• 所有社区 - 中文
    • 所有社区 - 中文
    • 论坛
    • 创意
    • 博客
高级

不是您要找的? 咨询专家!

好评0

Bloodhound v. SONAR

What is the difference?
=\

回复

好评0

Re: Bloodhound v. SONAR

What is the difference?
=\
好评0

Re: Bloodhound v. SONAR

I guess new name in new version, hehe
----------------------------------------------------------------NIS 2011 beta 18.0.0.107 Win 7 7600 RTM 32-bit
好评0

Re: Bloodhound v. SONAR

They are both in NIS09.
=\
好评0

Re: Bloodhound v. SONAR

I believe that Bloodhound is the heuristic engine and SONAR is the IDS of the program. But please let someone correct me when I'm wrong
"All that we are is the result of what we have thought"
好评0

Re: Bloodhound v. SONAR

yes

Bloodhound is capable of detecting upwards of 80% of new and unknown file viruses.

SONAR uses an algorithm to evaluate hundreds of attributes relating to software that is running on the computer, so it can spot malicious software, whether it's already been identified by Symantec researchers or not.

好评0

Re: Bloodhound v. SONAR


ialexandra73 wrote:

yes

Bloodhound is capable of detecting upwards of 80% of new and unknown file viruses.

SONAR uses an algorithm to evaluate hundreds of attributes relating to software that is running on the computer, so it can spot malicious software, whether it's already been identified by Symantec researchers or not.


So Heuristics ;)

"All that we are is the result of what we have thought"
好评0

Re: Bloodhound v. SONAR

But sonar never detected any virus in my comp and i know a file which is virus and nav is telling its 100% fine.

I submitted it through quarantine as well as retail page still no definitions too.

----------------------------------------------------------------NIS 2011 beta 18.0.0.107 Win 7 7600 RTM 32-bit
好评8 Stats

Re: Bloodhound v. SONAR

Bloodhound is a static analysis technique whereas SONAR is a dynamic analysis technique. Bloodhound can be used to scan individual files and detect certain characteristics of malware. SONAR analyzes applications as they are running and takes action once enough evidence has been gathered to convict the application of being malware, based upon its behavior.
Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
好评0

Re: Bloodhound v. SONAR

Wow great explanation.
=\
好评0

Re: Bloodhound v. SONAR

Once konvicted, does Sonar block the whole executable or block the konvicted actions?
=\
好评0

Re: Bloodhound v. SONAR

SONAR takes action to remediate the execuable and stop it from performing any further mischief.
Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
好评2 Stats

Re: Bloodhound v. SONAR

"SONAR analyzes applications as they are running and takes action once enough evidence has been gathered to convict the application of being malware, based upon its behavior. "

how come SONAR can ANALYZE applications as they are RUNNING while it is only enabled at manual scan? 

好评0

Re: Bloodhound v. SONAR

"Enabled at manual scan"

Who said that?

SONAR supplements real-time protection. As a matter of fact I had a SONAR detection about 10 minutes ago when I executed a malicious file.

Bloodhound is enabled during a manual scan. 

Message Edited by Tech0utsider on 11-28-2008 04:05 PM
=\
好评0

Re: Bloodhound v. SONAR


Tech0utsider wrote:

Bloodhound is enabled during a manual scan.


Auto-Protect will also use this.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
好评0

Re: Bloodhound v. SONAR

Bloodhound is used during manual, on-demand scans. Downloading a bloodhound file did not trigger Norton. I had to manually scan the file for a bloodhound detection. If I executed the file I may have recieved a SONAR detection.
=\
好评0

Re: Bloodhound v. SONAR

so actually how SONAR works? there's just vague discussions on it's similar to HIPS, and just an enable/disable option in manual scan, how to configure it and what's the impact on performance? there's no way can find the descriptions from within norton mamual.
好评0

Re: Bloodhound v. SONAR


orangedog wrote:
so actually how SONAR works? there's just vague discussions on it's similar to HIPS, and just an enable/disable option in manual scan, how to configure it and what's the impact on performance? there's no way can find the descriptions from within norton mamual.

But that's correct. It is sort of a HIPS. and Bloodhound is almost the same as Antibot

"All that we are is the result of what we have thought"
好评0

Re: Bloodhound v. SONAR

Hey guys...Please do not attack me...

But where the bloody hell is this Bloodhound, in NIS09?

好评1 Stats

Re: Bloodhound v. SONAR

There is no Bloodhound setting. If you go back to the first page in this thread you will see that Bloodhound means the same as Heuristics which is part of the overall virus scan.
Real Time Protection = NIS 2009 + NATBehavior Analysis = ThreatfireOn Demand = MBAM
好评0

Re: Bloodhound v. SONAR

OK Dieselman743...Got it!

Thanks man!

好评0

Re: Bloodhound v. SONAR


Stu wrote:

orangedog wrote:
so actually how SONAR works? there's just vague discussions on it's similar to HIPS, and just an enable/disable option in manual scan, how to configure it and what's the impact on performance? there's no way can find the descriptions from within norton mamual.

But that's correct. It is sort of a HIPS. and Bloodhound is almost the same as Antibot


Wrong!

Bloodhound is used in 

  • Manual, on-demand scans


It uses

  • hundreds of algorithms to determine if a file is malicious. or not


SONAR is used in 

  • Real-time. Intergrated with "Advanced Protection"


It uses

  • hundreds of algorithmsto determine is a running process is malicious. or not.

The "Advanced Heuristic Protection" Settings configures both SONAR and Bloodhound.
=\
好评0

Re: Bloodhound v. SONAR

the SONAR option only available in manual scan for NAV 2008, so it seems that SONAR is just like bloodhound that will not activate at active protection
好评0

Re: Bloodhound v. SONAR

SONAR is real-time protection. Bloodhound is available during manual scans.
=\
好评0

Re: Bloodhound v. SONAR

I have a refrence to "Bloodhound.SONAR.1" in the "Security Risks" section of the activity logs (NIS2008). Is this a threat or a legit part of NIS? Does anyone know what "a.exe" is?

Risk category: Suspicious items
Overall Risk Impact: Medium
Performance: Medium
Privacy: Medium
Removal: Medium
Stealth: Medium
Click for more information about this risk : Bloodhound.SONAR.1
Action taken: Fully removed
Affected Areas:
Files & Directories
c:\windows\system32\a.exe
Processes & Start-Up Items
c:\windows\system32\a.exe

好评0

Re: Bloodhound v. SONAR

I also have this in the activity log:

Risk category: Heuristic Virus
Overall Risk Impact: High
Performance: High
Privacy: High
Removal: High
Stealth: High
Click for more information about this risk : Bloodhound.PDF.1
Action taken: Blocked
Affected Areas: c:\documents and settings\adam\local settings\application data\mozilla\firefox\profiles\ds26j6zp.default\cache\e887b5d0d01

好评1 Stats

Re: Bloodhound v. SONAR

It is real. a.exe is the name of the malicious executable.

If no software on your computer is malfunctioning, then the risk was probably real. I would highly suggest that you upgrade to NIS09, free of course, just for follow-up.

Run the Norton Removal Tool:

http://service1.symantec.com/SUPPORT/norton2008.nsf/docid/2007082908475279?Open&docid=2005033108162039&nsf=tsgeninfo.nsf&view=docid

When you restart, you will be be prompted with a browser window to download the latest version of Norton.


And of course, submit the sample to Symantec for further analysis. There should be an option in Security History.
Message Edited by Tech0utsider on 12-09-2008 07:06 PM
=\

This thread is closed from further comment. Please visit the forum to start a new thread.