Hello. Tonight I noticed in Norton's history that said "IPS Detection Statistical Submission" Here are the details.
Category: Norton Community Watch Date & Time,Risk,Activity,Status,Recommended Action,Date Updated,Detailed Status,Submitted By,Description,Submission Details 2013-01-07 18:43:05,Info,IPS Detection Statistical Submission,Waiting,No Action Required,2013-01-07 18:43:26,Your item could not be submitted to Symantec at this time. Another attempt will be made shortly.,Norton Internet Security,IPS Detection Statistical Submission,"Signature ID: 26334 <br>Local or Remote Attacker: 2 <br>Remote Port: 80 <br>Local Port: 56901 <br>Protocol: 6 <br>Signature Set Version: 20130105.001 <br>Application Name: \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE <br>Offending URL: oystatic.ignimgs.com/src/core/swf/IGNPlayer.swf <br>Date Detected: Tue, 08 Jan 2013 02:43:05 GMT <br>Application File Checksum: C613E69C3B191BB02C7A191741A1D024 <br>Application File Information: 8.0.7601.17514 <br>Network Data: 434D50520014000078DAEDCF4D4BC3401006E0595A15D182D822140F7E5D3C65EFDED264DB2C86246E36544F4B096D0D58539240E89FF5E48FF0D8DD1845EDD5E33C1026C3CCBB9B04AE63EF11020700D001D06F4D05530FF5F3B60078371DB984AEEEBB70025E184B35F26DE7DEE7B1642E18E4A69D0F76E66A14F99F3B57BFCF987A5CB29F675CB7F3613BE7BEFE3CE1EE2E5EB48BA7E0B942396120592095CF8289F43ED6FA67C86DBBD1031EAB48848F4F2A89BFE2C7B0AFCB00FA20D843C2F4551EB35D2694B936DF94D5ACCA522B5BBE66AB6569A5F90A48AF89F4E1EC6F44B031134C3C57D5FA8ED2BAAE4DCE6428904E133A87A3EF5022382D8B94A67931A765BDA07C12442FB3CDBCB074E74C634008218410420821841042E8FF6C01384F5107 <br>Sub-signature ID: 65764 <br>Remote Address: 65.197.197.16 <br> <br>OS-Country:1 <br>OS-Language:English <br>Processor:AMD64 Family 16 Model 6 Stepping 3 <br>System:Windows 7 build 7601 Service Pack 1 <br>Platform-GUID:451EF764-4055-11E0-BA02-7071BCB39A07 <br>DateSubmitted:Tue, 08 Jan 2013 02:43:05 GMT <br>Product:Norton Internet Security 19.9.0.9"
Sorry if it looks like a mess. The thing that concerns me is the sections that say "Local or Remote Attacker: 2" and "Offending URL: oystatic.ignimgs.com/src/core/swf/IGNPlayer.swf <br>Date Detected: Tue, 08 Jan 2013 02:43:05 GMT". Is any of this anything to be concerned about? Thanks.
You do not have to be concerned because Norton caught a piece of malware as it attempted to access your system.
This report is to notify Norton of the attempt, and give as much information as possible about where the attack came from and what kind of attack it was. This helps Norton in its' daily battle with the bad guys.
Well, how dangerous is it? If it's a piece of malware, how come I didn't recieve a virus blocked message?
I've received quite a few messages like that since i've been looking around YouTube and stuff. Is it normal to recieve stuff like this? Should I change my surfing habits or something?
Look in your History. Check the recent history for around the time noted in your submission. You should be able to find an entry for when the malware or intrusion attemp was blocked.
You may not have noticed a message. But as Norton did catch it, you are OK.
As to changing surfing habits, only you can determine if you are visiting questionable sites. Youtube should be alright as long as your NIS is up to date.
This is a Norton Community Watch Statistical Submission of something that resembled a known attack. If it had been an actual attack, IPS would have alerted you and blocked the site, and the entry for this would be found in the IPS logs. If IPS did not alert to a threat, it is probably a false positive that is being submitted to Symantec for analysis. Nothing to worry about. Typically, IPS Detection Statistical Submissions are test signatures that have gotten a hit when you visit a website. Test signatures are used to refine existing signatures, and part of the testing process involves weeding out the FPs. Meanwhile, IPS is using the actual working signature - so if IPS does not alert, then the threat was a false positive. Please see a fuller explanation here:
Ok. Is it in any way normal to recieve these kinds of messages? Because now that I'm looking for them in the history, I've noticed they've been coming up a bit across multiple users, not just me.
Ok. Is it in any way normal to recieve these kinds of messages?
Extremely normal. Statistical submissions are the way Symantec refines its threat signatures to make them more efficient and less prone to false positives. These submission entries are for analysis and are not actual threat detections.
Ok. Look, I’m sorry for asking so many questions. I just freak out a bit when something sounds like there’s viruses or malware involved. Thanks for your support.
No apologies necessary. Norton has a lot of nooks and crannies, many of them poorly explained. The forums wouldn't be here if users didn't have questions, so continue to ask away. One tip to prevent freakouts: When looking through the Norton logs, a good rule of thumb is that if you find something that Norton has not already alerted you about, then the issue is not something that you need to be concerned with - if it were something urgent or something that required user attention, Norton would have alerted you at the time that it happened. All items in Norton History are things that Norton has already taken care of on its own.
What I appreciate about the Norton products is that most users would never see the information you found, but because of the way Norton is designed, your system is still safe.
Users still have the option to dig into the program if they feel the need for micro managing..
Thanks for the responses. I just have one quick question. When looking through the history prior to when I noticed the messages last night, I noticed there were no other messages like that in the history. I thought I’d remember seeing some before. Do those messages eventually expire and disappear from the history or what?
Caleb- I was in your same shoes brotha(still put them on from time to time) I would worry about every entry I saw. Thanks to the good people here in the forum, I’ve been less and less worried about things (not 100%worry free, but a lot less than in the past).
This IPS detection statistical submission thing just means something caught Norton’s attention and it wants to check it out. Sort of like hearing something tap the window on a windy night. It’s just the wind, but you look just in case. Not the best analogy, but you know what I mean. Some advice that I was given, don’t worry so much. Norton is a good product and keeps you safe. I know it’s hard to do at first (not worrying so much), but you will get there
I just have one more question. Shortly after I started posted on this topic, I've noticed I haven't recieved any messages of this in the security history. NIS 2012 and Intrusion Prevention appears to be working properly and updating regularly. Is there any need for concern? Thanks!
I just have one more question. Shortly after I started posted on this topic, I've noticed I haven't recieved any messages of this in the security history. NIS 2012 and Intrusion Prevention appears to be working properly and updating regularly. Is there any need for concern? Thanks!
No messages is the ideal situation. As long as you are getting all the updates and you are surfing safely, you should see very few notices.
