Hi everyone,
I work for a company that does alot of in-house development of applications. As such, we've run into issues where SEP has quarantined critical business systems on servers due to low reputation. In an attempt to avoid turning off SONAR entirely on our servers, I was looking into instead changing the reputation scanner behavior to log only on "high risk" detections. However I would like it to create a notification when it does so.
It appears a new notification condition was recently added to the preconfigured list called "File Reputation Lookup alert". I'm guessing it's new, as it's not listed in the http://www.symantec.com/docs/HOWTO55128 article.
So my questions are these...
1) Will changing the SONAR policy action from "Quarantine" to "Log" have the effect of not quarantining low-reputation files found during scheduled scans?
2) Will the "File Reputation Lookup Alert" notification condition trigger based on these logged detections?
Thanks in advance for the advice!