• 所有社区 - 中文
    • 所有社区 - 中文
    • 论坛
    • 创意
    • 博客
高级

不是您要找的? 咨询专家!

此论坛帖文需要解决方案。
好评0

Bloodhound.Sonar

What is the above detection? Aren't those two completely different things? Do they work in conjunction to determine if a file was malicious or not?
=\

回复

好评0

Re: Bloodhound.Sonar

What is the above detection? Aren't those two completely different things? Do they work in conjunction to determine if a file was malicious or not?
=\
好评0

Re: Bloodhound.Sonar

Boy how we forget the posts we make. You already asked this question Tech or have you forgoten  your other post?

http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=17281&view=by_date_ascending&page=1
Real Time Protection = NIS 2009 + NATBehavior Analysis = ThreatfireOn Demand = MBAM
好评0

Re: Bloodhound.Sonar


Dieselman743 wrote:

Boy how we forget the posts we make. You already asked this question Tech or have you forgoten  your other post?

http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=17281&view=by_date_ascending&page=1

Come on Diesel. Calm down.

I don't believe that is the question. I believe Tech is receiving a detection with Bloodhound and Sonar in one line?

"All that we are is the result of what we have thought"
好评0

Re: Bloodhound.Sonar


Stu wrote:

Dieselman743 wrote:

Boy how we forget the posts we make. You already asked this question Tech or have you forgoten  your other post?

http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=17281&view=by_date_ascending&page=1

Come on Diesel. Calm down.

I don't believe that is the question. I believe Tech is receiving a detection with Bloodhound and Sonar in one line?


Correct. Now can you answer my question? 

=\
好评0

Re: Bloodhound.Sonar

TechOutsider, where are you actually seeing this signature? There are some cases for Community Watch submissions that are labeled this way. In those cases, they are actually generated using the SONAR technology.
Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
好评0

Re: Bloodhound.Sonar

A user using NIS08 reported a Bloodhound.SONAR.1 detection. Can those two really be used in conjunction?

And looking at the Threat Writeup, it says that "potentially unknown risk is found using Symantec Bloodhound technology. Bloodhound technology consists of heuristic algorithms that are used to detect unknown risks."

It doesn't say anything about SONAR. It makes it sound like Bloodhound convicted the file.

http://www.symantec.com/security_response/writeup.jsp?docid=2006-070613-4658-99


Furthermore, the writeup also says "The file that is detected under Bloodhound.SONAR.2 indicates a running process with behavior similar to that of a Trojan horse that records keystrokes."

That makes it sound like SONAR reconigzed the file as malicious. Or possibly both in conjunction. 

Message Edited by Tech0utsider on 12-11-2008 08:36 PM
=\
好评0

Re: Bloodhound.Sonar

Unfortunately, our product and feature marketing teams don't always draw clear lines between technologies and wording. The early versions of Bloodhound were introduced many years ago and we've marketed the feature since that time. Since bloodhound is somewhat heuristics based and the newly introduced SONAR technology is also heuristics based, it was decided to use the same base term -- bloodhound -- to describe heuristic detections, whether statically or dynamically based. The bloodhound.sonar signatures -- there's a few of them -- all come from the dynamic, process based detection whereas the other bloodhound signatures come from other, more static, heuristic technologies.
Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation

This thread is closed from further comment. Please visit the forum to start a new thread.