• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Browser Protection toggle questions

Norton documentation https://support.norton.com/sp/en/us/norton-security/beta/solutions/v15457369 and Norton Security Product Manual 22.18 state > The Browser Protection feature is available for Internet Explorer 7.0 or later, and Firefox 10.0 or later.
Um, and Chrome? and Edge?

Browser Protection documentation looks dated to me from when Norton installed browser extensions with IE and Firefox.  Correct me?


What does Browser Protection refer to and What browsers are supported?
What does Browser Protection toggle... control?
Specifically....What Norton features n' or protections are turned On or Off by Browser Protection toggle switch?


Chat Support says: 
1) Browser protection refers to the protection from unsafe websites, unsafe search result, browser redirection. Browser protection includes Norton Safe Home page, Norton Safe search, Norton Safe web and Norton Password manager.
2) Norton will automatically enable the browser protection in your default browser and on other browser you have enable it manually.
3) the Browser Protection toggle is a master switch for ALL browser extensions. 
4) for Google Chrome and Edge, it is always required to have the latest version of these browsers.


I'm curious: Browser Protection feature available for ....Chrome? and Edge?
I'm curious: specifically What Norton features n' or protections are turned On or Off by Browser Protection toggle switch?

Thanks

Replies

Kudos1 Stats

Re: Browser Protection toggle questions

HI bjm_:

AFAIK, Browser Protection is part of Norton's real-time Intrusion Protection System (IPS) and is meant to protect you from malware that tries to exploit unpatched vulnerabilities in your browser software. That's different from the extra layer of protection provided by the Norton Safe Web extension, which queries Norton's Remote URL Reputation Service when you load a web page and is supposed to prevent you from browsing to suspicious/malicious/phishing sites with a poor reputation.  See the links in my 28-Jul-2019 post in iNic's thread How do I disable a false "Issue" warning?.
------------
32-bit Vista Home Premium SP2 * FF ESR v52.9.0 * Adblock Plus v3.6.3 * Bitdefender TrafficLight v3.0.2

Kudos0

Re: Browser Protection toggle questions

Yeah, maybe Chat Support was looking at the wrong page.  
Lv1 passed me on to Lv2 that moved discussion to Intrusion Prevention. 

Chat:  Intrusion Prevention is a feature and when you disable it then your PC unsafe from Internet risk from unsafe websites, malicious content available online
bj:   NOT Intrusion Prevention
Chat:  Intrusion Prevention consists Intrusion and Browser protection.
Chat:  Intrusion and Browser Protection control consists certain signature of malicious content and when you enable the Norton extensions on any browser and visit any website which the same malicious (same signature) which are present the Intrusion Prevention under Firewall settings then Norton block that content, website right there.


Norton Safe Web appears to work with Browser Protection = Off
Norton IPS Alert appears to work with Browser Protection = Off

I'm curious: Browser Protection feature available for ....Chrome? and Edge?
I'm curious: specifically What Norton features n' or protections are turned On or Off by Browser Protection toggle switch?


Browser Protection

Malicious websites detect and exploit browser vulnerabilities to download malware. When you turn on Browser Protection, Norton blocks malware before it can attack. It helps protect your sensitive information and prevents attackers from accessing your computer.

By default, Browser Protection is turned on. Keep Browser Protection turned on to ensure protection against malicious websites.

The Browser Protection feature is available for Internet Explorer 7.0 or later, and Firefox 10.0 or later.

 https://support.norton.com/sp/en/us/norton-security/beta/solutions/v15457369

Browser Protection Malicious websites detect and exploit browser vulnerabilities to download malware. When you turn on Browser Protection, Norton blocks malware before it can attack. It helps protect your sensitive information and prevents attackers from accessing your computer. By default, Browser Protection is turned on. Keep Browser Protection turned on to ensure protection against malicious websites.

Note: The Browser Protection feature is available for Internet Explorer 7.0 or later, and Firefox 10.0 or later.

Norton Security Product Manual 22.18

Kudos1 Stats

Re: Browser Protection toggle questions

bjm_:

...I'm curious: Browser Protection feature available for ....Chrome? and Edge?...

The Symantec support article TECH174537: Supported Browsers for Browser Intrusion Prevention in Endpoint Protection might have more up-to-date information, and states that "support is based on the version of the Client Intrusion Detection System (CIDS) engine that the client uses".  Unfortunately, that article hasn't been updated since 10-Jan-2019, but my assumption is that SEP's CIDS engine is equivalent to Norton's IP Driver (a.k.a. my IPS Script Engine DLL with the filename IPSEng32.dll).

My Norton IP security history (Security | History | Intrusion Prevention) shows I currently have IPSEng32.dll v17.2.0.341, but back in January 2019 when that TECH174537 support article was written my IP security history shows I had IPSEng32.dll v16.2.0.810, so the information for SEP v14.2 in that TECH174537 support article was probably a close match for Norton Security v22.16.3 at that time. For example, if you were a Firefox user in January 2019 that chart indicates that Browser Protection in SEP v14.2 / Norton v22.16.3 could inspect all HTTP traffic but could only inspect HTTPS traffic for Firefox v24 (rel. Aug 2013) through v61 (rel. Jun 2018). The footnotes in that TECH174537 article also note that "The BIPS engine only inspects HTTP traffic in 64-bit Internet Explorer" and that "Google Chrome version 72 no longer allows 3rd party programs to inject into the browser. Starting with Chrome 72, the SEP CIDS engine no longer injects into Chrome and only inspects HTTP traffic."

Norton Safe Web appears to work with Browser Protection = Off

That makes sense.  The Norton Safe Web extension is basically an early warning system that tries to prevent you from browsing to a phishing site or a site that has a poor reputation (e.g., with a history of browser re-directs or drive-by downloads of malware).  The home page at https://safeweb.norton.com/about notes that "we let you know how safe a particular web site might be before you view it".  Norton Safe Web will give the site a poor rating if user feedback is negative or the automated web crawler that actively crawls and analyzes web sites has already confirmed the site is unsafe, but those Safe Web ratings are sometimes out-of-date or completely unknown for untested sites.

Norton IPS Alert appears to work with Browser Protection = Off

Browser Protection is only one component of the Intrusion Prevention System (IPS) - see Symantec's Security Technology and Response (STAR) description of Network-Based Protection at https://www.symantec.com/theme/star that is designed to detect and block malicious attacks before malware is introduced onto a system - so I wouldn't expect turning off one module (Browser Protection) would turn off Firewall and other IPS alerts.  The support article Browser Protection states "Malicious websites detect and exploit browser vulnerabilities to download malware...".  I have an unsupported Firefox ESR v52.9.0 browser on my Vista machine that hasn't received a security update since June 2018.  As long as I have Browser Protection enabled at Settings | Firewall | Intrusion and Browser Protection I assume that I will have at least some additional protection if the protection engine that sits inside my browser recognizes a malware attack that is targeting a vulnerability in that unpatched ESR v52.9.0 browser.
------------
32-bit Vista Home Premium SP2 * FF ESR v52.9.0 * Adblock Plus v3.6.3 * Bitdefender TrafficLight v3.0.2

Kudos0

Re: Browser Protection toggle questions

Thanks

and specific Norton features n' or protections that are turned On or Off by Browser Protection toggle switch?


The Browser Protection feature is available for Internet Explorer 7.0 or later, and Firefox 10.0 or later.

reads like when Internet Explorer had BHOs and when Norton installed Firefox extensions. 

Kudos1 Stats

Re: Browser Protection toggle questions

bjm_:

...and specific Norton features n' or protections that are turned On or Off by Browser Protection toggle switch?...

Hi bjm_:

I'm afraid you would have to ask someone from Norton for specifics.  I can't give you an exact answer to that question since the chart in the Symantec support article  TECH174537: Supported Browsers for Browser Intrusion Prevention in Endpoint Protection hasn't been updated for the latest IPSEng32.dll v17.2.0.341 (the IPS Script Engine DLL) or current browser versions.

