Offending URL from Flash player uninstaller.exe?

Calls · ‎10-07-2009

Vista Home Premium 32 bit with Vista SP2

NIS 17.8.0.5

I'm thinking this is not anything to be concerned with, but I though I'd check with the experts here

I just downloaded the flash player uninstaller from the adobe/macromedia website

(uninstall_flash_player.exe)

I noticed that at the same time I downloaded this There was an entry in my history as follows:

IPS Detection Statistical Submission

Local or Remote Attacker: 1

Sigset version 20101104.004

Application Name: \DEVICE\HARDDISKVOLUME1\PROGRAMFILES\INTERNETEXPLORER\IEXPLORE.EXE

Offending URL: download. macromedia. com /pub/flashplayer/current/uninstall_flash_player.exe (I spaced this out so nobody would accidentally click on it)

remote address: 96. 6.11.191

Now it says status pending No action required

So is this something that might be an issue/dangerous?

The actual file uninstall_flash_player.exe was acutially shown to be ok

Now one other thing, why did file for flash player not get checked by Download insight???

SendOfJive · ‎02-07-2009

Hi Calls,

IPS Detection Statistical Submissions that are not accompanied by an alert that an attack was blocked by IPS are false positives. The Norton Intrusion Prevention System uses signatures to detect and block exploits that leverage vulnerabilities in software programs to install malware. When a new exploit is discovered a signature is created and distributed as quickly as possible in order to provide immediate protection. After this initial signature is released refinements are made to perfect a new signature that is smaller and more efficient. Because there is an increased likelihood of false positives with the revised definition, it is first released as a test signature. When one of these test signatures is triggered it is reported back to Symantec as an IPS Detection Statistical Submission. These submissions help Symantec fine-tune the accuracy of the detections. Once testing is completed the initial signature will be replaced or updated with the improved version. While testing is in progress you are protected from the actual exploit by the originally released signature, which will trigger IPS to block, log, and alert you to any real attack. A statistical submission alone without a corresponding IPS action would indicate a false positive, involving only the test signature.

Tywin7 · ‎09-02-2010

This use to happen to any .exe downloads. Try downloading the .exe of your favorite files and you will see Norton reporting the URL as offending. I think this is due to the fact that downloading the exe is mistaken for the download of malware, which also use a similiar tatic to download .exes.

Norton Internet Security 2011 , Windows 7 Home Premium 64 bit (Check if you are eligable for a FREE Norton upgrade)
Success is 10 percent inspiration and 90 percent perspiration.”--Thomas Alva Edison
I'm not a Symantec employee and my posts do not represent the views of Symantec.

Calls · ‎10-07-2009

so its all cool?

what about

why did file for flash player not get checked by Download insight???

SendOfJive · ‎02-07-2009

Calls wrote:
what about
why did file for flash player not get checked by Download insight??

I downloaded this file as well, using Firefox, and I did get the Download Intelligence popup saying the file was safe. I'm not sure why your experience may have been different, although there have been some descrepancies with Download Insight that have been reported here. I am running NIS 2011 so perhaps it has something to do with the version, although more likely it was just a glitch,

Calls · ‎10-07-2009

Sorry, I didn't phrase m question well.

I was wondering why NIS 2010 Download Insight didi not seem to scan

Flash10l.ocx file upon download.

It scanned the flash player uninstaller exe file, but not the Flash10i.ocx file

Calls · ‎10-07-2009

Does download insight not check on ocx files?

SendOfJive · ‎02-07-2009

The Flash Player installer and uninstaller files are ,exe files. You wouldn't download Flash10l.ocx separately. Auto-protect would take a look when Flash10l.ocx was written to disk.

Calls · ‎10-07-2009

it looks like downlod insight did NOT scan the flash player installer just the uninstaller. Is that something to be concerned about?

delphinium · ‎11-21-2008

SendOfJive already answered this. Insight does not scan every file coming into your machine. It scans executables. ocx files are considered to be a form of active x control and are components to be used by the executable file, which was checked. Auto-protect scans everything.

It is perfectly normal.

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain