We are starting to see more false positives for Microsoft operating system files from the source: Heuristic Scan.
I believe this is now called SONAR by Symantec.
I’d rather not add the false positives as exceptions as that would exclude them from scanning – even if they become infected.
I don’t see a way to tweak the sensitive of the Heuristic scanning as we were able to do in previous versions using TruScan.
Below are examples of the false positives we have received – below that are the settings for SONAR. Please let me know what can be changed to decrease the amount of SONAR false positives.
False Positives:
Risk name: Microsoft® Windows® Operating System
File path: c:\windows\syswow64\rundll32.exe
File path: c:\windows\system32\notepad.exe
File path: c:\windows\system32\drvinst.exe
File path: c:\windows\system32\services.exe
File path: c:\windows\system32\svchost.exe
SONAR Settings:
High risk detection: Quarantine
Low risk detection: Log
DNS change detected: Block
Host file change detected: Block
High risk detection: Block
Low risk detection: Log
Environment Info:
2003 Standard
SEP 12.1.1101
XP (32-bit) & W7 (32 & 64-bit) Clients