'Submit suspicious files' window

What triggers the 'Submit suspicious files' window?
Is it incoming email message with the attachment?
I do not understand it.
I had that window popped up after I sent one email (no attachment).
There were not any other activities in the computer.
My EMON settings are set to automatically scan all incoming and outgoing messages.
Why I have to submit the suspicious file manually?
Also, the file: user-EA499343X-activities.exe does not exists in my computer!!
Can someone please explain what is going on?
jas

 

The window appears because:
1, you have submission of suspicious files via ThreatSense enabled
2, ThreatSense is set to ask you before submission takes place (you can set it to submit suspicious files without asking; of course, exclusions can be defined).
3, a suspicious file was detected by heuristics which triggered the submission

 

But where is (was) that file?
jas

what I mean, where that file came from?
If it came with email, why it is not scanned automatically?
All other files (attachments) are!
jas

 

I don't understand what you mean. If ThreatSense has found some files suitable for analysis, they must have been detected either by the real-time, email, web protection or by the on-demand scanner before (check the logs for detailed information about detected threats). As I said, you can set ThreatSense to submit suspicious files without asking.

 

What is here you do not understand?
I am requiring about one specific file.
That file does not exists on my computer.
It means it must be an attachment to some email.
If it is an attachment, why it is not scanned like other attachments?
Why it has to be submitted?
What is not clear about these questons?

I have one more related question.
From the log:
"
Time Module Object Name Threat Action User Information
9/12/2008 10:12:34 AM IMON email message from: "ICS Monitoring Team" <juvipe@chinamobile.com> to: "client" <********> with subject [Bulk] Your internet access is going to get suspen dated Fri, 12 Sep 2008 06:05:19 +0000 downloaded from server 206.190.36.17:110 probably a variant of Win32/Statik application contained infected files JAC\Jacek

"
It appeared to me now that the original file name is not what I posted:
user-EA499343X-activities.exe

I believe now, that the part "user-EA499343X-" is added by NOD.
If that is true, then you, experienced Eset moderator should know about that.
Can you please elaborate more on that?
jas

 

It was scanned, detected, and moved to quarantine (or simply deleted).

It has to be submitted because NOD32 thinks the file's suspicious and, as Marcos already said, your Threatsense.net setting is set to "Ask before submitting". Change it to "Submit without asking" if you want NOD32 to automatically submit suspicious files to the ESET virus analysts without prompting you.

 

If it was scanned and possible threat detected it should be just deleted!!!!
(when delete option was selected of course!)
And that should be a default setting.
If someone wants further file evaluation it should set the options accordingly.
that is my 5 cents!
jas