all 'probably' threats submitted?

Discussion in 'NOD32 version 2 Forum' started by rothko, Mar 2, 2007.

Thread Status:
Not open for further replies.
  1. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    hi

    I just wanted to ask whether all files detected in an On-Demand scan as:

    probably unknown NewHeur_PE virus...
    probably a variant of...

    will be submitted to ESET for analysis automatically if you have the ThreatSense .Net Early Warning System enabled?

    I am running a scan on a huge collection of malware and I can see some of them are being picked detected as 'probably...' and just wondered if at some point today all these samples will be sent to ESET?

    thanks in advance!
     
  2. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    basically all heuristic detections will be submitted to ESET depending on your connection: today or in the following days.
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Unless the same files have already been submitted by someone else. You can disable ThreatSense for the time necessary to scan your malware collection to make sure they are not submitted.
     
  4. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    thanks both - that's helpful!

    the files that arent detected, and i know its highly likely a lot of corrupt, i'd like to submit to eset - but there are too many to submit through email. is there a way to upload via FTP? or should i email with a link to where i found them (but you need a torrent client to download them)?
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
  6. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    hi - just another question if i may :)
    if i scan samples using JUST signatures and a sample is detected as 'probably a variant of...', will that also be submitted or is it not necessary to submit such a sample?

    thanks again
     
  7. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    using JUST signatures won't give that detection. 'probably a variant of...' is heuristic detection.
     
  8. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    it does though - i unticked 'heuristics' and 'advanced heuristics' and scanned using just signatures so i could submit the rest of the samples to eset (already done), quite a few were detected as 'probably a variant of...' using just the signature detection.

    I presume variant detection is part of the signatures (too), but i just wanted to know whether those detections would be submitted or whether because they were detected using signatures they were classed as 'final' and complete.
     
  9. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    maybe you're right then. :D I don't know exactly. :)
     
  10. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    Some (not all) signatures are able to catch slightly modified malware variants.
     
  11. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    great, good to know, thanks for the info!
     
Thread Status:
Not open for further replies.