Statistical Submission: BloodHound.SymVT.FP - What is this?

I have about 50 Info entries in my log that say Statistical Submission: BloodHound.SymVT.FP in the activity column.  There are also 4 Info entries that say Sample Submission: Suspicious.S.Mrc.1.  What does this mean?  NIS09 still says I am secure.  I have version 16.5.0.135. and Vista Home Premium 64 bit and IE8.

Message Edited by car825 on 08-28-2009 12:41 PM

Hi, car825,

 

Your Norton Product has Detected Files that could be a Threat, for which there may be No Signature, and Submits it to symantec Security Response for Analysis.

 


Floating_Red wrote:

Hi, car825,

 

Your Norton Product has Detected Files that could be a Threat, for which there may be No Signature, and Submits it to symantec Security Response for Analysis.

 


 

Do you get a lot of these messages after running a quick scan today?  It looks like it's flagging common files. Makes me wonder what's going on.  Is it just my system?

Sometimes I would get alot of Entries Created in Norton Community Watch as well. 

 

I wouldn't worry; if one of these Files is a Threat, it will be Added to the Virus Definitions as soon as possible.

 

Hello 'Car825',

 

I think there is a problem here with NIS 09, as of this afternoon I have had this same problem! I have 150 entries Pending in the same area and there must be at least 500 plus more under 'Processing'. The entries are for ' Blood Hound Sym VT .F.P. and the others are mainly 'Suspicious .S.Mrc.1'

 

When I checked the 'CPU' usage page it showed 'Norton Community Watch' was sending for about 20 mins. then cancelled. Later it showed again cancelled after 1.40 mins?

 

It seems to have gone bananas if you ask me. I have since done a full scan with Malwarebytes (Result - nothing found) and then a quick scan using 'SuperAntispyware' and came back with 13 tracking cookies!

 

Was wondering if it's a good idea just to clear the logs for 'Community Watch'?

 

NIS 09 Version 16.7.2.10, XP Pro SP3

 


brummie wrote:

Was wondering if it's a good idea just to clear the logs for 'Community Watch'?


Hi, brummie,

 

I would suggest waiting until the Entries have been Submitted before Clearing them, so that you know if they've been Submitted or Not; they should, after a time, be Automaticlly Cleared. 

 

Message Edited by Floating_Red on 08-28-2009 06:40 PM

I also just finished running a manual full system scan with NIS 2009 (16.7.2.10) and noticed the same entries regarding the Statistical Submission entries. I found it odd that a full system scan which normally takes about 35 minutes to finish took just over 1 hour to complete today. However, after reading Brummie’s post, I also checked my CPU usage page and noticed that Norton Community watch hadn’t run at all since much earlier in the day.It completed in just 4 seconds.


majorbuzz wrote:
...and noticed that Norton Community watch hadn't run at all since much earlier in the day.

Just would like to point out that it may have Run, but the figures did not Change when it Run; on the other hand, it might not have Run...

 

Today I uninstalled NIS09 16.7.2.10 and reinstalled 16.5.0.135 after I started getting these BloodHound messages in the log.  I just tried running a full system scan with 16.5.0.135 and it was still putting tons of these messages in the log. 

 

WHAT IS GOING ON? I can't believe this is normal behavior. 


car825 wrote:

...after I started getting these BloodHound messages in the log. 


Sorry, what Bloodhound Messages?  And what is Detecting it, e.g. Auto-Protect?

 

Hi

 

I also have the same thing going on today. There must be a problem at Symantec end again or else it's a result of giving out that hotfix to people who had no problems with the new antivirus version. My computer ran it's normal idle full system scan early this morning and that was completely clean. About an hour later, the new antivirus definitions were downloaded and there was an idle quick scan run which was clean also. Right after that that community watch thing ran and my log also showed about 40 of those same entries as was mentioned before by the other posters. Normally, there would be another idle quick scan during the day, but there was none. Originally, it was listed as one thing in the process and now it says it's pending submission. I have a feeling that there must be some new false positive thing going on or something. The ips definitions haven't been updated for over 2 weeks now also. All of a sudden they are finding these files now? Something sounds fishy at the Symantec end of things again. I'm just hoping that this hot fix that came out in auto live update didn't mess me up. I would put email me when someone replies to this, but I have a strange suspicion that there are going to be many replies to this thread....so I will be checking back without checking off that email me when someone replies in this case.


