Statistical Information was sent to ESET

I've found that I have computers that show they have sent Statistical information anywhere from 1-17 times today (5/6/2010). Now I could understand this if the machines were receiving threats, but none of these machines have stopped or detected a single threat in the last 16 hours, so what is all this "statistical" information being sent? The help file states that this would be delivered once or twice a day. It also mentions that it is sending anonymous information about newly detected threats, which clearly is not the case since none of the machines I've checked so far have a single threat, and ERA Threat Log shows nothing since my EICAR test file 2 days ago.

Can someone explain??

 

So I glanced at this a little more. Our ERA Database is on SQL so I did a quick query to check the stats from today a little more accurate.

Code:

select ClientName, COUNT(*) from EventLog 
where DateOccurred > '20100506' and DateOccurred < '20100507'
and EventText like 'Statistical information was sent to ESET.'
group by ClientName
order by 2

Results showed that of the 148 computers connecting to this ERA server, Statistical information was sent 1537 times or an average of 10 times per machine. All for computers that haven't caught a single threat yet today. Something is not right...

 

Hi Rockshox,

Statistical information may not be just new samples of infected files but general information on how you system is performing including date/time operating system and signature file currently loaded. You can find what a statistic packet looks like by going to the manuals http://download.eset.com/manuals/ESET_EAV4_UserGuide_ENU.pdf and goto page 28.

You can also see the data by opening up your ERA database and looking at the ThreatSense1 and ThreatSense2 tables.

 

Thank you for the reply. I had already reviewed the manual and the ThreatSense1 and ThreatSense2 tables prior to posting. However, what you are saying is clearly not what is in the manual.

It clearly states that ThreatSense.Net is for collection of newly detected threats.

Also, the ThreatSense1 and 2 tables only store some reference information about the ThreatSense data. The actual data appears to be stored in DAT files in X:\ProgramData\ESET\ESET Remote Administrator\Server\storage\ThreatSenseX_Data.

 

I guess you are really bored. If you so much care about how many times something's submitted, then disable the function and move on.

 

similar reports
https://www.wilderssecurity.com/showthread.php?t=266168

https://www.wilderssecurity.com/showthread.php?t=267947

 

Already done before this post was even created. I wouldn't mind leaving it enabled if providing the information to ESET actually helped with something. But spamming the ERA Event Log is pretty plain annoying.

 

You might consider changing the TreatSense.Net® parameter set-up to reflect this -

Submission of Suspicious Files, during update, as opposed to, as soon as possible, Submission of Statistics, during update, again, as opposed to, as soon as possible.

I have also found disabling logging pulls much less from a stand-alone machine, though that does not reflect your situation.

Regards,