拍手0

SONAR should display detailed information on detections

投稿日: 2010-05-12 | 14:14 · 返信 13 · · 翻訳:

I would really like for Norton products to show detailed information on SONAR detections. As it is now we only get information about that a file was blocked by SONAR but nothing about why.

It would be a killer feature to see more details like what triggered the detection (reading a file, opening a TCP connection, accessing a specific URI resource etc). Showing more information would also help users to make a qualified guess if the SONAR detection is correct or not; ex users might have a better idea of what their programs are supposed do than SONAR, especially advanced users.

As reference/example one could consider ThreatExpert which displays detailed information on what a program is doing.

Best regards,

ラベル: SONAR

返信

拍手0

Re: SONAR should display detailed information on detections

投稿日: 2010-05-12 | 14:14 · パーマリンク

I would really like for Norton products to show detailed information on SONAR detections. As it is now we only get information about that a file was blocked by SONAR but nothing about why.

It would be a killer feature to see more details like what triggered the detection (reading a file, opening a TCP connection, accessing a specific URI resource etc). Showing more information would also help users to make a qualified guess if the SONAR detection is correct or not; ex users might have a better idea of what their programs are supposed do than SONAR, especially advanced users.

As reference/example one could consider ThreatExpert which displays detailed information on what a program is doing.

Best regards,

拍手0

Re: SONAR should display detailed information on detections

投稿日: 2010-05-12 | 14:19 · パーマリンク

I agree, SONAR must do it like ThreatFite do.
拍手0

Re: SONAR should display detailed information on detections

投稿日: 2010-05-13 | 01:54 · パーマリンク

I am agree too , it is good idea.

拍手0

Re: SONAR should display detailed information on detections

投稿日: 2010-05-13 | 03:30 · パーマリンク

Agree here too!

Same idea, I believe:

http://community.norton.com/t5/Norton-Internet-Security-Norton/More-Information-about-a-Sonar-Detection/idi-p/217625#comments

拍手0

Re: SONAR should display detailed information on detections

投稿日: 2010-05-13 | 12:29 · パーマリンク

excellent idea

拍手0

Re: SONAR should display detailed information on detections

投稿日: 2010-06-08 | 05:14 · パーマリンク

This already exists at the File/Threat Insight UI under the "Actions" tab but the text is not as user friendly. We plan to fix this for 2011. Did you check the Actions tab in File/Threat Insight?
拍手0

Re: SONAR should display detailed information on detections

投稿日: 2010-06-10 | 02:37 · パーマリンク

Sorry for the empty comment above.

> This already exists at the File/Threat Insight UI under the "Actions" tab but the text is not as user friendly. We plan > to fix this for 2011. Did you check the Actions tab in File/Threat Insight?

I did notice this button when I used file insight on files from the right-click menu, but I never knew that Sonar would put its info in here. Isn't it illogical that you have to use "File Insigh" on a file to see what actions it performed even though the file was removed by Norton? Normally I use file insight from the right-click menu so this is kind of counter intuitive to me.

 think you really have to rethink how you display the Sonar information, because I don't think it's logical that you have to browse the Norton history, find the file it put in quarantine, click on another button to open the File Insight dialog for the quarantined file and then use the dropdown menu in the File Insight dialog to actually see what the file did.

Half of my suggestion was about the presentation of information - that is, the information should be presented before Norton blocks the file (or at least this should be a setting) so users can actually view the relevant data right on screen whenever sonar activity occurs and don't have to dig deep into the logs and whatever else to find it. I think the ability to show Sonar info is of great advertising value to Norton so by not making it easily accessible is to me like you're shooting yourself in the foot.

Regards,

Ole

拍手0

Re: SONAR should display detailed information on detections

投稿日: 2010-06-12 | 13:12 · パーマリンク

Addition:

I have also noticed that Norton often does not give any information to why a file was detected by SONAR. For example I have a file that Norton just blocked with SONAR, and the only information in the "Actions" tab is:

"File "C:\.....\hello.exe" removed"

There are no other options than "File Actions" I can click in the dropdown box. In this case it seems Norton isn't giving me any information at all.

拍手0

Re: SONAR should display detailed information on detections

投稿日: 2010-06-12 | 14:07 · パーマリンク

@athena

i can not find any Information about "harmful behavior"  on a Sonar 3 (Beta) Detection .

http://img535.imageshack.us/img535/3229/aufzeichnen3v.jpg

http://img268.imageshack.us/img268/7770/aufzeichnen1p.jpg

http://img33.imageshack.us/img33/3517/aufzeichnen2r.jpg

where they read the information e.g. DLL Injection, Memory Manipulation ? ;)

拍手0

Re: SONAR should display detailed information on detections

投稿日: 2010-06-24 | 12:51 · パーマリンク

Thanks Voyager10 for providing more details.

I did some research into this and here is what happens. File Insight provides the data that you ask for at the time of the detection and before an action is taken. See screenshots below.

However, this shows only if you don't have the SONAR detections being remediated automatically. After the action is taken we do not carry this info in History.

I agree with you this flow needs some improvement. We are considering your suggestion for our next release.

Thanks for bringing this up.

拍手0

Re: SONAR should display detailed information on detections

投稿日: 2010-06-24 | 12:52 · パーマリンク

拍手0

Re: SONAR should display detailed information on detections

投稿日: 2010-06-27 | 13:32 · パーマリンク

Thank You  ;)

This "Behavior Details"  you can see here 

http://en.wikipedia.org/wiki/File:Norton_Antibot_Screenshot.png

into Sonar 3 were perfect !

拍手0

Re: SONAR should display detailed information on detections

投稿日: 2010-10-30 | 03:21 · パーマリンク

Yes, It's a good idea to see why sonar has removed it (for example unsigned executable, not visible, etc...)