Hi,

I ran Trend Micro Sysclean and it found a worm in a file that NOD32 doesn't detect for some reason. I have tried to scan manually also, but NOD32 tells me the file is clean. Maybe a false positive?

So I decided to submit the file for analysis. I have set NOD32 to submit "as soon as possible", but when I push the submit button I am told the submission has been put in a queue. Does anyone know what "as soon as possible" means (since it obviously doesn't mean "right away")?

It means that NOD32 will submit the sample ASAP, in others words, when a connection is established for example.
You can check the Event Log to see if the file was submited to Eset.

{QUOTE-> Hi,

I ran Trend Micro Sysclean and it found a worm in a file that NOD32 doesn't detect for some reason. I have tried to scan manually also, but NOD32 tells me the file is clean. Maybe a false positive?

So I decided to submit the file for analysis. I have set NOD32 to submit "as soon as possible", but when I push the submit button I am told the submission has been put in a queue. Does anyone know what "as soon as possible" means (since it obviously doesn't mean "right away")? <-QUOTE}

It'd be a good idea to drop me a personal message with details I could use to identify your submisssion among thousands of others (e.g. the email address or comment you used).

{QUOTE-> It means that NOD32 will submit the sample ASAP, in others words, when a connection is established for example.
You can check the Event Log to see if the file was submited to Eset. <-QUOTE}

Thanks. Found it in the Event Log. It was just a little confusing that you are presented with a queue when you expect something to happen right away.. :)

There is always the "Submit now" button found using:

NOD32 Control Center | NOD32 System Setup | Setup | Threatsense.net | Advanced Settings | Submission | Submit Now button

phew... it's kind of buried, but I think that should do it! ;)

{QUOTE-> It'd be a good idea to drop me a personal message with details I could use to identify your submisssion among thousands of others (e.g. the email address or comment you used). <-QUOTE}Marcos, are there really thousands of samples that need investigating/adding?

if, say there is 1,000. that's going to take a hell of a long time to clear, if you have to analyse each file and decide whether its worthy of a nod32 update.

also, whats the point of asking indivduals to provide further details of what have already been submitted? if everyone who submitted a suspicious file through nod32 or through the samples@ address sent you a personal message on here, would that be a good thing? if we submit the files through nod32 (using the new feature on 2.5), surely that's all we need to do - the rest is up to you lot at Eset.

just because someone comes on to wilders and moans that the file they submitted hasnt been added to the database yet, that doesnt mean that file is more important and urgent than a file someone else submitted. Surely thats a decision Eset should make?

if you want me to PM you every time a threat that nod32 misses that other AVs detect, then i will - but i am sure you will get bored of that before too long

{QUOTE-> if, say there is 1,000. that's going to take a hell of a long time to clear, if you have to analyse each file and decide whether its worthy of a nod32 update. <-QUOTE}By in large, this is an automated process.


{QUOTE-> …also, whats the point of asking indivduals to provide further details of what have already been submitted? if everyone who submitted a suspicious file through nod32 or through the samples@ address sent you a personal message on here, would that be a good thing? if we submit the files through nod32 (using the new feature on 2.5), surely that's all we need to do - the rest is up to you lot at Eset. <-QUOTE}A thread was started asking the question, Marcos was providing a bit of customer service…


{QUOTE-> just because someone comes on to wilders and moans that the file they submitted hasnt been added to the database yet, that doesnt mean that file is more important and urgent than a file someone else submitted. <-QUOTE}Correct, it is simply customer service.


{QUOTE-> if you want me to PM you every time a threat that nod32 misses that other AVs detect, then i will… <-QUOTE}I’m sure the Early Warning System submission system will be suffice in 99.99% of all cases ;) ;D

Cheers ;D

{QUOTE-> Marcos, are there really thousands of samples that need investigating/adding?

if, say there is 1,000. that's going to take a hell of a long time to clear, if you have to analyse each file and decide whether its worthy of a nod32 update.
<-QUOTE}

Yep, there are thousands of samples detected heuristically and submitted via ThreatSense every day. The process of adding signatures requires manual work in most cases. Some part of the work can be automated, but not all.

{QUOTE->
also, whats the point of asking indivduals to provide further details of what have already been submitted? if everyone who submitted a suspicious file through nod32 or through the samples@ address sent you a personal message on here, would that be a good thing? if we submit the files through nod32 (using the new feature on 2.5), surely that's all we need to do - the rest is up to you lot at Eset.
<-QUOTE}

I took your post as a complaint, that's why I decided to prioritize your sample in this particular case. It was some kind of trojan downloader, nothing that should be added immediately (I actually didn't have time to test whether it was functional or not - maybe the url it was attempting to download a trojan from didn't exist anymore).

Since no personal information are submitted via ThreatSense, there was no way how to identify the file you submitted. I really do not want everyone to send me PMs, I just asked you for it in this particular case.