Statistical Information was sent to ESET

Discussion in 'ESET NOD32 Antivirus' started by rockshox, May 6, 2010.

Thread Status:
Not open for further replies.
  1. rockshox

    rockshox Registered Member

    Joined:
    Oct 23, 2009
    Posts:
    261
    I've found that I have computers that show they have sent Statistical information anywhere from 1-17 times today (5/6/2010). Now I could understand this if the machines were receiving threats, but none of these machines have stopped or detected a single threat in the last 16 hours, so what is all this "statistical" information being sent? The help file states that this would be delivered once or twice a day. It also mentions that it is sending anonymous information about newly detected threats, which clearly is not the case since none of the machines I've checked so far have a single threat, and ERA Threat Log shows nothing since my EICAR test file 2 days ago.

    Can someone explain??
     
  2. rockshox

    rockshox Registered Member

    Joined:
    Oct 23, 2009
    Posts:
    261
    So I glanced at this a little more. Our ERA Database is on SQL so I did a quick query to check the stats from today a little more accurate.

    Code:
    select ClientName, COUNT(*) from EventLog 
    where DateOccurred > '20100506' and DateOccurred < '20100507'
    and EventText like 'Statistical information was sent to ESET.'
    group by ClientName
    order by 2
    Results showed that of the 148 computers connecting to this ERA server, Statistical information was sent 1537 times or an average of 10 times per machine. All for computers that haven't caught a single threat yet today. Something is not right...
     
  3. Geosoft

    Geosoft Registered Member

    Joined:
    Jan 7, 2009
    Posts:
    270
    Location:
    Toronto, Ontario, Canada
    Hi Rockshox,

    Statistical information may not be just new samples of infected files but general information on how you system is performing including date/time operating system and signature file currently loaded. You can find what a statistic packet looks like by going to the manuals http://download.eset.com/manuals/ESET_EAV4_UserGuide_ENU.pdf and goto page 28.

    You can also see the data by opening up your ERA database and looking at the ThreatSense1 and ThreatSense2 tables.
     
  4. rockshox

    rockshox Registered Member

    Joined:
    Oct 23, 2009
    Posts:
    261
    Thank you for the reply. I had already reviewed the manual and the ThreatSense1 and ThreatSense2 tables prior to posting. However, what you are saying is clearly not what is in the manual.

    It clearly states that ThreatSense.Net is for collection of newly detected threats.

    Also, the ThreatSense1 and 2 tables only store some reference information about the ThreatSense data. The actual data appears to be stored in DAT files in X:\ProgramData\ESET\ESET Remote Administrator\Server\storage\ThreatSenseX_Data.
     
  5. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    I guess you are really bored. If you so much care about how many times something's submitted, then disable the function and move on. :rolleyes:
     
  6. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  7. rockshox

    rockshox Registered Member

    Joined:
    Oct 23, 2009
    Posts:
    261
    Already done before this post was even created. I wouldn't mind leaving it enabled if providing the information to ESET actually helped with something. But spamming the ERA Event Log is pretty plain annoying.
     
  8. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    You might consider changing the TreatSense.Net® parameter set-up to reflect this -

    Submission of Suspicious Files, during update, as opposed to, as soon as possible, Submission of Statistics, during update, again, as opposed to, as soon as possible.

    I have also found disabling logging pulls much less from a stand-alone machine, though that does not reflect your situation.

    Regards,
     
Thread Status:
Not open for further replies.