Bloodhound v. SONAR

Norton Security | Norton Internet Security
21
Stu wrote:
orangedog wrote:
so actually how SONAR works? there's just vague discussions on it's similar to HIPS, and just an enable/disable option in manual scan, how to configure it and what's the impact on performance? there's no way can find the descriptions from within norton mamual.

But that's correct. It is sort of a HIPS. and Bloodhound is almost the same as Antibot

Wrong!

 

Bloodhound is used in 

 

  • Manual, on-demand scans


It uses

 

  • hundreds of algorithms to determine if a file is malicious. or not


SONAR is used in 

 

  • Real-time. Intergrated with "Advanced Protection"


It uses

 

  • hundreds of algorithmsto determine is a running process is malicious. or not.

The "Advanced Heuristic Protection" Settings configures both SONAR and Bloodhound.
22

the SONAR option only available in manual scan for NAV 2008, so it seems that SONAR is just like bloodhound that will not activate at active protection

23

SONAR is real-time protection. Bloodhound is available during manual scans.

24

I have a refrence to "Bloodhound.SONAR.1" in the "Security Risks" section of the activity logs (NIS2008). Is this a threat or a legit part of NIS? Does anyone know what "a.exe" is?

 

Risk category: Suspicious items
Overall Risk Impact: Medium
Performance: Medium
Privacy: Medium
Removal: Medium
Stealth: Medium
Click for more information about this risk : Bloodhound.SONAR.1
Action taken: Fully removed
Affected Areas:
Files & Directories
c:\windows\system32\a.exe
Processes & Start-Up Items
c:\windows\system32\a.exe

25

I also have this in the activity log:

 

Risk category: Heuristic Virus
Overall Risk Impact: High
Performance: High
Privacy: High
Removal: High
Stealth: High
Click for more information about this risk : Bloodhound.PDF.1
Action taken: Blocked
Affected Areas: c:\documents and settings\adam\local settings\application data\mozilla\firefox\profiles\ds26j6zp.default\cache\e887b5d0d01

26

It is real. a.exe is the name of the malicious executable.

 

If no software on your computer is malfunctioning, then the risk was probably real. I would highly suggest that you upgrade to NIS09, free of course, just for follow-up.

 

Run the Norton Removal Tool:

 

http://service1.symantec.com/SUPPORT/norton2008.nsf/docid/2007082908475279?Open&docid=2005033108162039&nsf=tsgeninfo.nsf&view=docid

 

When you restart, you will be be prompted with a browser window to download the latest version of Norton.

And of course, submit the sample to Symantec for further analysis. There should be an option in Security History.

 

Message Edited by Tech0utsider on 12-09-2008 07:06 PM