You might want to change the SONAR actions to reduce the rate of false positive detections. You might also want to change the SONAR actions to change the number of detection notifications that appear on your client computers.
A cloud icon appears next to some options when this domain is enrolled in the cloud console. If an Intensive Protection policy is in effect, the policy overrides these options for 14.0.1 clients only.
To adjust SONAR settings on your client computers
In the Virus and Spyware Protection policy, select SONAR.
Make sure that Enable SONAR is checked.
When SONAR is enabled, Suspicious Behavior Detection automatically turns on. You cannot turn off Suspicious Behavior Detection when SONAR is enabled.
Under Scan Details, change the actions for high or low risk heuristic threats.
You can enable aggressive mode for low risk detections. This setting increases SONAR sensitivity to low risk detections. It might increase the false positive detections.
Optionally change the settings for the notifications that appear on your client computers.
Under System Change Events, change the action for either DNS change detected or Host file change detected.
The Prompt action might result in many notifications on your client computers. Any action other than Ignore might result in many log events in the console and email notifications to administrators.
If you set the action to Block, you might block important applications on your client computers.
For example, if you set the action to Block for DNS change detected, you might block VPN clients. If you set the action to Block for Host file change detected, you might block your applications that need to access the host file. You can use a DNS or host file change exception to allow a specific application to make DNS or host file changes.