Known threats and EDTD

[katbert 3]

Is it possible to send known threats to EDTD?

It my test environment I extracted files mimikatz_trunk.zip. Almost all files was deleted by on-access protection. In ESMC console I go to Threats and select "thread resolved" filter. I see detected mimikatz modules. I selected one of modules and opened Threat Details. I see

Threat name = Win64/Riskware.Mimikatz.D

Action taken  =  cleaned by deleting

Scanner = Real-time file system protection

In the bottom of Threat Details page I press Send file to EDTD button, and see message of creating client task.

One minute ago I see in Client tasks\Eset security product\send file to edtd, and this task was finished successfully

But in Submitted files list in ESMC console I don't see this file. And in local interface of File Security - I don't see this file too.

Is it bug in ESMC console, or submitting 100%-known threats is not possible?

 

[Marcos 5,074]

I think it should work, at least it's possible to manually submit any file from Endpoint's gui. Will try to test it myself.

[MartinK 378]

2 hours ago, Marcos said:

I think it should work, at least it's possible to manually submit any file from Endpoint's gui. Will try to test it myself.

My guess is that file is actually not uploaded in case it has already known hash, but this is not communicated to user and that is why it seems like file has been uploaded...

[katbert 3]

1 hour ago, MartinK said:

My guess is that file is actually not uploaded in case it has already known hash, but this is not communicated to user and that is why it seems like file has been uploaded...

This is a bug or by-design?

In EDTD help described upload of EICAR test file (100%-known malware)

https://help.eset.com/edtd/en-US/?submit_esmc.html