So I'm trying to get a better handle on SONAR as there are some aspects that escape me. I was hoping this community could give me more assistance than the regular channels are.
I learned About SONAR here:
https://support.symantec.com/en_US/article.HOWTO80968.html
Can see the current definition version here:
https://www.symantec.com/security_response/definitions.jsp
Can supposedly test it using this (does not work for me):
https://support.symantec.com/en_US/article.TECH216647.html
Can supposedly see the logs using this procedure (13 entries from 20K + machines??):
https://support.symantec.com/en_US/article.HOWTO80749.html
Logging is enabled in all the requisite places, but I see almost no SONAR logs. Last week we experienced an issue where the SONAR defs dated 03/18/16, but actually released on 03/23/16, (grrrr!) were causing a conflict with one of our encryption applications. Turns out that if we either uninstalled/reinstalled the encryption application, or if we rolled back the SONAR Definitions (engine?) to 03/17/16, the problem of certian MS applications hanging the whole OS, went away. And now the 04/01/16 SONAR engine also works without issue (so what the heck changed??).
Questions:
Where can I see a history of SONAR releases??
Why the heck did Symantec have a SONAR Engine release on the 23rd, that was dated the 18th??
If SONAR was part of the issue, why did I not have HUNDREDS of SONAR log entries. Should I be looking somewhere else for SONAR events?
I keep hoping that if I understood SONAR better, some of this would make more sense to me...right now I feel like unchecking the SONAR box on my SEPM's and being done with it. #IsItReallyHelpingMe