Submitting suspicious file "as soon as possible".

Discussion in 'NOD32 version 2 Forum' started by cdysthe, Jun 13, 2005.

Thread Status:
Not open for further replies.
  1. cdysthe

    cdysthe Registered Member

    Joined:
    Mar 6, 2004
    Posts:
    70
    Location:
    Austin, TX and Oslo, Norway
    Hi,

    I ran Trend Micro Sysclean and it found a worm in a file that NOD32 doesn't detect for some reason. I have tried to scan manually also, but NOD32 tells me the file is clean. Maybe a false positive?

    So I decided to submit the file for analysis. I have set NOD32 to submit "as soon as possible", but when I push the submit button I am told the submission has been put in a queue. Does anyone know what "as soon as possible" means (since it obviously doesn't mean "right away")?
     
  2. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    It means that NOD32 will submit the sample ASAP, in others words, when a connection is established for example.
    You can check the Event Log to see if the file was submited to Eset.

     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It'd be a good idea to drop me a personal message with details I could use to identify your submisssion among thousands of others (e.g. the email address or comment you used).
     
  4. cdysthe

    cdysthe Registered Member

    Joined:
    Mar 6, 2004
    Posts:
    70
    Location:
    Austin, TX and Oslo, Norway
    Thanks. Found it in the Event Log. It was just a little confusing that you are presented with a queue when you expect something to happen right away.. :)
     
  5. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    There is always the "Submit now" button found using:

    NOD32 Control Center | NOD32 System Setup | Setup | Threatsense.net | Advanced Settings | Submission | Submit Now button

    phew... it's kind of buried, but I think that should do it! ;)
     
  6. chrismorris

    chrismorris Guest

    Marcos, are there really thousands of samples that need investigating/adding?

    if, say there is 1,000. that's going to take a hell of a long time to clear, if you have to analyse each file and decide whether its worthy of a nod32 update.

    also, whats the point of asking indivduals to provide further details of what have already been submitted? if everyone who submitted a suspicious file through nod32 or through the samples@ address sent you a personal message on here, would that be a good thing? if we submit the files through nod32 (using the new feature on 2.5), surely that's all we need to do - the rest is up to you lot at Eset.

    just because someone comes on to wilders and moans that the file they submitted hasnt been added to the database yet, that doesnt mean that file is more important and urgent than a file someone else submitted. Surely thats a decision Eset should make?

    if you want me to PM you every time a threat that nod32 misses that other AVs detect, then i will - but i am sure you will get bored of that before too long
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    By in large, this is an automated process.


    A thread was started asking the question, Marcos was providing a bit of customer service…


    Correct, it is simply customer service.


    I’m sure the Early Warning System submission system will be suffice in 99.99% of all cases ;) :D

    Cheers :D
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Yep, there are thousands of samples detected heuristically and submitted via ThreatSense every day. The process of adding signatures requires manual work in most cases. Some part of the work can be automated, but not all.

    I took your post as a complaint, that's why I decided to prioritize your sample in this particular case. It was some kind of trojan downloader, nothing that should be added immediately (I actually didn't have time to test whether it was functional or not - maybe the url it was attempting to download a trojan from didn't exist anymore).

    Since no personal information are submitted via ThreatSense, there was no way how to identify the file you submitted. I really do not want everyone to send me PMs, I just asked you for it in this particular case.
     
Thread Status:
Not open for further replies.