To determine which processes are legitimate and which are security risks, look at the following columns in the log:
The Event column tells you immediately whether a detected process is a security risk or a possible legitimate process. However, a potential risk that is found may or may not be a legitimate process, and a security risk that is found may or may not be a malicious process. Therefore, you need to look at the Application type and File/Path columns for more information. For example, you might recognize the application name of a legitimate application that a third-party company has developed.
To monitor SONAR detection results to check for false positives
In the console, click Monitors > Logs.
On the Logs tab, in the Log type drop-down list, click SONAR.
Select a time from the Time range list box closest to when you last changed a scan setting.
Click Additional Settings.
In 12.1.x, Additional Settings is Advanced Settings.
In the Event type drop-down list, select one of the following log events:
Click View Log.
After you identify the legitimate applications and the security risks, create an exception for them in an Exceptions policy.
You can create the exception directly from the SONAR Logs pane.