NOD32 Client resending threats to ERA Console

Recently we have had several clients resending threat alerts back to the ERA console. The clients are running NOD32 v4.0.437. ERA will show a new threat has been detected, but when I go to check on it, the Date Received will show the threat was recently received, but the Date Occurred will be several months old and a duplicate of a threat that was already taken care of. Has anyone seen this before?

Here is a screen shot of an instance of this happening from yesterday.

 

I've seen this behavior occasionally since v3, and support's response was to upgrade to v4, the newest version of RAS, as well as start with a fresh RAS database. I wasn't going to do that for a minor issue, so I've just delt with it. You might as well report it to them so they know there is more than one person dealing with this, tell them to reference unresolved case #315420 for more background info and the troubleshooting steps they tried before.

 

Just to make sure, is the client name exactly same for both records?

 

On the clients I've seen this happen on, nothing has changed. Same IP, same hostname, same MAC address. I've also seen some other database oddities like client install dates being an impossible date in the future that makes me suspect there is something bad going on inside the database causing this erratic behavior with timestamps and duplicate threats being logged.

 

Yes, the Client Name and Mac Address are identical for both records. There have been no changes (other than standard Windows updates) done on this computer recently. I checked the Event Viewer around the time the Threat Event was resent and it didn't show anything happening on the computer at that time.

We also are using a SQL backend for the database if that makes any difference.