious Behavior Detection automatically turns on. You cannot turn off Suspicious Behavior Detection when SONAR is enabled.
  4. Under
    Scan Details
    , change the actions for high or low risk heuristic threats.
    You can enable aggressive mode for low risk detections. This setting increases SONAR sensitivity to low risk detections. It might increase the false positive detections.
  5. Optionally change the settings for the notifications that appear on your client computers.
  6. Under
    System Change Events
    , change the action for either
    DNS change detected
    or
    Host file change detected
    .
    The
    Prompt
    action might result in many notifications on your client computers. Any action other than
    Ignore
    might result in many log events in the console and email notifications to administrators.
    If you set the action to
    Block
    , you might block important applications on your client computers.
    For example, if you set the action to
    Block
    for
    DNS change detected
    , you might block VPN clients. If you set the action to
    Block
    for
    Host file change detected
    , you might block your applications that need to access the host file. You can use a DNS or host file change exception to allow a specific application to make DNS or host file changes.
    For more information, see:
  7. Under
    Suspicious Behavior Detection
    , you can change the action for high or low risk detections.
    If SONAR is disabled, you can also enable or disable Suspicious Behavior Detection.
  8. Click
    OK
    .