SONAR(Symantec Online Network for Advanced Response) checks thereputation of a processbefore convicting it. This reputation-based approach evaluates the trustworthiness of the process by referencing Symantec’s database, which is compiled from millions of endpoints, allowing SONAR to make informed decisions about whether the process is likely benign or malicious.
Reputation Checking in SONAR:
Before taking action, SONAR uses reputation data to reduce the likelihood of false positives, which ensures that legitimate processes are not incorrectly flagged as threats.
This check provides an additional layer of accuracy to SONAR’s behavioral analysis.
Why Other Options Are Incorrect:
Quarantining(Option A) andblocking behavior(Option B) occur after SONAR has convicted a process, not before.
Restarting the system(Option C) is not part of SONAR’s process analysis workflow.
References: SONAR’s reliance on reputation checks as a preliminary step in process conviction enhances its accuracy in threat detection.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit