• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

IPS detection- statistacal submission

I see this in my recent history and it looks suspicious??

IPS detection- statistacal submission

date updated- march 505,2009 11:10 am SUBMITTED BY- Norton internet security

description- IPS detection statistacal submission STATUUS- Processing

IF I click on more details, here are some of the details

signature ID- 233301

Local or remote attacker- 1

application name- device/harddiskvolume1/program files/internet explorer/iexplore.exe

offending url- cdn.mywot.net/files/js/b904964c94699a674b44a199205f48a0b.js

whats going on here???

Replies

Kudos0

Re: IPS detection- statistacal submission

I see this in my recent history and it looks suspicious??

IPS detection- statistacal submission

date updated- march 505,2009 11:10 am SUBMITTED BY- Norton internet security

description- IPS detection statistacal submission STATUUS- Processing

IF I click on more details, here are some of the details

signature ID- 233301

Local or remote attacker- 1

application name- device/harddiskvolume1/program files/internet explorer/iexplore.exe

offending url- cdn.mywot.net/files/js/b904964c94699a674b44a199205f48a0b.js

whats going on here???

Kudos0

Re: IPS detection- statistacal submission

WAIT A MINUTE- This is happening with many different websites??? there all valid sites like wwe.com- Gosh whats going on here?
Kudos0

Re: IPS detection- statistacal submission

somebody please help me??
Kudos0

Re: IPS detection- statistacal submission

hello
Kudos0

Re: IPS detection- statistacal submission

hello? Id really appreciate some help
Kudos0

Re: IPS detection- statistacal submission

I hear you. What is exactly your question?
"All that we are is the result of what we have thought"
Kudos0

Re: IPS detection- statistacal submission

I dont understand anything about the message that is showing up in my recent history, Is it bad? Im worried about this
Kudos0

Re: IPS detection- statistacal submission

Don't panic Nate- I have been worried MANY MANY times about items and they always turn out to be nothing

Just where is it taht you are getting this info from?

Kudos0

Re: IPS detection- statistacal submission

IF I click on more details, here are some of the details

signature ID- 233301

Local or remote attacker- 1

application name- device/harddiskvolume1/program files/internet explorer/iexplore.exe

offending url- cdn.mywot.net/files/js/b904964c94699a674b44a199205f48a0b.js

whats going on here???


It's a javascript file that Norton is detecting from a Website/Webpage website so is detected with iexplore (internet explorer, using it),   even some safe websites have recently had bad javascript inside, so people could get infected by "drive byes". Or just bad for some reason.

If malwarebytes and Norton don't detect an infected file on your PC I would say, It's a .js file as part of a webpage that Norton has blocked, so that javascript never got loaded as part of the webpage,  

Norton doing it's job.

Quads 

Kudos0

Re: IPS detection- statistacal submission

good thing AI have Norton on my side!! thanks for your help, have you ever gotten messages like that before?

Kudos0

Re: IPS detection- statistacal submission

I just went back to the site and I get the same message in recent history! Why would this be happening from such a safe site? What could be causing it?
Kudos0

Re: IPS detection- statistacal submission

If I understand correctly from all my time on here, Norton protects against drive by attacks
Kudos0

Re: IPS detection- statistacal submission

I accidentally just went back to the site, and got the message again!!!!! Thats a really populare site, why would it b happening on a site like that???
Kudos1 Stats

Re: IPS detection- statistacal submission

You don’t need to be concerned about the detection you noted in the history.  This is part of a test signature that is put in to validate some new detection and these submissions via Norton Community Watch help to reduce the chances of false positives.

Edit: fixed font selection.

Message Edited by reese_anschultz on 03-06-2009 01:16 PM
Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos1 Stats

Re: IPS detection- statistacal submission


reese_anschultz wrote:

You don’t need to be concerned about the detection you noted in the history.  This is part of a test signature that is put in to validate some new detection and these submissions via Norton Community Watch help to reduce the chances of false positives.

Edit: fixed font selection.

Message Edited by reese_anschultz on 03-06-2009 01:16 PM

Surely not, Reese.  Unless I reading this wrong.

Are you saying the report cited ("IPS detection- statistacal submission" etc.) is actually a product of Symantec?  Considering the relentless misspelling of "statistical", I assumed this was a fake report.

mijN360 2013, v.20.1.0.24; Win7 Pro, SP1 (32 bit), IE 9, Firefox 14, No other active securityware
Kudos1 Stats

Re: IPS detection- statistacal submission

The description string is from the product.

