A process was detected as suspicious by SONAR - Proactive Threat Protection (These detections are also referred to as "Behavior Based"), or Download Insight in SEP 12.1. The file was submitted to Security Response and the determination was this was a case of a False Positive (FP) detection. A message to that effect and information regarding corrected definitions were sent. The Proactive Threat Protection definitions in the SEP 12.1 Client Graphical User Interface do not show any updates and may appear to be out of date.
|Until new definitions are available, it is possible to overcome SONAR False Positives through policy. See Exclusion Guidelines for Symantec Endpoint Protection 12.1 for details.
Exceptions should be used with caution and only temporarily. Remove the exclusion once new whitelisting definitions are available.
In SEP 12.1, SONAR False Positive corrections are done differently than SEP 11.x TruScan/Proactive Threat Scan False Positives.