Based on that outdated chart (last updated 10-Jan-2019), my best guess is that all web-based intrusion attacks via my unsupported Firefox ESR v52.9.0 browser are currently being monitored by Browser Protection, including sites using either HTTP or HTTPS (i.e., HTTP = All; HTTPS = FFv42 to FFv61).  Note that the current Norton Safe Web for Firefox v3.9.0.9 is non-functional for all Win XP SP3 and Vista SP2 users who use the legacy Firefox ESR v52.9.0 browser (see imbart's thread Glitch with New FF Safe Web 3.8.0.6 on FF 52.9.0) so any browsing protection Norton v22.15.2.22 is currently providing for my Vista system depends on me leaving Browser Protection at Settings | Firewall | Intrusion and Browser Protection enabled.

If I had a Win 10 machine with Norton v22.18.0.183 and the latest Chrome v76.0.3809.132 browser, the chart in support article TECH174537 suggests that Browser Protection can still prevent web-based intrusion attacks for HTTP connections, but the footnote states that "Google Chrome version 72 no longer allows 3rd party programs to inject into the browser. Starting with Chrome 72, the SEP CIDS engine no longer injects into Chrome and only inspects HTTP traffic."  If the browser protection engine that is part of IPS is no longer allowed to sit inside Chrome v72 and higher then I'm guessing intrusion protection for Chrome via HTTPS connections relies on the IPS catching web-based malware after it arrives on the system and that some protection is gradually being migrated to the Norton Safe Web for Chrome extension as new versions of IPSEng32.dll are released.  For example, the 26-Mar-2019 announcement Norton Safe Web Extension v3.7.0.10 Update with Online Banking Protection notes this new feature has only been added to NSW for Chrome, but as far as I know this feature isn't available for NSW for Firefox, IE11 or Edge.

I should add that everything I've posted in this thread is just an educated guess based my interpretation of a few Symantec articles I've found in my Google searches.  I might be completely wrong about HTTP vs HTTPS connections, but those articles might point you in the right direction if you're trying to get definitive answers from Norton Tech Support.
------------
32-bit Vista Home Premium SP2 * FF ESR v52.9.0 * Adblock Plus v3.6.3 * Bitdefender TrafficLight v3.0.2

Kudos1 Stats

Re: Browser Protection toggle questions

Hi Imacri, 
Just noticed >  Browser Protection DOC has been updated: 

DOCID: v15457369
Operating System: Windows
Last modified: 08/29/2019

https://support.norton.com/sp/en/us/norton-security/beta/solutions/v15457369

DOCID: v7733445
Operating System: Windows
Last modified: 08/29/2019

https://support.norton.com/sp/en/us/norton-security/beta/solutions/v7733445


Browser Protection (browser protection) blocks malware before it can attack. It helps protect your sensitive information and prevents attackers from accessing your computer against malicious websites.  Browser Protection feature protects your browser from malicious programs.


Intrusion Prevention (network protection) protects you from attacks when you are online, scans network traffic for attack signatures, such as social threats and outbound attacks, that identify attempts to exploit vulnerabilities in your operating system or in a program that you use.  Intrusion Prevention relies on an extensive list of attack signatures to detect and block suspicious network activity. 


Thanks

Kudos0

Re: Browser Protection toggle questions

and still curious regarding (dated) 

Download Intelligence supports only downloads using the HTTP protocol, Internet Explorer 6.0 browser or later, Chrome 10.0 browser or later, and Firefox 3.6 browser or later. 

Edge? HTTPS protocol?

https://community.norton.com/en/forums/download-intelligence-questions 


Imacri:
I'm afraid you would have to ask someone from Norton for specifics. 

I've got all I need from Imacri, for now. 

Thanks

Kudos1 Stats

Re: Browser Protection toggle questions

lmacri:
[...]  I'm guessing intrusion protection for Chrome via HTTPS connections relies on the IPS catching web-based malware after it arrives on the system and that some protection is gradually being migrated to the Norton Safe Web for Chrome extension as new versions of IPSEng32.dll are released.  For example, the 26-Mar-2019 announcement Norton Safe Web Extension v3.7.0.10 Update with Online Banking Protection notes this new feature has only been added to NSW for Chrome, [...]

