What is the difference?
They are both in NIS09.
I believe that Bloodhound is the heuristic engine and SONAR is the IDS of the program. But please let someone correct me when I’m wrong
What is the difference?
yes
Bloodhound is capable of detecting upwards of 80% of new and unknown file viruses.
SONAR uses an algorithm to evaluate hundreds of attributes relating to software that is running on the computer, so it can spot malicious software, whether it's already been identified by Symantec researchers or not.
ialexandra73 wrote:yes
Bloodhound is capable of detecting upwards of 80% of new and unknown file viruses.
SONAR uses an algorithm to evaluate hundreds of attributes relating to software that is running on the computer, so it can spot malicious software, whether it's already been identified by Symantec researchers or not.
So Heuristics ;)
But sonar never detected any virus in my comp and i know a file which is virus and nav is telling its 100% fine.
I submitted it through quarantine as well as retail page still no definitions too.
Bloodhound is a static analysis technique whereas SONAR is a dynamic analysis technique. Bloodhound can be used to scan individual files and detect certain characteristics of malware. SONAR analyzes applications as they are running and takes action once enough evidence has been gathered to convict the application of being malware, based upon its behavior.
Wow great explanation.
Once konvicted, does Sonar block the whole executable or block the konvicted actions?
SONAR takes action to remediate the execuable and stop it from performing any further mischief.
"SONAR analyzes applications as they are running and takes action once enough evidence has been gathered to convict the application of being malware, based upon its behavior. "
how come SONAR can ANALYZE applications as they are RUNNING while it is only enabled at manual scan?
"Enabled at manual scan"
Who said that?
SONAR supplements real-time protection. As a matter of fact I had a SONAR detection about 10 minutes ago when I executed a malicious file.
Bloodhound is enabled during a manual scan.
Message Edited by Tech0utsider on 11-28-2008 04:05 PM
Tech0utsider wrote:Bloodhound is enabled during a manual scan.
Auto-Protect will also use this.
Bloodhound is used during manual, on-demand scans. Downloading a bloodhound file did not trigger Norton. I had to manually scan the file for a bloodhound detection. If I executed the file I may have recieved a SONAR detection.
so actually how SONAR works? there’s just vague discussions on it’s similar to HIPS, and just an enable/disable option in manual scan, how to configure it and what’s the impact on performance? there’s no way can find the descriptions from within norton mamual.
orangedog wrote:
so actually how SONAR works? there's just vague discussions on it's similar to HIPS, and just an enable/disable option in manual scan, how to configure it and what's the impact on performance? there's no way can find the descriptions from within norton mamual.
But that's correct. It is sort of a HIPS. and Bloodhound is almost the same as Antibot
Hey guys...Please do not attack me...
But where the bloody hell is this Bloodhound, in NIS09?
There is no Bloodhound setting. If you go back to the first page in this thread you will see that Bloodhound means the same as Heuristics which is part of the overall virus scan.
OK Dieselman743...Got it!
Thanks man!