Send variants to eset?

Hello, I recently purchased Nod32 and it's a really really nice antivirus.

I just got a quick question: About 10 minutes ago it cought some phishing variants on a website so I put them in quarantine. Should I submit these variants to eset or do they already know about them (since it cought them)?

Thanks,
Jeremy

 

Hi Jeremy S:

If ThreatSense is enabled, then the submission system will send them either automatically or with your permission (depending on the options you set).

 

Rumstah's right. You should leave ThreatSense enabled and suspicious files will be submitted automatically. There's usually no need to quarantine such files, so far I've seen only one file that was identified incorrectly as a variant of a known threat.

 

It is highly recommended that you submit *all* heuristical detected stuff.

Reason is simple: We see then when a heuristic or generic detection turns out to be very wide spreaded. In this case we can take a "special" closer look to this. Example: A downloader is detected by heuristic or by generic and/or is a variant of a already known downloader. NOD32 stops this of course, but the question still remains WHAT DOES IT DOWNLOAD?
For sure not a patch that makes windows secure

If we have this file, we can take a closer look to it and make sure that the downloaded stuff is detected as well. However, if you don't allow the heuristic detection to run you will never reach this stage of downloading, and most likely the downloaded stuff would be also detected via heuristics or generic.

But i think you got the point...

 

I wonder why ThreatSense isn't set by default to automatically submit stuff as soon as possible without asking user? I mean only this way you can achieve maximal potential of ThreatSense.

 

Alright, thanks for your replies.
I was just wondering if it would be a waste of their time by submitting them to eset if they already knew about them.

So variants should always be submitted.. Got ya.
I'll also enable ThreatSence when I find it.


Thanks again,
Jeremy

 

Just enable ThreatSense, there's no need to submit them by email as well. Only if you suspect a file to be falsely reported as infected, you should submit it by email either to support[at]eset.com or samples[at]eset.com (sample[at]eset.com works also).

 

READ MY LIPS: PRIVACY

 

Privacy? Excel/Word documents and few others are excluded from submission (because they're used by companies and may contain sensitive data).
Other than file path i don't see anything else that could compromise privacy.
And even that is limited to username that can be aswell duplicated by anyone in the world (hell i even though my nick is completely unique and people already used it on sites here and there).
So thats really not a problem imo.

 

Yesterday NOD found this: probably a variant of HTML/Exploit.CodeBaseExec trojan.
I have ThreatSence enabled and set to ask me before submitting, but it didn't send anything to Eset.
After 1 hour of waiting I did it myself with the built-in feature in NOD.

 

This one was not detected by advanced heuristics and there's definitely no need to submit it for analysis.

 

Ok so no probable variants only new_heur. I just thought probable variants would require a closer look, guess I was mistaken

 

Marcos,but sometimes some variants do get submited by ThreatSense itself.

 

Of course. The system is smart and can decide whether a sample is suitable for further analysis or not.

 

Ahhh ok, now I get it
Bit confusing though