 Banking Protection
https://support.norton.com/sp/en/us/norton-security/current/solutions/v131585157


EAP 22.19.8.41
Known Issues:

  • Online Banking IPS signature is enabled in log mode with this build, so any time a user navigates to a banking URL, we will display an IPS blocking alert (comes by default), as the severity of the alert is set to High. The details of the alert will also be updated to Security History too. This will be addressed with the GA as changes have been already made to the vNxt stream to suppress this default alert and prevent logging to Security history.

https://community.norton.com/en/forums/new-eap-build-2219841-now-available-27th-august-2019 

Kudos0

Re: Browser Protection toggle questions

Kudos0

Re: Browser Protection toggle questions

IPS Detection Statistical Submissions > Offending URL is not listed with Remote Port 443
https://community.norton.com/en/forums/offending-url-not-listed

Kudos0

Re: Browser Protection toggle questions

Kudos1 Stats

Re: Browser Protection toggle questions

bjm_:

Just noticed >  Browser Protection DOC has been updated:
https://support.norton.com/sp/en/us/norton-security/beta/solutions/v15457369
https://support.norton.com/sp/en/us/norton-security/beta/solutions/v7733445


 Banking Protection
https://support.norton.com/sp/en/us/norton-security/current/solutions/v131585157
https://community.norton.com/en/forums/new-eap-build-2219841-now-available-27th-august-2019

Hi bjm_:

Well, that makes everything I've posted for the past few days a moot point!  Too bad those support article weren't updated 2 days ago.  Thanks for the info about the known issue for logging of Online Banking IPS Signature alerts in the latest EAP beta build as well.

No worries, though.  I learned lots of new stuff about DLL code injection into browsers, and all this probably explains why Norton has started integrating the Norton Safe Web browser extension with the Norton v22.18.x system tray icon and Internet Security pillar on the main GUI per Topopurim's Tray Icon is Now Red.  It would be really nice if Norton would just explain why they're doing stuff like this instead of pushing out new feature updates without providing a bit of background information for users.

I recall an Aug 2018 discussion <here> in your Security News thread about how several AV products began removing anti-exploit protection from Chrome v72 when Google started automatically blocking code injection from external programs into their browser, and Mozilla Firefox and other major browsers are introducing similar restrictions (e.g., see Martin Brinkmann's 21-Jan-2019 ghacks.net article Firefox Will Block DLL Injections).  I guess it's inevitable that AV companies will have to continue to move browser protection away from code injection and into browser extensions.
------------
32-bit Vista Home Premium SP2 * FF ESR v52.9.0 * Adblock Plus v3.6.3 * Bitdefender TrafficLight v3.0.2

Kudos0

Re: Browser Protection toggle questions

lmacri:

Hi bjm_:
Well, that makes everything I've posted for the past few days a moot point!  Too bad those support article weren't updated 2 days ago. 

I doubt everything posted for the past few days is "moot".
Maybe, "they're watching" us.    

 I guess it's inevitable that AV companies will have to continue to move browser protection away from code injection and into browser extensions.

Malwarebytes Beta 4.0.1 (test) did not have browser extension....that I could see. 

 

Kudos1 Stats

Re: Browser Protection toggle questions

lmacri:
...I might be completely wrong about HTTP vs HTTPS connections, but those articles might point you in the right direction if you're trying to get definitive answers from Norton Tech Support....

Hi bjm_:

Further to HTTP vs HTTPS, I just read Susan Bradley's 29-Aug-2019 Patch Lady – Avast does…what? on AskWoody.com that includes a link to the plain/text article Spying on HTTPS.  That plain/text article has an interesting (and rather disturbing) explanation on how code injection into the browser can be used to spy on HTTPS traffic, and how that differs from code injection using a browser extension.

And further to my comment about Malwarebytes removing exploit protection from Chrome because of restrictions on DLL code injection into this browser, see the official announcement at https://support.malwarebytes.com/docs/DOC-2655.  Keep in mind that the real-time Exploit Protection module in Malwarebytes protects against malware that tries to exploit bugs or vulnerabilities in popular applications and browsers (e.g., unpatched programs like MS Word, Firefox, your Windows OS, etc.) while the main function of the current Web Protection module shown in your MB Premium BETA v4.0.1 image is to prevent you from browsing to known malicious web sites and is based on a simple lookup of the URL's reputation.

bjm_:
...Malwarebytes Beta 4.0.1 (test) did not have browser extension....that I could see. 

