11-05-2010 05:55 PM
Vista Home Premium 32 bit with Vista SP2
I'm thinking this is not anything to be concerned with, but I though I'd check with the experts here
I just downloaded the flash player uninstaller from the adobe/macromedia website
I noticed that at the same time I downloaded this There was an entry in my history as follows:
IPS Detection Statistical Submission
Local or Remote Attacker: 1
Sigset version 20101104.004
Application Name: \DEVICE\HARDDISKVOLUME1\PROGRAMFILES\INTERNETEXPLO
Offending URL: download. macromedia. com /pub/flashplayer/current/uninstall_flash_player.ex
remote address: 96. 6.11.191
Now it says status pending No action required
So is this something that might be an issue/dangerous?
The actual file uninstall_flash_player.exe was acutially shown to be ok
Now one other thing, why did file for flash player not get checked by Download insight???
11-05-2010 06:14 PM - edited 11-05-2010 06:35 PM
IPS Detection Statistical Submissions that are not accompanied by an alert that an attack was blocked by IPS are false positives. The Norton Intrusion Prevention System uses signatures to detect and block exploits that leverage vulnerabilities in software programs to install malware. When a new exploit is discovered a signature is created and distributed as quickly as possible in order to provide immediate protection. After this initial signature is released refinements are made to perfect a new signature that is smaller and more efficient. Because there is an increased likelihood of false positives with the revised definition, it is first released as a test signature. When one of these test signatures is triggered it is reported back to Symantec as an IPS Detection Statistical Submission. These submissions help Symantec fine-tune the accuracy of the detections. Once testing is completed the initial signature will be replaced or updated with the improved version. While testing is in progress you are protected from the actual exploit by the originally released signature, which will trigger IPS to block, log, and alert you to any real attack. A statistical submission alone without a corresponding IPS action would indicate a false positive, involving only the test signature.
11-05-2010 06:34 PM
This use to happen to any .exe downloads. Try downloading the .exe of your favorite files and you will see Norton reporting the URL as offending. I think this is due to the fact that downloading the exe is mistaken for the download of malware, which also use a similiar tatic to download .exes.
11-08-2010 07:37 PM
why did file for flash player not get checked by Download insight??
I downloaded this file as well, using Firefox, and I did get the Download Intelligence popup saying the file was safe. I'm not sure why your experience may have been different, although there have been some descrepancies with Download Insight that have been reported here. I am running NIS 2011 so perhaps it has something to do with the version, although more likely it was just a glitch,
11-09-2010 05:42 AM
Sorry, I didn't phrase m question well.
I was wondering why NIS 2010 Download Insight didi not seem to scan
Flash10l.ocx file upon download.
It scanned the flash player uninstaller exe file, but not the Flash10i.ocx file
11-09-2010 08:43 PM
The Flash Player installer and uninstaller files are ,exe files. You wouldn't download Flash10l.ocx separately. Auto-protect would take a look when Flash10l.ocx was written to disk.
11-10-2010 07:32 AM
SendOfJive already answered this. Insight does not scan every file coming into your machine. It scans executables. ocx files are considered to be a form of active x control and are components to be used by the executable file, which was checked. Auto-protect scans everything.
It is perfectly normal.