Suspicious file submissions

Discussion in 'ESET Endpoint Products' started by PRB, May 2, 2013.

Thread Status:
Not open for further replies.
  1. PRB

    PRB Registered Member

    Joined:
    May 18, 2010
    Posts:
    19
    For the past day two machines on our network have been submitting vast numbers of files to ESET for analysis. These files include most of the .sys files in system32/drivers and .exe files such as explorer.exe, mmc.exe etc. The machines are running 5.0.2126 with the latest definitions. Other similar machines on the network are not exhibiting the problem. I think it is unlikely that these files are really suspicious so would like to know why this is happening.
    I know I can turn off all submissions. I am reluctant to do this as the feedback is obviously useful to ESET for reall issues and occasional false positives but will be forced to do this if this problem continues!
     
  2. Geosoft

    Geosoft Registered Member

    Joined:
    Jan 7, 2009
    Posts:
    270
    Location:
    Toronto, Ontario, Canada
    That does sound suspicious. Are you able to take one of these machines offline for a considerable amount of time? A couple things I would do is run the machine through SysRescue just to be sure that your ESET isn't comprimised. You may also view the SysInspector logs to see if there's something that doesn't seem right.

    Otherwise you could try using the ESET online scanner as well as other scanners such as Malware Bytes and PrevX.
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please provide more information about the modules installed (Help -> About). Also check if you update from normal or pre-release update servers.
     
  4. PRB

    PRB Registered Member

    Joined:
    May 18, 2010
    Posts:
    19
    Sorry for slow response - public holiday in UK!

    Another machine is doing the same thing today so I'm providing the info from that one. The original two pcs seem ok at the moment!

    Virus signature database: 8303 (20130507)
    Update module: 1041 (20120430)
    Antivirus and antispyware scanner module: 1387 (20130423)
    Advanced heuristics module: 1139 (20130208 )
    Archive support module: 1165 (20130410)
    Cleaner module: 1067 (20130417)
    Anti-Stealth support module: 1043 (20130322)
    ESET SysInspector module: 1233 (20130320)
    Self-defense support module: 1018 (20100812)
    Real-time file system protection module: 1007 (20111129)
    Translation support module: 1100 (20121205)
    HIPS support module: 1074 (20130423)
    Internet protection module: 1053 (20130318 )

    Database module: 1036 (20130417)

    WE update via a central mirror which gets its definitions from the normal server.
     
  5. Jdeane

    Jdeane Eset Staff

    Joined:
    Jul 18, 2007
    Posts:
    82
    Location:
    UK
    You can call the ESET UK support team using 0845 838 0832 opt 3

    We can then take a look at the logs on the affected computers and let you know what is happening.

    Jon
     
Thread Status:
Not open for further replies.