"Pay no attention to that man behind the curtain." Nobody ever looks in these logs so why should we run a spell checker? Seriously, I've written up an incident report for the misspelling. (Checks spelling of this message before posting.)

Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos0

Re: IPS detection- statistacal submission

well I get this every time I visit some certian sites. but you guys say its normal. Quads told me it was a java script drive by download that norton was detecting and blocking. The thing is this is coming from reputable sites like hp.com. Is this malware coming rom reputable sites? could someone explain this better to me? thanks

Kudos2 Stats

Re: IPS detection- statistacal submission

GreatNate1312,

As previously indicated, this is part of a test signature that got a hit. This signature is replacing/updating an existing signature in the future but currently is being tested to make sure that it doesn't get false positives. From your reports, it sounds like it is getting some false positives so the signature will have to be revised before it officially become a part of the IPS signatures.

Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos0

Re: IPS detection- statistacal submission

so this is all normal and my computer is not being attacked by threats and the website is fine?
Kudos1 Stats

Re: IPS detection- statistacal submission

I believe so.
Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos0

Re: IPS detection- statistacal submission

why would it log it then? when will it stop?
Kudos1 Stats

Re: IPS detection- statistacal submission

Why would it log it? Usually when an exploit is discovered, signatures are written as quickly and reliably as possible so that protection is available as quickly as possible. Latter, we go back and refactor those signatures to make them smaller and faster so that machine has as little impact as possible. Because these refactored signatures are highly optimized they tend to be more prone to false positive detections.That's why we first put them out in "test" mode, to make sure that we aren't getting either an extraordinary number of false positives or we are getting false positives on critical applications. If and when the signature has been determined to be good, it'll replace the original signature.

Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos0

Re: IPS detection- statistacal submission

so the signatures are in test mode and because of this when I go to wwe.com or mywot.com they detect false posotives regaurding java script? Is this happening on everyones computer that has Norton internet security 2009?
Kudos0

Re: IPS detection- statistacal submission


GreatNate1312 wrote:
so the signatures are in test mode and because of this when I go to wwe.com or mywot.com they detect false posotives regaurding java script? Is this happening on everyones computer that has Norton internet security 2009?

I don't have the details of this signature but isn't the fact that there's javascript. There's something about the contents of those specific javascript files that it doesn't like.

Yes, it happen for everyone that hits those pages.

Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos0

Re: IPS detection- statistacal submission

reese_anschultz I want to thank you for taking time out of your day to help me. Iv seen this IPS detection go to work before when I went to ticketmaster.com some popup came up in the forum of a adobe reader. It tried to download viruses but everyone in the norton community said some forum of security on my machine protected me and I was clean. I saw the submission for the bad website in my history but it soon mysteriosly dissapeared from my history- why did it go away?
Kudos0

Re: IPS detection- statistacal submission

As far as I know, the only way that items get removed from the submission history is over time.
Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos0

Re: IPS detection- statistacal submission

History is not over so why would it have dissapeared?
Kudos1 Stats

Re: IPS detection- statistacal submission


reese_anschultz wrote:

The description string is from the product.

"Pay no attention to that man behind the curtain." Nobody ever looks in these logs so why should we run a spell checker? Seriously, I've written up an incident report for the misspelling. (Checks spelling of this message before posting.)


Not the first time that Norton products have had misspellings. I noticed one myself once, a long time ago, and I was concerned that my Norton had been hacked   or something. I was worried enough about it that I finally contacted Norton tech support and eventually they were able to verify that it was just a typo (I don't remember the specifics of the case or the word that was misspelled; it's been a while).

In my case, I was relieved to find out that it was nothing to worry about, but still, it must surely have cost Norton some money in wages and so forth, to dispell customer concerns about such things. It would have probably been cheaper for Norton (footnote below), in the long run, to just spell things correctly in the first place rather than deal with subsequent tech-support questions wondering about it. Note: I have no desire to interfere with tech-support job-security   or anything like that.  But it did take time away from other more serious concerns, time that they could have used for helping other customers who actually had malware or bugs or whatever.

Besides the fact that accuracy even in trivial details, makes customers have more confidence in the overall level of product quality control, to not have minor errors/typos built into the product itself.