I'm not sure if you heard, but the Malwarebytes Browser Extension BETA for Firefox and Chrome are now out of beta as of this week (26-Aug-2019) and the stable release is officially called the Malwarebytes Browser Guard.  The Chrome version is available at https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee.  The Firefox version will be available at https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ but has been temporarily taken down from Mozilla's AMO store per the post in PhoneMan's thread <here>.

Here are additional resources:
     Introducing Malwarebytes Browser Guard
     Malwarebytes Browser Guard User Guide
     Malwarebytes Browser Guard - Types of Block Pages

I haven't tested this extension yet on my Win 10 machine so I can't tell you how much overlap in functionality there is between MB Premium's Web Protection and the free Malwarebytes Browser Guard for Firefox and Chrome that's available to MB Free users and the general public. However, I don't imagine this new browser extension will be integrated into MB Premium unless Malwarebytes decides to completely do away with MB Premium's Web Protection module and move that URL lookup function into a browser extension, especially when Malwarebytes Browser Guard extensions for IE and Edge aren't available yet.
------------
32-bit Vista Home Premium SP2 * FF ESR v52.9.0 * Norton v22.15.2.22 * MB Free v3.5.1-1.0.365

Kudos0

Re: Browser Protection toggle questions

lmacri:

And further to my comment about Malwarebytes removing exploit protection from Chrome because of restrictions on DLL code injection into this browser, see the official announcement at https://support.malwarebytes.com/docs/DOC-2655.  Keep in mind that the real-time Exploit Protection module in Malwarebytes protects against malware that tries to exploit bugs or vulnerabilities in popular applications and browsers (e.g., unpatched programs like MS Word, Firefox, your Windows OS, etc.) while the main function of the current Web Protection module shown in your MB Premium BETA v4.0.1 image is to prevent you from browsing to known malicious web sites and is based on a simple lookup of the URL's reputation.

I'm not sure if you heard, but the Malwarebytes Browser Extension BETA for Firefox and Chrome are now out of beta as of this week (26-Aug-2019) and the stable release is officially called the Malwarebytes Browser Guard.  The Chrome version is available at https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee.  The Firefox version will be available at https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ but has been temporarily taken down from Mozilla's AMO store per the post in PhoneMan's thread <here>.

Yeah, Malwarebytes Browser Guard....and thinking that Free browser extensions are for vendor revenue.  
And thinking "simple lookup of the URL's reputation" "and more" can be done sans browser extensions.   
Malwarebytes Premium BETA v4.0.1 Real-Time Protection did not have browser extension(s) as I could see. 
Granted, BETA.
Um, does Malwarebytes Premium 3.0.x have browser extensions?  

Note: Norton Safe Web Banking Protection / Isolation Mode require Norton account Sign In. 

 

Kudos1 Stats

Re: Browser Protection toggle questions

bjm_:
...Um, does Malwarebytes Premium 3.0.x have browser extensions? ....

Hi bjm_:

No, all the protection modules are built in to MB Premium v3.x as well.  Here's an image for v3.6.1 from the online Malwarebytes 3 User Guide:

I have a lifetime (perpetual) license for Malwarebytes but the Premium features are not currently activated on my Vista SP2 machine.  The Ransomware module is automatically disabled in MB v3.5.1 (the legacy version for Win XP and Vista), and the Web Protection module causes the occasional Norton Automatic LiveUpdate and Download Insight failure on my Vista SP2 machine when both security programs are run together in real-time protection mode (see my comments <here> in the Malwarebytes v3 forum).
------------
32-bit Vista Home Premium SP2 * FF ESR v52.9.0 * Norton v22.15.2.22 * MB Free v3.5.1-1.0.365

Kudos0

Re: Browser Protection toggle questions

lmacri:
Hi bjm_:

No, all the protection modules are built in to MB Premium v3.x as well.  

Okay.   I'm remembering a lot of user complaints re Norton extensions.  Just saying. 

