Here is my situation:

1) SONAR gives many false positives & anyone able to handle them will need to be expert enough to distinguish viruses from useful files so will probably get very few viruses old school way. (I got 2 this year, but they were blocked by NAV)

The only attack I fear is clever social engineering attacks.

2) Symantec is not especially good at heuristics. See here: Virusbtn RAP test

(This has been done on SEP & I doubt SEP has SONAR.)

3) I get too many FPs in SONAR. Some of them are here:

    a) ISOBuster 2.6 installer(I've reported it but last time I tested it is still being detected).

    b) Every GAOTD installer.

    c) Every linked list program done by me in C (Borland C++ Builder v10/with advanced mode set to auto)

With above info in mind, if today I get another misleading SONAR detection the chance of it being a malware will be less than it being another FP; & what if the attack is cleverly socially engineered? I'll override SONAR.

4) I view advanced modules such as HIPS, Heuristics, Advanced firewall etc as hypes. They have never been able to save me when sig based AV fails.

My conclusion: I have basic common sense, but I still need AV. But not SONAR. I am sick of it. Still I am angry right now & my decision may prove fatal later. I need your opinion.