SONAR uses reputation data in addition to heuristics to make detections. If you disable Insight lookups, SONAR makes detections by using heuristics only. The rate of false positives might increase, and the protection that SONAR provides is limited.
You enable or disable Insight Lookups in the Submissions dialog.
Prevent SONAR from detecting the applications that you know are safe
SONAR might detect the files or applications that you want to run on your client computers. You can use an Exceptions policy to specify exceptions for the specific files, folders, or applications that you want to allow. For the items that SONAR quarantines, you can create an exception for the quarantined item from the SONAR log.
You also might want to set SONAR actions to log and allow detections. You can use application learning so that Symantec Endpoint Protection learns the legitimate applications on your client computers. After Symantec Endpoint Protection learns the applications that you use in your network, you can change the SONAR action to Quarantine.
If you set the action for high risk detections to log only, you might allow potential threats on your client computers.
In some cases, an application might become unstable or cannot run when SONAR injects code into the application to examine it. You can create a file, folder, or application exception for the application.
Manage the way SONAR detects the applications that make DNS or host file changes
You can use the SONAR policy settings to globally adjust the way SONAR handles detections of DNS or host file changes. You can use the Exceptions policy to configure exceptions for specific applications.
Allow clients to submit information about SONAR detections to Symantec
Symantec recommends that you enable submissions on your client computers. The information that clients submit about detections helps Symantec address threats. The information helps Symantec create better heuristics, which results in fewer false positive detections.