Accurate app details (even minor things such as spelling, etc.) helps to keep customers from wondering,

"Gee, if they can't even spell normal words correctly, then how do I know they haven't made even more typos in the complicated code/programming itself??"

Needless to say, that thought occurred to me, at the time. Such doubts can all add up, if one is deciding which brand of product to use - all the little details contribute to the customer's impression of the product. (Even though I myself am a terrible proof-reader of my own writing, as evidenced by the numerous typos/edits in many of my posts; maybe one of these years I'll 'go modern' and start to use a spell-checker instead of just trying to eyeball everything.... that would take the challenge out of things though.) 

Also, I don't know the first thing about how Norton programs are constructed - people that work there would probably (wildly guessing) tell me something like, "Programmers and the person(s) who made the typos aren't even in the same department" or "Being able to spell normal words and being able to write programs are two entirely different things" or something... but we mere-mortal customers can't be expected to know such things. 

(I suppose this sort of detail-oriented thing could all be lumped into a "form vs function" category or whatever, since minor typos in programs could be regarded as merely cosmetic flaws that don't affect the functionality of the product itself, but it's still often perceived as a quality-control issue. At least for customers like me who sometimes actually notice such things.)

Edited to add:

1. I'm not the least bit concerned about how people here on this forum spell things, so no need for anyone to fire up the spell-checker before posting - IMO normal (informal) communication between individuals isn't the same thing as seeing misspellings in commercial products. 

___

Footnote: Theoretically, at least in an ideal world, (huh?? what's that?) if a company can reduce its operating costs without undermining product quality, than (a) it's more justifiable to give employees (the ones that are left, anyway) $$ raises from time to time (or other percs) because there's more money to go around, and (b) there won't have to be as many product price-hikes so customers don't have to pay more for the same product. Happy workers, happy customers (no, I'm not smoking anything, and I'm also usually quite cynical about things in general).  Obviously that type of ideal doesn't always apply... I've seen it work good in some small businesses that have good management (i.e., the boss isn't a total <insert expletive of choice>, but big corporations may be a whole 'nother story).

</offtopic>

Message Edited by j2000 on 03-06-2009 04:38 PM
Kudos0

Re: IPS detection- statistacal submission

Reese is a great guy and has stopped many of my fears on here
Kudos0

Re: IPS detection- statistacal submission


NY1986 wrote:
Reese is a great guy and has stopped many of my fears on here

I feel the same way, about Reese and the other posters here too. I've learned a lot about security and Windows in general, and had many of my computing-fears vanquished, just from reading stuff on this Norton forum and I appreciate people taking the time to explain technical things and give tips about how to do stuff on our computers. It's quite helpful.  

Kudos0

Re: IPS detection- statistacal submission


GreatNate1312 wrote:
History is not over so why would it have dissapeared?

Could it be (just guessing, no clue really what I'm talking about here) somehow related to the false-positive thing? Not the same thing I guess but I often see stuff in my History (Community Watch section) that simply disappears after being at either "Pending" or "Processing" for a while (sometimes several days), without ever getting changed over to "Submitted" - some of 'em seem to vanish before they get submitted, for whatever reason... I'd just assumed Norton determined they weren't important anymore, based on new virus defs or something; now I'm thinking maybe it's somehow related to what Reese was saying about the test signatures or something?. Haven't seen any "Submitted" entries disappear on their own though, at least that I've noticed. Kind of a mystery though.

Message Edited by j2000 on 03-06-2009 05:16 PM
Kudos0

Re: IPS detection- statistacal submission

no, no, no what dissapeared was a real virus attack- not a false posotive
Kudos0

Re: IPS detection- statistacal submission

reese- I thank you for all your help, but I am still unsure as if this is a virus attack or not- becuse yogesh_mohan and I have been messaging each other and he says its a virus attack?
Kudos0

Re: IPS detection- statistacal submission

First, this isn't a 'virus' attack. This would be a network intrusion.

Second, it is a detection, but with a test signature. As you noted, the action was to submit the detection back to Symantec for further evaluation. You weren't alerted to an issue and it wasn't blocked.

Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos0

Re: IPS detection- statistacal submission

so I was not alerted to an issue and it wasnt blocked, does that mean Im infected, because I have gotten that same message before except with a real malware attack from feelyouinside.com. I thought norton or some sort of security on my machine blocked it? Did Norton block it? I have ran malware bytes and Norton- nothing was found?

ps- the isp submission dissapeared from history

Kudos0

Re: IPS detection- statistacal submission

As I described previously, this is a refactored signature that is designed to replace an already existing signature. That means that it'll get true positives as well as false positives. If the other signature didn't trigger, than this is a false positive detection. If the other signature triggered, than it is a true positive detection. How often the 'real' signature triggers or does not trigger at the same time as the test signature guides us toward correcting the test signature for final release.

