04-18-2010 04:18 PM
I've noticed an increase in the number of IPS Detection Statistical Submissions in the NIS 2010 history log. Has anybody seen this over the last few days?
Solved! Go to Solution.
04-18-2010 04:32 PM
I was just about to post a topic on this exact same issue. I have also gotten a significant amount of IPS Detection Statistical Submmision messages regarding blocked attacks. I get them about every 20 minutes and sometimes almost in quick succession of each other. Once I got it 6 times in a 3 minute span. I'm not sure why this is the case. I'd appreciate further clarification and assistance as well. Thanks for bringing up the issue.
04-18-2010 06:55 PM
Sometimes when new IPS definitions are released, it can result in more IPS Detection Statistical Submissions.. These Statistical Submissions can sometimes result in the IPS definitions having to be modified. This is the action of the Norton Community Watch.
Success always occurs in private and failure in full view.
04-19-2010 10:31 AM - edited 04-19-2010 10:32 AM
floplot has already answered this question but I figured I'd give a little more background.
IPS definitions are signatures that define network attacks. The Intrusion Prevention System uses these definitions/signatures to detect networked attacks against your computer (and sometimes from your computer as well.)
Frequently contained within these definitions are 'test' signatures. These test signatures match the detection of other signatures but are either made faster or more generic so as to catch more variants with a single signature. These sorts of changes, though, can sometimes produce false positive detections. These false positive detections, amongst other things, are sent back to Symantec (if Community Watch is enabled) in the form of IPS Detection Statistical Submissions. Using that data the test signature may be discarded altogether due to too many false positives or modified to prevent further false positive detections before replacing the already existing signatures.
04-20-2010 10:24 PM
It varies. The url in the details section is not familiar and I am unable to copy and paste it from the details section. It is typically for the firefox application, but the details always indicate that no action is required. Yet, it keeps popping up on regular interval statiing that it is IPS Detection Statistical Submissions. The severity is always 'info'. Hope that info helps a bit