• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Weird IPS Statistical Submission from Norton LiveUpdate

Every time Norton does a live update whether it be manual or automatic I get a IPS detection statistical submission the ones for that say jtun_ncodat as the offending url and it has 2 remote attackers, is this something I should be worried about or not there was two others but that was just from steam updating, there's quite a few from caused by the LiveUpdate, it happens right before in the History logs so I will only post this one since they look the same.

Category: Norton Community Watch
Date & Time,Risk,Activity,Status,Recommended Action,Date Updated,Submitted By,Description,Submission Details
4/2/2017 3:17:12 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,4/2/2017 3:17:13 AM,Norton Security,IPS Detection Statistical Submission,"Signature ID: 27181  <br>Local or Remote Attacker: 2  <br>Remote Port: 80  <br>Local Port: 54204  <br>Protocol: 6  <br>Signature Set Version: 20170331.001  <br>Application Name: \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\NORTON SECURITY\ENGINE\22.9.1.12\NS.EXE  <br>Offending URL: liveupdate.symantecliveupdate.com/1491118695jtun_ncodat170402003-170402004.x03  <br>Date Detected: Sun, 02d Apr 2017d 08d:17d:12d GMT  <br>Application File Checksum: 42C09F5659D8620BFDF1F61A5E7059F0  <br>Application File Information: 14.1.0.65  <br>Network Data: 434D50520014000078DAED92CD6ED34010C7C72482504A41A215EA2D48207120FE4A52EA13B2E24DED26B59D5D4724E2B0B25CD3BA6A9C9038A855C58533EF421FA207DE882B93551AAA2021B8EF4F5AEDECCE7F76C6E3F19D965D01E41E40094051D07C856BB16FE2AA9D01E45B78524C28E3B90C3B4049AF4F58C45D87723740230C68142E1E51B4A5E82944D4F6599B50DE72FB7E873820FC4DB88FDB1BD88296EB751DDEF6BAC4B78F88D1B00CC3D8DFB39A67C53CE779323E8E0BE3ADDED04D5DAFD76EAD867AA1D74179BDCCF2183CC6431A0C86BCCF6E536C8A142FB084F53ACFB3CFE97C820FA7EAEC7214E7459ADCB94AC62350EACBE067BF8389ED907F8EDF11F15DD85D8FC7FA28B70F881FF94C334DD5520DD530AB479EA35D99F670B27F383EB9EC0D93AC689FC61D271BE8A34FCD22F95265A8389D8627EF6D4195919EB66A07282591B0068F5609FBD4D3FEAF9D1BAB7652C2C2C06784B70287FC10EDAC2C9DCFEF3AFD083F84E3AF3B88DC9FFE42F650D4B121A6634D160D4352A4178536398FB33C56DE09E9933F66C03B4EF322FB98A5D3996A5956D82995B75158816BF87AF8EDE6E5F70F3886039CD307789BCCA7EA2C99824422914824128944229148241289E4EFFC022E88A065  <br>Sub-signature ID: 69230  <br>Signature Properties: 29712  <br>Referer URL:   <br>Application File SHA256: 15EB5CB87D8F62AE2AC9CC57F3CF0EE9E1CF7CA85441CF06413965EE43844D5A  <br>Application File CreateTime: 131345563003960675  <br>IPSSubmissionID: 87968359-ab89-11e7-bd33-806e6f6e6963  <br>Application File Reputation: 0  <br>Application File Prevalence: 0  <br>Remote Address: 23.215.98.113  <br>  <br>OS-Country:1  <br>OS-Language:English  <br>Processor:AMD64 Family 21 Model 2 Stepping 0  <br>System:Windows 10 Home build 14393   <br>Platform-GUID:9D6A5753-F0B2-4D1C-8C05-D06349C5EA1D  <br>DateSubmitted:Sun, 02 Apr 2017 08:17:12 GMT  <br>Product:Norton Security 22.9.1.12"

Replies

Kudos0

Re: Weird IPS Statistical Submission from Norton LiveUpdate

Hello MisterPuppet

I am getting basically the same thing only mine is for NSBU.exe. I have noticed that it started happening on March 31 and it's been happening every hour or q hours since then. The last IPS was released then. I am hoping with the next IPS definitions, they will make some adjustments and that it will stop then.

I am only seeing this in the history logs which  I shouldn't be watching unless  I am told about an issue . I must say that it is filling up my history logs.

Thanks.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 270 I E 11 Chrome latest one
Kudos0

Re: Weird IPS Statistical Submission from Norton LiveUpdate

Hello floplot

I checked my Norton history log's and also found out that started on March 31 so I guess it does have something to do with that update, the only other ones are from firefox and steam, but other then that everything is normal, I just thought it was a little weird that it kept doing it every time before a update.

Kudos0

Re: Weird IPS Statistical Submission from Norton LiveUpdate

Hello

I'm waiting for the next IPS definitions to see what happens. I just saw another thread with someone complaining about the same thing. It is odd though.

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 270 I E 11 Chrome latest one

This thread is closed from further comment. Please visit the forum to start a new thread.