Since you weren't alerted to an issue, the real signature did not trigger and therefore the test signature was getting a false positive detection and you weren't infected.

Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos0

Re: IPS detection- statistacal submission

but what about thefeelyouinside.com attempt, why wasnt I warned about that then. Thatt was a real computer attack for antivirus 1? Am Infected and I dont even know it?
Kudos2 Stats

Re: IPS detection- statistacal submission

GreatNate1312, I don't think that there is anything that I can say that'll make your fears go away. A number of people have told you, after your many scans, that you aren't infected. I have gone into great detail about this particular community watch event. On the other hand, I could tell you that no product has perfect heuristic detection nor has definitions written the moment that a virus is released. You could've been infected. What is odd, though, is that your multiple scans with multiple products, running in multiple modes have not detected anything. If you were infected, a person would tend to think that at least one of those would've detected something.

I'm also at a bit of a disadvantage here. I don't have access to your private message conversations. That's why using private messaging is discouraged; nobody else gets the details of your situation to help adequately and nobody else with concerns similar to yours can learn from your experiences.

Message Edited by reese_anschultz on 03-07-2009 04:00 PM
Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos0

Re: IPS detection- statistacal submission

Its just that Im getting this from so many different websites, and Im getting 2 different awnsers and I dont know what to do
Kudos0

Re: IPS detection- statistacal submission

You know what I mean?
Kudos0

Re: IPS detection- statistacal submission

Thanks for all your help- why would this be happening from such a reputable site like wwe.com, hp.com, and mywot.com, pirillo.com and more? When will it go away and can visit thos sites?

So if there is a log in my history like that it means that norton blocked an intrusion attempt? so good that verifies that Im protected from feelyouinside.com

 Im very glad I purchased Norton!!!

Kudos0

Re: IPS detection- statistacal submission

UPDATE- ever since some sort of IPS patch update I have stopped recieving the logs
Kudos0

Re: IPS detection- statistacal submission

hmm Im getting the message again- FOR DIFFERENT SITES though so a patch update should be out soon after the logs are submitted, right???
Kudos0

Re: IPS detection- statistacal submission


GreatNate1312 wrote:
hmm Im getting the message again- FOR DIFFERENT SITES though so a patch update should be out soon after the logs are submitted, right???

The test signature will be updated based upon these submissions so as not to get these false positives before it is formally released.

Message Edited by reese_anschultz on 03-10-2009 09:30 AM
Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos0

Re: IPS detection- statistacal submission

I have seen this in my logs, and from what I read from it, it just seems to refer different Javascript scripts back to Norton for evaluation.

And I wasn't alarmed  by it, I think it's OK, it just seems to gather and send information about that to improve detection, because those kinds of scripts are what usually delivers malware, on malicious pages of course..

Windows 7 Ultimate x64 SP1 -- NIS 21
Kudos0

Re: IPS detection- statistacal submission

Could someone please help me- this messge has started coming back fr wwe.com. It had stopped coming now whenever I visit wwe.com there it is in my logs! I thought the patch update had fixed it but now its come back
Kudos0

Re: IPS detection- statistacal submission

There's nothing to help you with. This is an informational message to let you know that some data was sent back to Symantec. There is no action that you need to perform.
Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos0

Re: IPS detection- statistacal submission

sorry im just so confused as to why it happens sometimes when I go to the site, and sometimes I go and nothing happens
Kudos0

Re: IPS detection- statistacal submission

well it was one of those ips detection- sometimes it happens when I go to a cetan site (like wwe.com) sometimes when I go to the site I get no log?

Its just that Iv had Norton for  6 months now on my machie and iv JUST started to get these ips logs, why

Kudos0

Re: IPS detection- statistacal submission

Nate, I have been in your shoes of worry before (still am, but to a lesser degree) Someone told me once to not look at logs as the information they give is hard to understand if you are not in this business. I don't follow this advice, but believe it or not I am not as panicky as I use to be.

If you run scans and all is well and there is no weirdness going on, all is ok

This thread is closed from further comment. Please visit the forum to start a new thread.