• 所有社区 - 中文
    • 所有社区 - 中文
    • 论坛
    • 创意
    • 博客
高级

不是您要找的? 咨询专家!

好评0

IPS Detection Statistical Submission

Hello. Tonight I noticed in Norton's history that said "IPS Detection Statistical Submission" Here are the details.

Category: Norton Community Watch
Date & Time,Risk,Activity,Status,Recommended Action,Date Updated,Detailed Status,Submitted By,Description,Submission Details
2013-01-07 18:43:05,Info,IPS Detection Statistical Submission,Waiting,No Action Required,2013-01-07 18:43:26,Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.,Norton Internet Security,IPS Detection Statistical Submission,"Signature ID: 26334  <br>Local or Remote Attacker: 2  <br>Remote Port: 80  <br>Local Port: 56901  <br>Protocol: 6  <br>Signature Set Version: 20130105.001  <br>Application Name: \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE  <br>Offending URL: oystatic.ignimgs.com/src/core/swf/IGNPlayer.swf  <br>Date Detected: Tue, 08 Jan 2013 02:43:05 GMT  <br>Application File Checksum: C613E69C3B191BB02C7A191741A1D024  <br>Application File Information: 8.0.7601.17514  <br>Network Data&colon; 434D50520014000078DAEDCF4D4BC3401006E0595A15D182D822140F7E5D3C65EFDED264DB2C86246E36544F4B096D0D58539240E89FF5E48FF0D8DD1845EDD5E33C1026C3CCBB9B04AE63EF11020700D001D06F4D05530FF5F3B60078371DB984AEEEBB70025E184B35F26DE7DEE7B1642E18E4A69D0F76E66A14F99F3B57BFCF987A5CB29F675CB7F3613BE7BEFE3CE1EE2E5EB48BA7E0B942396120592095CF8289F43ED6FA67C86DBBD1031EAB48848F4F2A89BFE2C7B0AFCB00FA20D843C2F4551EB35D2694B936DF94D5ACCA522B5BBE66AB6569A5F90A48AF89F4E1EC6F44B031134C3C57D5FA8ED2BAAE4DCE6428904E133A87A3EF5022382D8B94A67931A765BDA07C12442FB3CDBCB074E74C634008218410420821841042E8FF6C01384F5107  <br>Sub-signature ID: 65764  <br>Remote Address: 65.197.197.16  <br>  <br>OS-Country:1  <br>OS-Language:English  <br>Processor:AMD64 Family 16 Model 6 Stepping 3  <br>System:Windows 7 build 7601 Service Pack 1  <br>Platform-GUID:451EF764-4055-11E0-BA02-7071BCB39A07  <br>DateSubmitted:Tue, 08 Jan 2013 02:43:05 GMT  <br>Product:Norton Internet Security 19.9.0.9"

Sorry if it looks like a mess. The thing that concerns me is the sections that say "Local or Remote Attacker: 2" and "Offending URL: oystatic.ignimgs.com/src/core/swf/IGNPlayer.swf  <br>Date Detected: Tue, 08 Jan 2013 02:43:05 GMT". Is any of this anything to be concerned about? Thanks.
 

回复

好评0

Re: IPS Detection Statistical Submission

You do not have to be concerned because Norton caught a piece of malware as it attempted to access your system.

This report is to notify Norton of the attempt, and give as much information as possible about where the attack came from and what kind of attack it was. This helps Norton in its' daily battle with the bad guys.

Things happen. Export/Backup your Norton Password Manager data.
好评0

Re: IPS Detection Statistical Submission

Well, how dangerous is it? If it's a piece of malware, how come I didn't recieve a virus blocked message?

I've received quite a few messages like that since i've been looking around YouTube and stuff. Is it normal to recieve stuff like this? Should I change my surfing habits or something?

好评0

Re: IPS Detection Statistical Submission

Look in your History. Check the recent history for around the time noted in your submission. You should be able to find an entry for when the malware or intrusion attemp was blocked.

You may not have noticed a message. But as Norton did catch it, you are OK.

As to changing surfing habits, only you can determine if you are visiting questionable sites. Youtube should be alright as long as your NIS is up to date.

Things happen. Export/Backup your Norton Password Manager data.
好评0

Re: IPS Detection Statistical Submission

What I meant by "message" was a "high" severity rated message. I didn't see anything like that in the history.

