SONAR is a tool from Norton that examines the behavior of applications to decide whether they are malicious. Unlike anti-virus scanners that use signatures, SONAR evaluates hundreds of attributes of the program to determine whether it is malicious or not.



The main use of SONAR is to enhance detection of zero day threats but SONAR is well known for generating false positives and we've received several reports from SWF Studio users about this.

When we contacted them, Syantec technical support claimed that SONAR recognized digitally signed programs as not malicious. This seemed like a quick solution and it was confirmed by testing several SWF Studio applications that SONAR previously identified as malicious. After being digitially signed with our code signing certificate, the applications were not flagged by SONAR as malicious.

You can download the tools you need to sign your own executables from Microsoft as part of their Authenticode toolset.

Frequently Asked Questions About Authenticode

Signing and Checking Code with Authenticode

Before you can start digitally signing your code, you will need a code signing certificate (or digital ID) from a certification authority (CA). You will need a Class 3 digital certificate for code signing. The most well known CA (and the most expensive) is VeriSign ($499/year). Others, such as Thawte ($299) are considerably cheaper. Microsoft maintains a list of Root Certificate Program Members.