United States
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Norton Internet Security / Norton AntiVirus

Reply
Topic Options
car825
Posts: 364
Topics: 71
Kudos: 9
Solutions: 3
Registered: ‎03-28-2009
Accepted Solution

Increase in IPS Detection Statistical Submissions

Options

‎04-18-2010 04:18 PM

I've noticed an increase in the number of IPS Detection Statistical Submissions in the NIS 2010 history log.  Has anybody seen this over the last few days?

Report Inappropriate Content
Message 1 of 15 (2,559 Views)
0 Kudos
Tarboro
Contributor
Tarboro
Posts: 14
Registered: ‎04-18-2010

Re: Increase in IPS Detection Statistical Submissions

Options

‎04-18-2010 04:32 PM

I was just about to post a topic on this exact same issue. I have also gotten a significant amount of IPS Detection Statistical Submmision messages regarding blocked attacks. I get them about every 20 minutes and sometimes almost in quick succession of each other. Once I got it 6 times in a 3 minute span. I'm not sure why this is the case. I'd appreciate further clarification and assistance as well. Thanks for bringing up the issue.

Report Inappropriate Content
Message 2 of 15 (2,551 Views)
0 Kudos
Tarboro
Contributor
Tarboro
Posts: 14
Registered: ‎04-18-2010

Re: Increase in IPS Detection Statistical Submissions

Options

‎04-18-2010 04:33 PM

Just to be clear, I use Nortion Antivirus

Report Inappropriate Content
Message 3 of 15 (2,549 Views)
0 Kudos
floplot
Posts: 9,951
Topics: 200
Kudos: 1,892
Solutions: 354
Registered: ‎04-11-2009

Re: Increase in IPS Detection Statistical Submissions

Options

‎04-18-2010 06:55 PM

Hello

 

Sometimes when new IPS definitions are released, it can result in more IPS Detection Statistical Submissions..  These Statistical Submissions can sometimes result in the IPS definitions having to be modified. This is the action of the Norton Community Watch.

Success always occurs in private and failure in full view.




Report Inappropriate Content
Message 4 of 15 (2,517 Views)
0 Kudos
Tarboro
Contributor
Tarboro
Posts: 14
Registered: ‎04-18-2010

Re: Increase in IPS Detection Statistical Submissions

Options

‎04-19-2010 08:52 AM

Sorry if this is a dumb question. But what are IPS definitions?

Report Inappropriate Content
Message 5 of 15 (2,475 Views)
0 Kudos
Symantec Employee
Symantec Employee
reese_anschultz
Posts: 2,562
Registered: ‎04-08-2008

Re: Increase in IPS Detection Statistical Submissions

[ Edited ]
Options

‎04-19-2010 10:31 AM - edited ‎04-19-2010 10:32 AM

floplot has already answered this question but I figured I'd give a little more background.

 

IPS definitions are signatures that define network attacks. The Intrusion Prevention System uses these definitions/signatures to detect networked attacks against your computer (and sometimes from your computer as well.)

 

Frequently contained within these definitions are 'test' signatures. These test signatures match the detection of other signatures but are either made faster or more generic so as to catch more variants with a single signature. These sorts of changes, though, can sometimes produce false positive detections. These false positive detections, amongst other things, are sent back to Symantec (if Community Watch is enabled) in the form of IPS Detection Statistical Submissions. Using that data the test signature may be discarded altogether due to too many false positives or modified to prevent further false positive detections before replacing the already existing signatures.

Reese Anschultz
Senior Software Quality Assurance Manager, Symantec Corporation
Report Inappropriate Content
Message 6 of 15 (2,461 Views)
floplot
Posts: 9,951
Topics: 200
Kudos: 1,892
Solutions: 354
Registered: ‎04-11-2009

Re: Increase in IPS Detection Statistical Submissions

Options

‎04-19-2010 12:07 PM

Hello reese

 

Thank you for explaining it more thoroughly than I could.

Success always occurs in private and failure in full view.




Report Inappropriate Content
Message 7 of 15 (2,453 Views)
0 Kudos
Tarboro
Contributor
Tarboro
Posts: 14
Registered: ‎04-18-2010

Re: Increase in IPS Detection Statistical Submissions

Options

‎04-20-2010 10:01 AM

Thanks. Should I be concerned that I receive the IPS detection messages regularly?

Report Inappropriate Content
Message 8 of 15 (2,390 Views)
0 Kudos
floplot
Posts: 9,951
Topics: 200
Kudos: 1,892
Solutions: 354
Registered: ‎04-11-2009

Re: Increase in IPS Detection Statistical Submissions

Options

‎04-20-2010 10:06 AM

Hello Tarboro

 

Are they for the same detection? If so, can you tell us which one it is?

Success always occurs in private and failure in full view.




Report Inappropriate Content
Message 9 of 15 (2,387 Views)
0 Kudos
Tarboro
Contributor
Tarboro
Posts: 14
Registered: ‎04-18-2010

Re: Increase in IPS Detection Statistical Submissions

Options

‎04-20-2010 10:24 PM

It varies. The url in the details section is not familiar and I am unable to copy and paste it from the details section. It is typically for the firefox application, but the details always indicate that no action is required. Yet, it keeps popping up on regular interval statiing that it is IPS Detection Statistical Submissions. The severity is always 'info'. Hope that info helps a bit

Report Inappropriate Content
Message 10 of 15 (2,338 Views)
0 Kudos

Products

Services

Support

Norton on Facebook
Norton on Twitter
Norton's YouTube Channel
Symantec on Linked In
Norton on Google+