Kudos1 Stats

Re: Browser Protection toggle questions

lmacri:

Further to HTTP vs HTTPS, I just read Susan Bradley's 29-Aug-2019 Patch Lady – Avast does…what? on AskWoody.com that includes a link to the plain/text article Spying on HTTPS.  That plain/text article has an interesting (and rather disturbing) explanation on how code injection into the browser can be used to spy on HTTPS traffic, and how that differs from code injection using a browser extension.

https://palant.de/2019/08/19/kaspersky-in-the-middle-what-could-possibly-go-wrong/ 

Kudos1 Stats

Re: Browser Protection toggle questions

bjm_:

and still curious regarding (dated) 

Download Intelligence supports only downloads using the HTTP protocol, Internet Explorer 6.0 browser or later, Chrome 10.0 browser or later, and Firefox 3.6 browser or later. 

Edge? HTTPS protocol?

https://community.norton.com/en/forums/download-intelligence-questions 

https://community.norton.com/en/comment/8206661#comment-8206661 

Kudos1 Stats

Re: Browser Protection toggle questions

Hi bjm_:

From the updated support article Intrusion and Browser Protection Settings:

The Intrusion and Browser Protection settings also include the Download Intelligence option to protect your computer against any unsafe file that you download. Download Intelligence provides information about the reputation level of any executable file that you download using the browser. Download Intelligence supports only downloads using the HTTPS protocol, Internet Explorer 6.0 browser or later, Edge 40.15063 browser or later, Chrome 10.0 browser or later, and Firefox 3.6 browser or later. The reputation details that Download Intelligence provides indicate whether the downloaded file is safe to install. You can use these details to decide whether you want to install the executable file.

I wish someone from Symantec would also update the support article TECH174537: Supported Browsers for Browser Intrusion Prevention in Endpoint Protection so that it includes information for the latest IPSEng32.dll v17.2.0.134 (a.k.a. the IPS Script Engine DLL).

It's hard to believe that the latest IPS engines can only scan HTTPS (but not HTTP) traffic.  I also wonder if the new v17.2.0.134 script engine is using a different technique that now allows Browser Protection (which is separate from the Norton Safe Web extension) to scan HTTPS traffic in all major browsers, including newer versions of Chrome and Firefox that don't allow native code injection.  Perhaps Norton is using one of the methods described in the text/plain article Spying on HTTPS like a Man-in-the-Middle (MITM) proxy server, or a newer technique like the one Avast Antivirus is now using where the SSLKeyLogFile setting is used to leak the encryption keys HTTPS negotiates and Avast essentially performs a Man-in-the-Browser (MITB) attack to intercept and decrypt TLS traffic.  Note that text/plain article also states "I’m told that Avast may be monetizing the data they’re decrypting."

... Malwarebytes Beta 4.0.1 (test) did not have browser extension....that I could see...

Just an aside, but after taking a closer look at the image you posted <here>  I read the FAQ for the Malwarebytes 4 BETA at https://forums.malwarebytes.com/topic/249586-malwarebytes-4-beta/, and the What's New section lists "Improved Web Protection component".  I'm thinking now that the image you posted was showing an actual real-time detection of a suspected Trojan attack and that this warning was not thrown just because a lookup of the site's reputation in a remote database gave the site a poor rating.
------------
32-bit Vista Home Premium SP2 * FF ESR v52.9.0 * Norton v22.15.2.22 * MB Free v3.5.1-1.0.365

Kudos0

Re: Browser Protection toggle questions

Hi Imacri,
Yeah, questions we have....answers not so much.
FWIW ~ Banking Protection - Isolation Mode <doc here>. 

for example:

It's hard to believe that the latest IPS engines can only scan HTTPS (but not HTTP) traffic.  

Yeah....maybe, quick edit was to add S.   Maybe, scan protocol is proprietary. 

and the What's New section lists "Improved Web Protection component".  I'm thinking now that the image you posted was showing an actual real-time detection of a suspected Trojan attack and that this warning was not thrown just because a lookup of the site's reputation in a remote database gave the site a poor rating.

and Malwarebytes Browser Guard is built-in.....
Thanks 
 


and Exploit Prevention fits in with Browser Protection ?

