'Submit suspicious files' window

Discussion in 'ESET NOD32 Antivirus' started by jastrzab, Sep 12, 2008.

Thread Status:
Not open for further replies.
  1. jastrzab

    jastrzab Registered Member

    Joined:
    Aug 7, 2008
    Posts:
    5
    What triggers the 'Submit suspicious files' window?
    Is it incoming email message with the attachment?
    I do not understand it.
    I had that window popped up after I sent one email (no attachment).
    There were not any other activities in the computer.
    My EMON settings are set to automatically scan all incoming and outgoing messages.
    Why I have to submit the suspicious file manually?
    Also, the file: user-EA499343X-activities.exe does not exists in my computer!!
    Can someone please explain what is going on?
    jas
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    The window appears because:
    1, you have submission of suspicious files via ThreatSense enabled
    2, ThreatSense is set to ask you before submission takes place (you can set it to submit suspicious files without asking; of course, exclusions can be defined).
    3, a suspicious file was detected by heuristics which triggered the submission
     
  3. jastrzab

    jastrzab Registered Member

    Joined:
    Aug 7, 2008
    Posts:
    5
    But where is (was) that file?
    jas

    what I mean, where that file came from?
    If it came with email, why it is not scanned automatically?
    All other files (attachments) are!
    jas
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    I don't understand what you mean. If ThreatSense has found some files suitable for analysis, they must have been detected either by the real-time, email, web protection or by the on-demand scanner before (check the logs for detailed information about detected threats). As I said, you can set ThreatSense to submit suspicious files without asking.
     
  5. jastrzab

    jastrzab Registered Member

    Joined:
    Aug 7, 2008
    Posts:
    5
    What is here you do not understand?
    I am requiring about one specific file.
    That file does not exists on my computer.
    It means it must be an attachment to some email.
    If it is an attachment, why it is not scanned like other attachments?
    Why it has to be submitted?
    What is not clear about these questons?

    I have one more related question.
    From the log:
    "
    Time Module Object Name Threat Action User Information
    9/12/2008 10:12:34 AM IMON email message from: "ICS Monitoring Team" <juvipe@chinamobile.com> to: "client" <********> with subject [Bulk] Your internet access is going to get suspen dated Fri, 12 Sep 2008 06:05:19 +0000 downloaded from server 206.190.36.17:110 probably a variant of Win32/Statik application contained infected files JAC\Jacek

    "
    It appeared to me now that the original file name is not what I posted:
    user-EA499343X-activities.exe

    I believe now, that the part "user-EA499343X-" is added by NOD.
    If that is true, then you, experienced Eset moderator should know about that.
    Can you please elaborate more on that?
    jas
     
  6. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
    It was scanned, detected, and moved to quarantine (or simply deleted).

    It has to be submitted because NOD32 thinks the file's suspicious and, as Marcos already said, your Threatsense.net setting is set to "Ask before submitting". Change it to "Submit without asking" if you want NOD32 to automatically submit suspicious files to the ESET virus analysts without prompting you.
     
    Last edited: Sep 12, 2008
  7. jastrzab

    jastrzab Registered Member

    Joined:
    Aug 7, 2008
    Posts:
    5
    If it was scanned and possible threat detected it should be just deleted!!!!
    (when delete option was selected of course!)
    And that should be a default setting.
    If someone wants further file evaluation it should set the options accordingly.
    that is my 5 cents!
    jas
     
Thread Status:
Not open for further replies.