All items in Norton History are things that Norton has already taken care of on its own. When looking through the Norton logs, a good rule of thumb is that if you find something that Norton has not already alerted you about, then the issue is not something that you need to be concerned with - if it were something urgent or something that required user attention, Norton would have alerted you at the time that it happened. When one of these test signatures gets a hit it is reported back to Symantec as an IPS Detection Statistical Submission. The goal is to eventually replace or update the initial signature with the improved version once testing is completed. Since this increases the likelihood of false positives the revised definition is first released as a test signature. After this initial signature is released refinements are made to make a new signature that is smaller and more efficient. When a new exploit is discovered a signature is created and distributed as quickly as possible in order to provide immediate protection. The Norton Intrusion Prevention System uses signatures to detect and block exploits that leverage vulnerabilities in software programs to install malware. Meanwhile, IPS is using the actual working signature - so if IPS does not alert, then the threat was a false positive. Test signatures are used to refine existing signatures, and part of the testing process involves weeding out the FPs. Typically, IPS Detection Statistical Submissions are test signatures that have gotten a hit when you visit a website. These submissions help to fine tune signatures for malicious files so that similar safe files are not detected and removed as false positives. Rather, it is telemetry that submits the item as a file of interest to NortonLifeLock for analysis and evaluation under Norton Community Watch. Your screenshot shows a "Statistical Submission." That is not a malware detection or a false positive, and the file will not be removed or blocked. If this is an actual attack, it will be listed under Intrusion Prevention history. Statistical submissions are not malware detections. Note: Info IPS Detection Statistical Submission
0 Comments
Leave a Reply. |