IPS detection- statistacal submission

GreatNate1312 · March 5, 2009, 4:38pm

I see this in my recent history and it looks suspicious??

date updated- march 505,2009 11:10 am SUBMITTED BY- Norton internet security

description- IPS detection statistacal submission STATUUS- Processing

IF I click on more details, here are some of the details

signature ID- 233301

Local or remote attacker- 1

application name- device/harddiskvolume1/program files/internet explorer/iexplore.exe

offending url- cdn.mywot.net/files/js/b904964c94699a674b44a199205f48a0b.js

whats going on here???

GreatNate1312 · March 5, 2009, 7:06pm

somebody please help me??

GreatNate1312 · March 5, 2009, 7:52pm

hello

GreatNate1312 · March 5, 2009, 8:44pm

hello? Id really appreciate some help

Stu · March 5, 2009, 9:02pm

I hear you. What is exactly your question?

GreatNate1312 · March 5, 2009, 9:12pm

I dont understand anything about the message that is showing up in my recent history, Is it bad? Im worried about this

NY1986 · March 5, 2009, 9:55pm

Don't panic Nate- I have been worried MANY MANY times about items and they always turn out to be nothing

Just where is it taht you are getting this info from?

Quads · March 5, 2009, 10:13pm

IF I click on more details, here are some of the details

signature ID- 233301

Local or remote attacker- 1

application name- device/harddiskvolume1/program files/internet explorer/iexplore.exe

offending url- cdn.mywot.net/files/js/b904964c94699a674b44a199205f48a0b.js

whats going on here???

It's a javascript file that Norton is detecting from a Website/Webpage website so is detected with iexplore (internet explorer, using it), even some safe websites have recently had bad javascript inside, so people could get infected by "drive byes". Or just bad for some reason.

If malwarebytes and Norton don't detect an infected file on your PC I would say, It's a .js file as part of a webpage that Norton has blocked, so that javascript never got loaded as part of the webpage,

Norton doing it's job.

Quads

GreatNate1312 · March 5, 2009, 10:49pm

good thing AI have Norton on my side!! thanks for your help, have you ever gotten messages like that before?

GreatNate1312 · March 5, 2009, 11:17pm

I just went back to the site and I get the same message in recent history! Why would this be happening from such a safe site? What could be causing it?

NY1986 · March 5, 2009, 11:50pm

If I understand correctly from all my time on here, Norton protects against drive by attacks

GreatNate1312 · March 5, 2009, 4:38pm

I see this in my recent history and it looks suspicious??

IPS detection- statistacal submission

date updated- march 505,2009 11:10 am SUBMITTED BY- Norton internet security

description- IPS detection statistacal submission STATUUS- Processing

IF I click on more details, here are some of the details

signature ID- 233301

Local or remote attacker- 1

application name- device/harddiskvolume1/program files/internet explorer/iexplore.exe

offending url- cdn.mywot.net/files/js/b904964c94699a674b44a199205f48a0b.js

whats going on here???

GreatNate1312 · March 6, 2009, 7:58pm

I accidentally just went back to the site, and got the message again!!! Thats a really populare site, why would it b happening on a site like that???

reese_anschultz · March 6, 2009, 9:15pm

You don’t need to be concerned about the detection you noted in the history. This is part of a test signature that is put in to validate some new detection and these submissions via Norton Community Watch help to reduce the chances of false positives.

Edit: fixed font selection.

Message Edited by reese_anschultz on 03-06-2009 01:16 PM

mijcar · March 6, 2009, 9:24pm

reese_anschultz wrote:
You don’t need to be concerned about the detection you noted in the history. This is part of a test signature that is put in to validate some new detection and these submissions via Norton Community Watch help to reduce the chances of false positives.

Edit: fixed font selection.
Message Edited by reese_anschultz on 03-06-2009 01:16 PM

Surely not, Reese. Unless I reading this wrong.

Are you saying the report cited ("IPS detection- statistacal submission" etc.) is actually a product of Symantec? Considering the relentless misspelling of "statistical", I assumed this was a fake report.

reese_anschultz · March 6, 2009, 9:35pm

The description string is from the product.

"Pay no attention to that man behind the curtain." Nobody ever looks in these logs so why should we run a spell checker? Seriously, I've written up an incident report for the misspelling. (Checks spelling of this message before posting.)

GreatNate1312 · March 6, 2009, 9:37pm

well I get this every time I visit some certian sites. but you guys say its normal. Quads told me it was a java script drive by download that norton was detecting and blocking. The thing is this is coming from reputable sites like hp.com. Is this malware coming rom reputable sites? could someone explain this better to me? thanks

reese_anschultz · March 6, 2009, 9:41pm

GreatNate1312,

As previously indicated, this is part of a test signature that got a hit. This signature is replacing/updating an existing signature in the future but currently is being tested to make sure that it doesn't get false positives. From your reports, it sounds like it is getting some false positives so the signature will have to be revised before it officially become a part of the IPS signatures.

GreatNate1312 · March 6, 2009, 10:31pm

so this is all normal and my computer is not being attacked by threats and the website is fine?

reese_anschultz · March 6, 2009, 10:43pm

I believe so.

IPS detection- statistacal submission

Announcements