• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

New SONAR functional Improvements?

SONAR Engine Update to 11.0 Version
What functional improvements?

Labels: SONAR

Replies

Kudos1 Stats

Re: New SONAR functional Improvements?

Norton would not usually divulge improvement information for the core anti malware features. This would be proprietary information. And they do not want to alert the bad guys of things to look for to defeat the protection.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: New SONAR functional Improvements?

adding > for (dated) Overview see Behavior here > https://www.symantec.com/theme/star

Kudos0

Re: New SONAR functional Improvements?

bjm_:adding > for (dated) Overview see Behavior here > https://www.symantec.com/theme/star

Thank you, the STAR technical information, I have seen, but only a few years has not updated the new content

Kudos0

Re: New SONAR functional Improvements?

peterweb:

Norton would not usually divulge improvement information for the core anti malware features. This would be proprietary information. And they do not want to alert the bad guys of things to look for to defeat the protection.

Ok,Thank you

Kudos0

Re: New SONAR functional Improvements?

MiracleThunder: bjm_:adding > for (dated) Overview see Behavior here > https://www.symantec.com/theme/star

Thank you, the STAR technical information, I have seen, but only a few years has not updated the new content

Yeah, I gave up asking for STAR update. 

Norton | Learn How Norton Goes Beyond Antivirus ---

Kudos0

Re: New SONAR functional Improvements?

bjm_:
MiracleThunder: bjm_:adding > for (dated) Overview see Behavior here > https://www.symantec.com/theme/star

Thank you, the STAR technical information, I have seen, but only a few years has not updated the new content

Yeah, I gave up asking for STAR update. 

Norton | Learn How Norton Goes Beyond Antivirus ---

Thank you
Your link, thank 

Kudos5 Stats

Re: New SONAR functional Improvements?

I can't tell you much about the cool internal improvements , but the SONAR behavioral detection engine is the same between Norton and the enterprise product, Symantec Endpoint Protection. The enterprise documentation tends to be more technical, if that's what you're interested in. For example, here's a nice Support document:  https://support.symantec.com/en_US/article.HOWTO80968.html

SEP 14 was just released, and contains the accumulated improvements from the last couple Norton releases. We're pretty excited to get this out, and there's a lot of marketing information that's been made available:
https://www.symantec.com/products/threat-protection/endpoint-family/endpoint-protection

If there's a specific change or improvement you're curious about, let me know, I can probably help out,

--David Kane
Technical Director, Windows Protection Engines

Kudos0

Re: New SONAR functional Improvements?

dkane:

I can't tell you much about the cool internal improvements , but the SONAR behavioral detection engine is the same between Norton and the enterprise product, Symantec Endpoint Protection. The enterprise documentation tends to be more technical, if that's what you're interested in. For example, here's a nice Support document:  https://support.symantec.com/en_US/article.HOWTO80968.html

SEP 14 was just released, and contains the accumulated improvements from the last couple Norton releases. We're pretty excited to get this out, and there's a lot of marketing information that's been made available:
https://www.symantec.com/products/threat-protection/endpoint-family/endpoint-protection

If there's a specific change or improvement you're curious about, let me know, I can probably help out,

--David Kane
Technical Director, Windows Protection Engines

 thank you

I have a problem, SEP 14 has AdvML.A detection technology, personal version of NS 22.8 has ADVML.B
Then NS will have AdvML.A detection technology?

Kudos0

Re: New SONAR functional Improvements?

Hello David

There is a question for you in this Permalink.  Permalink  Just letting you know in case you haven't subscribed to the thread.

Thanks.

@dkane

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.17.3.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: New SONAR functional Improvements?

I have a problem, SEP 14 has AdvML.A detection technology, personal version of NS 22.8 has ADVML.B
Then NS will have AdvML.A detection technology?

Probably, Heur.AdvML.A, B, C.... - it is AML-detections, AML technology/module (exist in Norton and SEP 14...may be in SEP 12.1.6?): https://www.symantec.com/connect/blogs/machine-learning-new-frontiers-ad...

I can't tell you much about the cool internal improvements , but the SONAR behavioral detection engine is the same between Norton and the enterprise product, Symantec Endpoint Protection. The enterprise documentation tends to be more technical, if that's what you're interested in. For example, here's a nice Support document:  https://support.symantec.com/en_US/article.HOWTO80968.html

SONAR 5? In SEP 12.1.x SONAR 3.5 (Support Virtual Machine? Norton with SONAR 5 hasn't such support) 

Kudos1 Stats

Re: New SONAR functional Improvements?