Floating_Red wrote:

car825 wrote:

...after I started getting these BloodHound messages in the log. 


Sorry, what Bloodhound Messages?  And what is Detecting it, e.g. Auto-Protect?

 


I'm getting tons of entries in the log that say Statistical Submission: BloodHound.SymVT.FP  and Sample Submission: Suspicious.S.Mrc.1.  The same as the other people posting in this thread and the other similar thread.  There must be at least 100 entries. I cancelled the scan before it could create even more.

This is what I did this morning, I put the idle time down to one minute and let the 'Community Watch' submission kick in. I left it for three hours and nothing has been submitted. There are more entries showing 'Pending' but I have literally hundreds of the things in the logs. I really don't think the system can cope with so many entries.

 

In my earlier thread I forgot to mention as well as the two scans I did with Malwarebytes and SuperAntispyware, I also did a full scan with NIS 09 and all showed up clean!

This has to be a false positive, because it's wreaking havoc out there reading all these posts on the two threads! If most systems are like mine then I don't think they will get many submissions re this strange behaviour. I'm still toying with the idea of just deleting all the entries from Community Watch? 

Hi guys,

 

the submissions you are seeing are not neccessarily problems, and may be normal behavious; these definitions are extremely sensitive and thus ften have FP's - in these cases, Symantec has it's engine flag suspicious files, then submit statisical data about them - extremely small files! his allows them to fine tune the definitions. this does happen every now and then, you may have noticed it with others such as Suspicious.flopot and suspicious.farfli.2 and suspicious.vundo.2. there is no need to worry - if I am incorrect I am sure a Symantec employee will post thus after the weekend.

 

Regards

 

 

Matt

Hi

I have seen it on my NIS2009,16.7 as well although not in the amounts you are seeing...is your NIS set to "aggressive" for Advanced heuristics protection?? Just asking........ mine is.

1st weird logging was on the 27th to do with the temp file the last bit was this {stack of numbers}copySymClgX.exe

Detection Suspicious.S.MrC.1 was Added to the Virus Definitions on 20090828.037.

 

 

Summary for Suspicious.S.MrC.1: http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-082806-5934-99.

 

As mattsegers points out, there is nothing you need to do with regard to the Norton Community Watch, as your Norton Product is picking out Suspicious Files that are being Submitted to symantec Security Response for Analysis.  All these Entries will be Deleted upon Submission, or shortly afterwards.  As you should see with my above Message, Suspicious.S.MrC.1 has been Added to the Virus Definitions, probably because of all these Submissions.

 

 

 

Message Edited by Floating_Red on 08-29-2009 11:28 AM

Well my concern now is that since yesterday lunchtime when this whole thing kicked off not one file has yet been submitted to Symantecs 'Community Watch'. When I click on 'CPU' the line for the entry pertaining to this is permanently showing orange, while not idle? I think it is overwhelmed by the sheer numbers on my pc, there are literally hundreds of them as stated before.

If we got the ok from Symantec that it is a false positive then I for one would delete the lot from the logs and release the jam it seems to be in. 

Hi, brummie,

 

It may be that symantec Security Response has already got all those Files that your Norton Product wants to Submit, which is why your Entries are not being Submitted; just to be sure, please give it another few days.  And, like I've already mentioned, these Entries will be Cleared shortly after Submission, or, in your case, may take a wee bit longer since your's have not been Submitted.  Your Norton Community Watch is Operating Normally.

 

 

I hear you Floating_Red, I will err on the side of caution with these logs and leave be, but my concern is that there are so many of them! Just have to sit this one out and see what developes over the next few days as so many people have the same problem. These thing do occasionally happen to all security suites and we haven’t been let down yet…