Accepted Solution
Kudos1 Stats

Re: Browser Protection toggle questions

bjm_:
...and Exploit Prevention fits in with Browser Protection ?

Hi bjm_:

I'm not certain, since most of the support articles I can find seem out-of-date.  Symantec's Security Technology and Response (STAR) description for Network-Based Protection (a.k.a. the Intrusion Protection System or IPS) at https://www.symantec.com/theme/star provides a good overview and breaks IPS down into three distinct technologies: Network IPS to monitor network traffic, Browser Protection to monitor browser traffic, and Un-Authorized Download Protection (UXP).

All three protection methods use a variety of detection methods listed in that article, but after reading that article my impression is that the main detection method for Network IPS is exploit prevention (referred to as Generic Exploit Blocking or GEB in that article) while the main detection technique for Browser Protection is Drive-by Downloads and Web Attack Toolkits.  However, I don't think that Generic Exploit Blocking (GEB) is exclusive to Network IPS.

The section on Protection From Unpatched Software Vulnerabilities explains how Generic Exploit Blocking (GEB) protects against the exploitation of underlying vulnerabilities in Java, Adobe Acrobat Reader, Adobe Flash, Internet Explorer, ActiveX controls, etc..  My best guess is that Browser Protection would be able to use some of the same anti-exploit techniques listed in Norton at Settings | Exploit Prevention | General Settings (e.g., Java Exploit Detection, Remote DLL Injection Detection, etc.) if an exploit attempted to attack an unpatched vulnerability in your browser that was not detected by Network IPS.

Just for comparison, launch your MB Premium v4.0.1 BETA and go to Settings | Protection | Real-Time Protection | Exploit Protection.  There should be a Manage Protected Applications button to view the default list of .protected software (including major browsers) as well as an Advanced Settings button where you can customize what anti-exploit techniques [e.g., Heap Spray Protection, DEP Enforcement, etc.] can be enabled / disabled for browsers, PDF Readers, MS Office applications, etc. if necessary.  The support article Malwarebytes for Windows Protection Settings has further details about these settings and notes that the Advanced Settings should only be changed at the request of a Malwarebytes Technical Support specialist for troubleshooting of anti-exploit problems.  I don't know about the latest Norton v22.18.0.213/222 products, but my Norton Security v22.15.2.22 (the legacy version for Win XP / Vista) doesn't allow that level of granularity where I can add custom programs (e.g., a Pale Moon browser) to exploit prevention or enable / disable individual anti-exploit techniques for specific types of programs.
------------
32-bit Vista Home Premium SP2 * FF ESR v52.9.0 * Norton v22.15.2.22 * MB Free v3.5.1-1.0.365

Kudos0

Re: Browser Protection toggle questions

lmacri:

Hi bjm_:

I'm not certain, since most of the support articles I can find seem out-of-date.  Symantec's Security Technology and Response (STAR) description for Network-Based Protection (a.k.a. the Intrusion Protection System or IPS) at https://www.symantec.com/theme/star provides a good overview and breaks IPS down into three distinct technologies: Network IPS to monitor network traffic, Browser Protection to monitor browser traffic, and Un-Authorized Download Protection (UXP).

All three protection methods use a variety of detection methods listed in that article, but after reading that article my impression is that the main detection method for Network IPS is exploit prevention (referred to as Generic Exploit Blocking or GEB in that article) while the main detection technique for Browser Protection is Drive-by Downloads and Web Attack Toolkits.  However, I don't think that Generic Exploit Blocking (GEB) is exclusive to Network IPS.

The section on Protection From Unpatched Software Vulnerabilities explains how Generic Exploit Blocking (GEB) protects against the exploitation of underlying vulnerabilities in Java, Adobe Acrobat Reader, Adobe Flash, Internet Explorer, ActiveX controls, etc..  My best guess is that Browser Protection would be able to use some of the same anti-exploit techniques listed in Norton at Settings | Exploit Prevention | General Settings (e.g., Java Exploit Detection, Remote DLL Injection Detection, etc.) if an exploit attempted to attack an unpatched vulnerability in your browser that was not detected by Network IPS.

As always,
Thanks!