CorvusCorax47:

I have a problem, SEP 14 has AdvML.A detection technology, personal version of NS 22.8 has ADVML.B
Then NS will have AdvML.A detection technology?

Probably, Heur.AdvML.A, B, C.... - it is AML-detections, AML technology/module (exist in Norton and SEP 14...may be in SEP 12.1.6?): https://www.symantec.com/connect/blogs/machine-learning-new-frontiers-ad...

I can't tell you much about the cool internal improvements , but the SONAR behavioral detection engine is the same between Norton and the enterprise product, Symantec Endpoint Protection. The enterprise documentation tends to be more technical, if that's what you're interested in. For example, here's a nice Support document:  https://support.symantec.com/en_US/article.HOWTO80968.html

SONAR 5? In SEP 12.1.x SONAR 3.5 (Support Virtual Machine? Norton with SONAR 5 hasn't such support) 

CorvusCorax47:

I have a problem, SEP 14 has AdvML.A detection technology, personal version of NS 22.8 has ADVML.B
Then NS will have AdvML.A detection technology?

Probably, Heur.AdvML.A, B, C.... - it is AML-detections, AML technology/module (exist in Norton and SEP 14...may be in SEP 12.1.6?): https://www.symantec.com/connect/blogs/machine-learning-new-frontiers-ad...

I can't tell you much about the cool internal improvements , but the SONAR behavioral detection engine is the same between Norton and the enterprise product, Symantec Endpoint Protection. The enterprise documentation tends to be more technical, if that's what you're interested in. For example, here's a nice Support document:  https://support.symantec.com/en_US/article.HOWTO80968.html

SONAR 5? In SEP 12.1.x SONAR 3.5 (Support Virtual Machine? Norton with SONAR 5 hasn't such support) 

 No, SEP 12.1.6 SONAR is version and NS 22.5 same, and now the SONAR is not to distinguish 4 5 6 generations, is always updated version and function

Kudos5 Stats

Re: New SONAR functional Improvements?

To clarify, everyone since Norton 2013 and SEP 11.x gets the same SONAR engine. It (engine/content) ships in the definitions, via LiveUpdate. Sometimes we can't enable all features on older clients, but we try to provide the same protection to everyone. SONAR v11 is rolling out now; if you currently have anything less than 10.x on your machine then you need to check your update settings.

The Static Data Scanner (the file scanning engine and AutoProtect), on the other hand, did change for NS 22.8 and SEP 14.x. We added more AI and significantly enhanced the emulator component. Older clients unfortunately don't benefit from those features. The change is reflected in the name: we used to call it AV Engine, but it does way more than plain ol' AV.

That previous link about machine learning has excellent information about what we're doing internally, and that's probably why you see Heur.ML.A and Heur.ML.B. I'm taking a guess here, but I bet that the machine learning folks decided that the training could be more effective if we separated the different clients: Norton customers are more likely to run games and media programs, while SEP/enterprise environments are more likely to have IT-management tools. Both sets are optimized to provide the same level of protection, but by reducing the impact of certain classes of programs it leaves more room in the AI model for detecting bad stuff.

Kudos0

Re: New SONAR functional Improvements?

dkane:

To clarify, everyone since Norton 2013 and SEP 11.x gets the same SONAR engine. It (engine/content) ships in the definitions, via LiveUpdate. Sometimes we can't enable all features on older clients, but we try to provide the same protection to everyone. SONAR v11 is rolling out now; if you currently have anything less than 10.x on your machine then you need to check your update settings.

The Static Data Scanner (the file scanning engine and AutoProtect), on the other hand, did change for NS 22.8 and SEP 14.x. We added more AI and significantly enhanced the emulator component. Older clients unfortunately don't benefit from those features. The change is reflected in the name: we used to call it AV Engine, but it does way more than plain ol' AV.

That previous link about machine learning has excellent information about what we're doing internally, and that's probably why you see Heur.ML.A and Heur.ML.B. I'm taking a guess here, but I bet that the machine learning folks decided that the training could be more effective if we separated the different clients: Norton customers are more likely to run games and media programs, while SEP/enterprise environments are more likely to have IT-management tools. Both sets are optimized to provide the same level of protection, but by reducing the impact of certain classes of programs it leaves more room in the AI model for detecting bad stuff.

thank you very much Answer my question.