I've tried to make an effort in viewing only safe sites. Why would legit sites like YouTube or something like IGN have this problem?
好评1 Stats

Re: IPS Detection Statistical Submission

This is a Norton Community Watch Statistical Submission of something that resembled a known attack.  If it had been an actual attack, IPS would have alerted you and blocked the site, and the entry for this would be found in the IPS logs.  If IPS did not alert to a threat, it is probably a false positive that is being submitted to Symantec for analysis.  Nothing to worry about.  Typically, IPS Detection Statistical Submissions are test signatures that have gotten a hit when you visit a website.  Test signatures are used to refine existing signatures, and part of the testing process involves weeding out the FPs.  Meanwhile, IPS is using the actual working signature - so if IPS does not alert, then the threat was a false positive.  Please see a fuller explanation here:

http://community.norton.com/t5/Norton-Internet-Security-Norton/Norton-repeatedly-blocking-Blackhole-Toolkit-Website-Attack/m-p/461124/highlight/true#M159697

好评0

Re: IPS Detection Statistical Submission

Is IPS what normally alerts you of a blocked attack? Are the IPS logs stored in the security history?
好评0

Re: IPS Detection Statistical Submission

Yes, and yes.

好评0

Re: IPS Detection Statistical Submission

Ok. Is it in any way normal to recieve these kinds of messages? Because now that I'm looking for them in the history, I've noticed they've been coming up a bit across multiple users, not just me.

好评0

Re: IPS Detection Statistical Submission


caleb89sw wrote:

Ok. Is it in any way normal to recieve these kinds of messages?


Extremely normal.  Statistical submissions are the way Symantec refines its threat signatures to make them more efficient and less prone to false positives.  These submission entries are for analysis and are not actual threat detections.

好评0

Re: IPS Detection Statistical Submission

Ok. Look, I'm sorry for asking so many questions. I just freak out a bit when something sounds like there's viruses or malware involved. Thanks for your support. :)
好评0

Re: IPS Detection Statistical Submission

No apologies necessary.  Norton has a lot of nooks and crannies, many of them poorly explained.  The forums wouldn't be here if users didn't have questions, so continue to ask away.  One tip to prevent freakouts:  When looking through the Norton logs, a good rule of thumb is that if you find something that Norton has not already alerted you about, then the issue is not something that you need to be concerned with - if it were something urgent or something that required user attention, Norton would have alerted you at the time that it happened.  All items in Norton History are things that Norton has already taken care of on its own.

好评0

Re: IPS Detection Statistical Submission

What I appreciate about the Norton products is that most users would never see the information you found, but because of the way Norton is designed, your system is still safe.

Users still have the option to dig into the program if they feel the need for micro managing..

Things happen. Export/Backup your Norton Password Manager data.
好评0

Re: IPS Detection Statistical Submission

Thanks for the responses. I just have one quick question. When looking through the history prior to when I noticed the messages last night, I noticed there were no other messages like that in the history. I thought I'd remember seeing some before. Do those messages eventually expire and disappear from the history or what?
好评0

Re: IPS Detection Statistical Submission

I'm not really certain how long NCW submission entries remain in the history log.

好评2 Stats

Re: IPS Detection Statistical Submission

Caleb-
I was in your same shoes brotha(still put them on from time to time) I would worry about every entry I saw. Thanks to the good people here in the forum, I've been less and less worried about things (not 100%worry free, but a lot less than in the past).

This IPS detection statistical submission thing just means something caught Norton's attention and it wants to check it out.
Sort of like hearing something tap the window on a windy night. It's just the wind, but you look just in case. Not the best analogy, but you know what I mean.
Some advice that I was given, don't worry so much. Norton is a good product and keeps you safe. I know it's hard to do at first (not worrying so much), but you will get there
好评0

Re: IPS Detection Statistical Submission

Thanks for your responses and support, everyone.

I just have one more question. Shortly after I started posted on this topic, I've noticed I haven't recieved any messages of this in the security history. NIS 2012 and Intrusion Prevention appears to be working properly and updating regularly. Is there any need for concern? Thanks! 

好评0

Re: IPS Detection Statistical Submission


caleb89sw wrote:

Thanks for your responses and support, everyone.

I just have one more question. Shortly after I started posted on this topic, I've noticed I haven't recieved any messages of this in the security history. NIS 2012 and Intrusion Prevention appears to be working properly and updating regularly. Is there any need for concern? Thanks! 


No messages is the ideal situation. As long as you are getting all the updates and you are surfing safely, you should see very few notices.

Things happen. Export/Backup your Norton Password Manager data.

This thread is closed from further comment. Please visit the forum to start a new thread.