Send variants to eset?

Discussion in 'NOD32 version 2 Forum' started by Jeremy S, Sep 28, 2005.

Thread Status:
Not open for further replies.
  1. Jeremy S

    Jeremy S Guest

    Hello, I recently purchased Nod32 and it's a really really nice antivirus.

    I just got a quick question: About 10 minutes ago it cought some phishing variants on a website so I put them in quarantine. Should I submit these variants to eset or do they already know about them (since it cought them)?

    Thanks,
    Jeremy
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,779
    Location:
    Texas
    Jeremy S

    I would submit them since they aren't exact matches. Maybe Marcos will have other advice. :D
     
  3. rumpstah

    rumpstah Registered Member

    Joined:
    Mar 19, 2003
    Posts:
    486
    Hi Jeremy S:

    If ThreatSense is enabled, then the submission system will send them either automatically or with your permission (depending on the options you set). ;)


     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Rumstah's right. You should leave ThreatSense enabled and suspicious files will be submitted automatically. There's usually no need to quarantine such files, so far I've seen only one file that was identified incorrectly as a variant of a known threat.
     
  5. Happy Bytes

    Happy Bytes Guest

    It is highly recommended that you submit *all* heuristical detected stuff.

    Reason is simple: We see then when a heuristic or generic detection turns out to be very wide spreaded. In this case we can take a "special" closer look to this. Example: A downloader is detected by heuristic or by generic and/or is a variant of a already known downloader. NOD32 stops this of course, but the question still remains WHAT DOES IT DOWNLOAD?
    For sure not a patch that makes windows secure :rolleyes:

    If we have this file, we can take a closer look to it and make sure that the downloaded stuff is detected as well. However, if you don't allow the heuristic detection to run you will never reach this stage of downloading, and most likely the downloaded stuff would be also detected via heuristics or generic.

    But i think you got the point...
     
  6. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    I wonder why ThreatSense isn't set by default to automatically submit stuff as soon as possible without asking user? I mean only this way you can achieve maximal potential of ThreatSense.
     
  7. Jeremy S

    Jeremy S Guest

    Alright, thanks for your replies.
    I was just wondering if it would be a waste of their time by submitting them to eset if they already knew about them.

    So variants should always be submitted.. Got ya.
    I'll also enable ThreatSence when I find it.


    Thanks again,
    Jeremy
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Just enable ThreatSense, there's no need to submit them by email as well. Only if you suspect a file to be falsely reported as infected, you should submit it by email either to support[at]eset.com or samples[at]eset.com (sample[at]eset.com works also).
     
  9. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    READ MY LIPS: PRIVACY
     
  10. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Privacy? Excel/Word documents and few others are excluded from submission (because they're used by companies and may contain sensitive data).
    Other than file path i don't see anything else that could compromise privacy.
    And even that is limited to username that can be aswell duplicated by anyone in the world (hell i even though my nick is completely unique and people already used it on sites here and there).
    So thats really not a problem imo.
     
  11. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Yesterday NOD found this: probably a variant of HTML/Exploit.CodeBaseExec trojan.
    I have ThreatSence enabled and set to ask me before submitting, but it didn't send anything to Eset.
    After 1 hour of waiting I did it myself with the built-in feature in NOD.
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    This one was not detected by advanced heuristics and there's definitely no need to submit it for analysis.
     
  13. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Ok so no probable variants only new_heur. I just thought probable variants would require a closer look, guess I was mistaken :p
     
  14. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Marcos,but sometimes some variants do get submited by ThreatSense itself.
     
  15. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Of course. The system is smart and can decide whether a sample is suitable for further analysis or not.
     
  16. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Ahhh ok, now I get it ;)
    Bit confusing though
     
Thread Status:
Not open for further replies.