SONAR settings have been simplified in version 14.3 RU5. As part of this changes "Enable SONAR" button has been removed from the Symantec Endpoint Protection Manager (SEPM) console. It is now enabled by default.
SEPM 14.3 RU5 and later
In case of emergency it is still possible to disable SONAR:
To update this setting, the admin has to edit the policy manually and import it directly into the agent using the SMC command line or the import policy button in the client troubleshooting dialog.
1. pick up the profile.xml from the outbox:
2. Set this Enabled to 0:
and Also modify the Serial Number in the policy.xml so that it is a new policy version.
3. At the client, run "smc -importconfig profile.xml."
RESULT: