Hi Symantec,

Some of us have done a test with SONAR 2 in NIS 2010. We found that after we had deleted the virus definition file od NIS, SONAR 2 was totally down. Our first question is : is SONAR 2 totally or partially rely on the virus definition file?

Second, we found that SONAR could detect a threat before the UAC and also, it could delete the threat before it was executed in sandboxie. Does that mean whether the threat could be terminated before it started write data into the RAM?

Hope anyone could answer the above questions. Thx.

Cheer,

Jia