Jump to content

How to submit Suspicious file to ESET Research Lab via program GUI.


Recommended Posts

  • ESET Staff

ESET Research Lab can receive samples sent by users via email and also sent via installed product running on user’s computer.

I will try to explain how the submission via our program works, what is recommended to do or what is advised to avoid.

When you open GUI of ESET Internet Security, you will find following icon in Tools and clicking More Tools:

submit_sample00.png
After clicking the icon you will see the first window called Select sample for analysis.

submit_suspicios_file1.png

1) It is recommended to read the Online Help before submitting a file for a first time.

2) Selection “Suspicious file” means that you are about to report an undetected file and you wish ESET Lab to add detection.

3) Attach the suspicious file you wish to send to the ESET Lab.
The attached file should be typically an executable program or script you found on your devices or you received via spammed emails.
Submitting of your own private files (like your photos, movies, music, documents and other data types) should be generally avoided expect rare situations when you believe that some malicious code was added into these files.

4) You may provide your contact email. Researchers from ESET Lab may contact you if they need further information about submitted sample.

5) After clicking the Next button, you will see the second window called Add file description where you are asked to input additional information about submitted suspicious file.
These additional information about the submitted file are significantly important for ESET Lab. Researchers need to understand why do you think the submitted file should be detected by ESET, how did you find/encountered the file, what problems are you experiencing. You can add any other information you consider relevant.
Submissions without any additional information are usually not useful.

submit_suspicios_file2.png

6) Observed signs and symptoms of malware infection.
Researchers ask you to provide this information so they understand whether you submit malware actively running on your computer or not. Describe how the malware infection manifested on your computer.
Signs and symptoms of malware infection could be following (including but not limited to: excessive CPU usage, excessive network usage, firewall reported unexpected network connections, unexpected browser setting changes, new ads being displayed, file copies automatically via network shares/removable drives, documents gets encrypted, program asks for ransom, application is hard to close, etc. - when you explain symptoms like these examples, you help researchers to finish analysis of the malware more quickly.
There are situations when you don’t know the symptoms (because you did not run the file yet, it just appeared in your inbox) or you don’t observe any signs or symptoms. In such situation you can write:
I do not know the behavior because I did not want to open it when it arrived to my inbox.
or
I do not observe any visible signs but this file is running on my computer and I do not know how it got there and to which application it belongs.
or
I do not know what it is, but this file suddenly appeared on our server, so I suspect it was uploaded by hackers.

7) File origin
Information where and how did you find the suspicious file is also important for researchers. If you found the file when browsing Internet, include the website you were visiting. If you known the exact download URL the better. If you received the file via spammed message make sure you include this information. If you find the file on other computer, tell us about it.

8) Notes and additional information
You can add any information or clarification you deem important. You may also express what do you expect ESET Labs to do with the sample (While the “Suspicious file” selection in Step 2 suggests that you wish to add detection, it is not bad to re-affirm using your own words).

Information you provide indeed significantly helps ESET laboratories in the identification and processing of samples. Thank you for your submission!

9) Click Send and the submission is finished:

submit_sample05.png

Link to comment
Share on other sites

  • Marcos pinned this topic
  • Marcos locked this topic
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...