why would it log it then? when will it stop?
Why would it log it? Usually when an exploit is discovered, signatures are written as quickly and reliably as possible so that protection is available as quickly as possible. Latter, we go back and refactor those signatures to make them smaller and faster so that machine has as little impact as possible. Because these refactored signatures are highly optimized they tend to be more prone to false positive detections.That's why we first put them out in "test" mode, to make sure that we aren't getting either an extraordinary number of false positives or we are getting false positives on critical applications. If and when the signature has been determined to be good, it'll replace the original signature.
so the signatures are in test mode and because of this when I go to wwe.com or mywot.com they detect false posotives regaurding java script? Is this happening on everyones computer that has Norton internet security 2009?
GreatNate1312 wrote:
so the signatures are in test mode and because of this when I go to wwe.com or mywot.com they detect false posotives regaurding java script? Is this happening on everyones computer that has Norton internet security 2009?
I don't have the details of this signature but isn't the fact that there's javascript. There's something about the contents of those specific javascript files that it doesn't like.
Yes, it happen for everyone that hits those pages.
reese_anschultz I want to thank you for taking time out of your day to help me. Iv seen this IPS detection go to work before when I went to ticketmaster.com some popup came up in the forum of a adobe reader. It tried to download viruses but everyone in the norton community said some forum of security on my machine protected me and I was clean. I saw the submission for the bad website in my history but it soon mysteriosly dissapeared from my history- why did it go away?
As far as I know, the only way that items get removed from the submission history is over time.
History is not over so why would it have dissapeared?
reese_anschultz wrote:The description string is from the product.
"Pay no attention to that man behind the curtain." Nobody ever looks in these logs so why should we run a spell checker? Seriously, I've written up an incident report for the misspelling. (Checks spelling of this message before posting.)
Not the first time that Norton products have had misspellings. I noticed one myself once, a long time ago, and I was concerned that my Norton had been hacked 
or something. I was worried enough about it that I finally contacted Norton tech support and eventually they were able to verify that it was just a typo (I don't remember the specifics of the case or the word that was misspelled; it's been a while).
In my case, I was relieved to find out that it was nothing to worry about, but still, it must surely have cost Norton some money in wages and so forth, to dispell customer concerns about such things. It would have probably been cheaper for Norton (footnote below), in the long run, to just spell things correctly in the first place 
rather than deal with subsequent tech-support questions wondering about it. Note: I have no desire to interfere with tech-support job-security 
or anything like that. But it did take time away from other more serious concerns, time that they could have used for helping other customers who actually had malware or bugs or whatever.
Besides the fact that accuracy even in trivial details, makes customers have more confidence in the overall level of product quality control, to not have minor errors/typos built into the product itself.
Accurate app details (even minor things such as spelling, etc.) helps to keep customers from wondering,
"Gee, if they can't even spell normal words correctly, then how do I know they haven't made even more typos in the complicated code/programming itself??"
Needless to say, that thought occurred to me, at the time. Such doubts can all add up, if one is deciding which brand of product to use - all the little details contribute to the customer's impression of the product. (Even though I myself am a terrible proof-reader of my own writing, as evidenced by the numerous typos/edits in many of my posts; maybe one of these years I'll 'go modern' and start to use a spell-checker instead of just trying to eyeball everything.... that would take the challenge out of things though.)
Also, I don't know the first thing about how Norton programs are constructed - people that work there would probably (wildly guessing) tell me something like, "Programmers and the person(s) who made the typos aren't even in the same department" or "Being able to spell normal words and being able to write programs are two entirely different things" or something... but we mere-mortal customers can't be expected to know such things.
(I suppose this sort of detail-oriented thing could all be lumped into a "form vs function" category or whatever, since minor typos in programs could be regarded as merely cosmetic flaws that don't affect the functionality of the product itself, but it's still often perceived as a quality-control issue. At least for customers like me who sometimes actually notice such things.)
Edited to add:
1. I'm not the least bit concerned about how people here on this forum spell things, 
so no need for anyone to fire up the spell-checker before posting - IMO normal (informal) communication between individuals isn't the same thing as seeing misspellings in commercial products. 