I have always known SEP and NS's SONAR Engine the same.

I've been following Symantec security products for more than a decade.

Kudos0

Re: New SONAR functional Improvements?

I have always known SEP and NS's SONAR Engine the same.

 But it was not always.   It's a stupid belief

Moreover, the Download Insight module in SEP 12.1.x (all versions) by NIS 2011(!????), but in SEP 14 DI-module work as in NS (detect files in archives). Consequently, last SEP 12 already not last Norton. Where did the belief in the identity of the SONAR modules? But was the reason not to believe.

Finally, tests (last and earlier) clearly confirms the version that SEP weaker, than Norton, for example: https://www.av-test.org/en/antivirus/home-windows/windows-7/august-2016/...https://www.av-test.org/en/antivirus/business-windows-client/windows-7/a...

I remember the amateur tests (>2 years ago), which compared SEP-SONAR and Norton-SONAR - 2 different unit and different results. 

SEP 14 = (probably)NS 22.8 in protection.

Kudos0

Re: New SONAR functional Improvements?

CorvusCorax47:

I have always known SEP and NS's SONAR Engine the same.

 But it was not always.   It's a stupid belief

Moreover, the Download Insight module in SEP 12.1.x (all versions) by NIS 2011(!????), but in SEP 14 DI-module work as in NS (detect files in archives). Consequently, last SEP 12 already not last Norton. Where did the belief in the identity of the SONAR modules? But was the reason not to believe.

Finally, tests (last and earlier) clearly confirms the version that SEP weaker, than Norton, for example: https://www.av-test.org/en/antivirus/home-windows/windows-7/august-2016/...https://www.av-test.org/en/antivirus/business-windows-client/windows-7/a...

I remember the amateur tests (>2 years ago), which compared SEP-SONAR and Norton-SONAR - 2 different unit and different results. 

SEP 14 = (probably)NS 22.8 in protection.

You are denying dkane
dkane has said, SEP and NS the same SONAR Engine

dkane:everyone since Norton 2013 and SEP 11.x gets the same SONAR engine.

SEP 12.X of the SONAR is weaker than the NS, just because the SEP SONAR no SONAR.Heuristic.XXX series of detection technology

SEP 12.X Insight download does not support compressed package file detection, so weaker than NS

But now SEP 14 has SONAR.Heuristic.xxx detection and Insight Download support for zipped package analysis

Kudos0

Re: New SONAR functional Improvements?

That previous link about machine learning has excellent information about what we're doing internally, and that's probably why you see Heur.ML.A and Heur.ML.B. I'm taking a guess here, but I bet that the machine learning folks decided that the training could be more effective if we separated the different clients: Norton customers are more likely to run games and media programs, while SEP/enterprise environments are more likely to have IT-management tools. Both sets are optimized to provide the same level of protection, but by reducing the impact of certain classes of programs it leaves more room in the AI model for detecting bad stuff.

AML: 1) Insight, 2)SAPE (static attributes), 3) SONAR ?  AML - concept for three proactive technologies?

From link about AML: 

  • Static attributes: We start by inspecting thousands of static characteristics of a file – things like file name, function calls, entropy, etc.
  • Dynamic behaviors: We then dig deeper to understand a program’s dynamic behaviors. We watch for combinations of thousands of behaviors – for example, does the program connect to the network, does it launch another process, does it access registry keys, etc.
  • Relationships and reputation: To complete the picture, we examine the file’s relationships with other files, machines and URLs to generate a file “reputation.”  Inspired by “the wisdom of the crowd,” this reputation analysis runs on big data at scale in our cloud, and enables us to understand if a program seen on only one or a few machines around the world is likely malicious.
SEP 12.X of the SONAR is weaker than the NS, just because the SEP SONAR no SONAR.Heuristic.XXX series of detection technology

SEP 12.1 uses SONAR.Heuristic.XXX series.  https://youtu.be/vRjjrwrjnrY?t=21m6s (2016). https://youtu.be/G9ghxDBoLnc?t=1888 (2013)

Kudos0

Re: New SONAR functional Improvements?

Heur.ML.[...] - by SAPE Technology. 

This thread is closed from further comment. Please visit the forum to start a new thread.