Suspicious Files; Statistics - ESET SMART SECURITY User Manual

▪ You can configure the Early Warning System to submit anonymous
information about new threats and where the new threatening
code is contained, in a single file. This file can be sent to ESET for
detailed analysis. Studying these threats will help ESET update its
threat detection capabilities. The ThreatSense.Net Early Warning
System will collect information about your computer related to
newly‑detected threats. This information may include a sample
or copy of the file in which the threat appeared, the path to that
file, the file name, information about the date and time, the
process by which the threat appeared on your computer and
information about your computer's operating system. Some of
this information may include personal information about the user
of the computer, such as user names in a directory path, etc.
While there is a chance that this may occasionally disclose some
information about you or your computer to our threat lab at ESET, this
information will not be used for ANY purpose other than to help us
respond immediately to new threats.
By default, ESET Smart Security is configured to ask before submitting
suspicious files for detailed analysis to ESET's threat lab. It should be
noted that files with certain extensions such as .doc or .xls are always
excluded from sending, should a threat be detected in them. You can
also add other extensions if there are particular files that you or your
organization wants to avoid sending.
The ThreatSense.Net setup is accessible from the Advanced Setup
tree, under Tools > ThreatSense.Net. Select the Enable ThreatSense.
Net Early Warning System check box. This will allow you to activate
and then click the Advanced Setup... button.
4.9.1

Suspicious files

The Suspicious files tab allows you to configure the manner in which
threats are submitted to ESET's lab for analysis.
If you have found a suspicious file, you can submit it for analysis to our
virus labs. If it turns out to be a malicious application, its detection
will be added to the next virus signature update.
Submission of files can be set to be performed automatically
without asking. If this option is selected, suspicious files are sent
in the background. If you wish to know which files have been sent
for analysis and confirm the submission, select the Ask before
submitting option.
30
If you don't want any files to be submitted, select Do not submit for
analysis. Note that not submitting files for analysis does not affect
submission of statistical information to ESET. Statistical information is
configured in its own setup section, described in the next chapter.
When to submit
Suspicious files will be sent to ESET's labs for analysis as soon as
possible. This is recommended if a permanent Internet connection is
available and suspicious files can be delivered without delay. The other
option is to submit suspicious files During update. If this option is
selected, suspicious files will be collected and uploaded to the Early
Warning System servers during an update.
Exclusion filter
Not all files have to be submitted for analysis. The Exclusion filter
allows you to exclude certain files/folders from submission. For
example, it may be useful to exclude files which may carry potentially
confidential information, such as documents or spreadsheets. The
most common file types are excluded by default (Microsoft Office,
OpenOffice). The list of excluded files can be expanded if desired.
Contact email
The contact email is sent along with suspicious files to ESET and may
be used to contact you if further information about submitted files is
required for analysis. Please note that you will not receive a response
from ESET unless more information is required.
4.9.2

Statistics

The ThreatSense.Net Early Warning System collects anonymous
information about your computer which is related to newly detected
threats. This information may include the name of the infiltration, the
date and time it was detected, the ESET Smart Security version, your
computer's operating system version and the location setting. The
statistics are normally delivered to ESET's servers once or twice a day.
An example of a statistical package submitted:
# utc_time=2005‑04‑14 07:21:28
# country="Slovakia"
# language="ENGLISH"
# osver=5.1.2600 NT
# engine=5417
# components=2.50.2
# moduleid=0x4e4f4d41
# filesize=28368
# filename=C:\Documents and Settings\Administrator\
Local Settings\Temporary Internet Files\Content.IE5\
C14J8NS7\rdgFR1463[1].exe