___
Footnote: Theoretically, at least in an ideal world, (huh?? what's that?) if a company can reduce its operating costs without undermining product quality, than (a) it's more justifiable to give employees (the ones that are left, anyway) $$ raises from time to time (or other percs) because there's more money to go around, and (b) there won't have to be as many product price-hikes so customers don't have to pay more for the same product. Happy workers, happy customers (no, I'm not smoking anything, and I'm also usually quite cynical about things in general). Obviously that type of ideal doesn't always apply... I've seen it work good in some small businesses that have good management (i.e., the boss isn't a total <insert expletive of choice>, but big corporations may be a whole 'nother story).
</offtopic>
Message Edited by j2000 on 03-06-2009 04:38 PM
Reese is a great guy and has stopped many of my fears on here
NY1986 wrote:
Reese is a great guy and has stopped many of my fears on here
I feel the same way, about Reese and the other posters here too. I've learned a lot about security and Windows in general, and had many of my computing-fears vanquished, just from reading stuff on this Norton forum and I appreciate people taking the time to explain technical things and give tips about how to do stuff on our computers. It's quite helpful.
GreatNate1312 wrote:
History is not over so why would it have dissapeared?
Could it be (just guessing, no clue really what I'm talking about here) somehow related to the false-positive thing? Not the same thing I guess but I often see stuff in my History (Community Watch section) that simply disappears after being at either "Pending" or "Processing" for a while (sometimes several days), without ever getting changed over to "Submitted" - some of 'em seem to vanish before they get submitted, for whatever reason... I'd just assumed Norton determined they weren't important anymore, based on new virus defs or something; now I'm thinking maybe it's somehow related to what Reese was saying about the test signatures or something?. Haven't seen any "Submitted" entries disappear on their own though, at least that I've noticed. Kind of a mystery though.
Message Edited by j2000 on 03-06-2009 05:16 PM
no, no, no what dissapeared was a real virus attack- not a false posotive
reese- I thank you for all your help, but I am still unsure as if this is a virus attack or not- becuse yogesh_mohan and I have been messaging each other and he says its a virus attack?
First, this isn't a 'virus' attack. This would be a network intrusion.
Second, it is a detection, but with a test signature. As you noted, the action was to submit the detection back to Symantec for further evaluation. You weren't alerted to an issue and it wasn't blocked.
so I was not alerted to an issue and it wasnt blocked, does that mean Im infected, because I have gotten that same message before except with a real malware attack from feelyouinside.com. I thought norton or some sort of security on my machine blocked it? Did Norton block it? I have ran malware bytes and Norton- nothing was found?
ps- the isp submission dissapeared from history
As I described previously, this is a refactored signature that is designed to replace an already existing signature. That means that it'll get true positives as well as false positives. If the other signature didn't trigger, than this is a false positive detection. If the other signature triggered, than it is a true positive detection. How often the 'real' signature triggers or does not trigger at the same time as the test signature guides us toward correcting the test signature for final release.
Since you weren't alerted to an issue, the real signature did not trigger and therefore the test signature was getting a false positive detection and you weren't infected.
but what about thefeelyouinside.com attempt, why wasnt I warned about that then. Thatt was a real computer attack for antivirus 1? Am Infected and I dont even know it?
GreatNate1312, I don't think that there is anything that I can say that'll make your fears go away. A number of people have told you, after your many scans, that you aren't infected. I have gone into great detail about this particular community watch event. On the other hand, I could tell you that no product has perfect heuristic detection nor has definitions written the moment that a virus is released. You could've been infected. What is odd, though, is that your multiple scans with multiple products, running in multiple modes have not detected anything. If you were infected, a person would tend to think that at least one of those would've detected something.
I'm also at a bit of a disadvantage here. I don't have access to your private message conversations. That's why using private messaging is discouraged; nobody else gets the details of your situation to help adequately and nobody else with concerns similar to yours can learn from your experiences.
Message Edited by reese_anschultz on 03-07-2009 04:00 PM
Its just that Im getting this from so many different websites, and Im getting 2 different awnsers and I dont know what to do
You know what I mean?