Re: IPS detection- statistacal submission

GreatNate1312 · ‎01-02-2009

I just went back to the site and I get the same message in recent history! Why would this be happening from such a safe site? What could be causing it?

NY1986 · ‎06-27-2008

If I understand correctly from all my time on here, Norton protects against drive by attacks

GreatNate1312 · ‎01-02-2009

I accidentally just went back to the site, and got the message again!!!!! Thats a really populare site, why would it b happening on a site like that???

reese_anschultz · ‎04-08-2008

You don’t need to be concerned about the detection you noted in the history. This is part of a test signature that is put in to validate some new detection and these submissions via Norton Community Watch help to reduce the chances of false positives.

Edit: fixed font selection.

Message Edited by reese_anschultz on 03-06-2009 01:16 PM

Reese Anschultz
Senior Software Quality Assurance Manager, Symantec Corporation

mijcar · ‎08-01-2008

reese_anschultz wrote:
You don’t need to be concerned about the detection you noted in the history. This is part of a test signature that is put in to validate some new detection and these submissions via Norton Community Watch help to reduce the chances of false positives.

Edit: fixed font selection.
Message Edited by reese_anschultz on 03-06-2009 01:16 PM

Surely not, Reese. Unless I reading this wrong.

Are you saying the report cited ("IPS detection- statistacal submission" etc.) is actually a product of Symantec? Considering the relentless misspelling of "statistical", I assumed this was a fake report.

mij
N360 2013, v.20.1.0.24; Win7 Pro, SP1 (32 bit), IE 9, Firefox 14, No other active securityware

reese_anschultz · ‎04-08-2008

The description string is from the product.

"Pay no attention to that man behind the curtain." Nobody ever looks in these logs so why should we run a spell checker? Seriously, I've written up an incident report for the misspelling. (Checks spelling of this message before posting.)

Reese Anschultz
Senior Software Quality Assurance Manager, Symantec Corporation

GreatNate1312 · ‎01-02-2009

well I get this every time I visit some certian sites. but you guys say its normal. Quads told me it was a java script drive by download that norton was detecting and blocking. The thing is this is coming from reputable sites like hp.com. Is this malware coming rom reputable sites? could someone explain this better to me? thanks

reese_anschultz · ‎04-08-2008

GreatNate1312,

As previously indicated, this is part of a test signature that got a hit. This signature is replacing/updating an existing signature in the future but currently is being tested to make sure that it doesn't get false positives. From your reports, it sounds like it is getting some false positives so the signature will have to be revised before it officially become a part of the IPS signatures.

Reese Anschultz
Senior Software Quality Assurance Manager, Symantec Corporation