I've noticed an increase in the number of IPS Detection Statistical Submissions in the NIS 2010 history log. Has anybody seen this over the last few days?
I've noticed an increase in the number of IPS Detection Statistical Submissions in the NIS 2010 history log. Has anybody seen this over the last few days?
Just to be clear, I use Nortion Antivirus
Hello
Sometimes when new IPS definitions are released, it can result in more IPS Detection Statistical Submissions.. These Statistical Submissions can sometimes result in the IPS definitions having to be modified. This is the action of the Norton Community Watch.
Sorry if this is a dumb question. But what are IPS definitions?
floplot has already answered this question but I figured I'd give a little more background.
IPS definitions are signatures that define network attacks. The Intrusion Prevention System uses these definitions/signatures to detect networked attacks against your computer (and sometimes from your computer as well.)
Frequently contained within these definitions are 'test' signatures. These test signatures match the detection of other signatures but are either made faster or more generic so as to catch more variants with a single signature. These sorts of changes, though, can sometimes produce false positive detections. These false positive detections, amongst other things, are sent back to Symantec (if Community Watch is enabled) in the form of IPS Detection Statistical Submissions. Using that data the test signature may be discarded altogether due to too many false positives or modified to prevent further false positive detections before replacing the already existing signatures.
Hello reese
Thank you for explaining it more thoroughly than I could.
Thanks. Should I be concerned that I receive the IPS detection messages regularly?
Hello Tarboro
Are they for the same detection? If so, can you tell us which one it is?
It varies. The url in the details section is not familiar and I am unable to copy and paste it from the details section. It is typically for the firefox application, but the details always indicate that no action is required. Yet, it keeps popping up on regular interval statiing that it is IPS Detection Statistical Submissions. The severity is always 'info'. Hope that info helps a bit
Hello,
Your Norton Product is still protecting you and with regard to I.D.S., there is a very high chance that if anyone out there tries to gain access to your computer, either the Firewall Rules will Block this - if you use N.I.S. or Norton Antivirus 2008 and Earlier - or the I.D.S. will Block it, if you keep your Signatures up-to-date. Norton-branded Products have the best I.D.S. out there for Home Users, and the Firewall does an excellent job at protecting you, in Norton 2009/2010 Products more so, than older products. I would like to point out that nothing is getting Blocked by the I.D.S.; if there was, then I would be concerned.
Tarboro:
You still have a thread open regarding redirects. Does that thread have any bearing on this question about statistical submissions?
Thanks. Actually, the Norton Antivirus popup message that emerges states that "A recent attempt to attack your computer was blocked". However, when I click on the 'Details', it indicates that the IPS Detection Statistical Submission' and that no further action is need. But I'm confused...was my computer under attack or not?
The webpage redirection issue is possibly unrelated. But my concern with the redirected webpage issue was that I was concerned that there was a potential attack on my computer.
I got this also and when I tried to go back to the webpage I was on I can no longer get on it.