• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Kudos0

What is IPS Detection Statistical Submission, is it bad?

So I was just browsing throught my Notron Security History and I found out that there where this two messages about IPS Detection Statistical Submission, I don't know if it is a virus or something that norton does. This messages comes from two different wesbites from different days. Please Help!

Replies

Kudos0

Re: What is IPS Detection Statistical Submission, is it bad?

So I was just browsing throught my Notron Security History and I found out that there where this two messages about IPS Detection Statistical Submission, I don't know if it is a virus or something that norton does. This messages comes from two different wesbites from different days. Please Help!

Kudos0

Re: What is IPS Detection Statistical Submission, is it bad?

Hi Uther9,

Welcome to the Norton Community. It will take some time before we can view your images as they must first be approved by a moderator.

In the meantime can you tell us which Norton product you have and the exact version from Help & Support > About? Also, what OS and SP do you have and is it 32 or 64 bit?

Thanks very much

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.6.0.32* Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.6.0.32
Kudos0

Re: What is IPS Detection Statistical Submission, is it bad?

Norton Version  4.2.0.12

Windows 7 Home Premium

My sp is 64 bit

Kudos3

Re: What is IPS Detection Statistical Submission, is it bad?

Hi Uther9,

The Norton Intrusion Prevention System uses signatures to detect and block exploits that leverage vulnerabilities in software programs to install malware.  When a new exploit is discovered a signature is created and distributed as quickly as possible in order to provide immediate protection.  After this initial signature is released refinements are made to make a new signature that is smaller and more efficient.  Since this increases the likelihood of false positives the revised definition is first released as a test signature.  The goal is to eventually replace or update the initial signature with the improved version once testing is completed.  When one of these test signatures gets a hit it is reported back to Symantec as an IPS Detection Statistical Submission.  In your case it is a false positive because an encounter with the actual exploit would also have been detected by the original IPS signature that is still in place and you would have been alerted that the attack had been blocked. 

Reese Anschultz provides a couple of good explanations, which I have paraphrased here, in the following thread:

http://community.norton.com/t5/Norton-Internet-Security-Norton/IPS-detection-statistacal-submission/m-p/70677/highlight/true#M37008

Kudos0

Re: What is IPS Detection Statistical Submission, is it bad?

does it matter if both of them say submitted also I have another one but this one says that it cannot send the information to Norton Feedback and its going to try again.

Kudos1

Re: What is IPS Detection Statistical Submission, is it bad?


Uther9 wrote:

does it matter if both of them say submitted also I have another one but this one says that it cannot send the information to Norton Feedback and its going to try again.


No.  Each time the test signature is triggered a submission will be sent to Symantec.  Eventually the signature will be fine-tuned to avoid the false positives and always block the real thing, based on what is learned from these reports.  It is normal for submissions to sometimes fail, in which case the data will be held until it can be resent.

Replies are locked for this thread.