Hi Deuceswild,
I work on the team that builds the Behavioral Detection engines and HIPS is a big part of that.
Simply put, HIPS (Host-based Intrusion Prevention System) engines monitor all applications running on the machine for suspicious behaviors. Some examples of suspicious behaviors are "Writing to the run key", "Registering a BHO",
"Modifying the etc/hosts files" etc. Most HIPS products will simply popup an alert telling the user that "application XYZ is writing to the RUN key. Allow or Block ?" The user then makes a decision and as you can imagine, more users aren't in a position to make this decision correctly.
NIS2009 has a smart HIPS technology where it will look at all the behaviors of the applications and run certain heuristics on the application to determine if its a good application or a malicious application. If found to be malicious, it will automatically remove the application from the machine without prompting the user with these difficult-to-answer questions. This technology is called SONAR.
SONAR is ON by default in both NIS and NAV 2009 on XP 32-bit and Vista 32-bit. If you have Vista 64-bit, please see this post from Dave Cole for more information:
http://community.norton.com/norton/board/message?board.id=nis_feedback&message.id=7486#M7486
Hope this helps.
Shane.
Message Edited by Tony_Weiss on 09-24-2008 06:57 PM
