Jump to content

Archived

This topic is now archived and is closed to further replies.

PXCSW

Warning when LiveGrid is disabled with 6.5

Recommended Posts

Hi,

I updated an Endpoint Antivirus and Endpoint Security Client from 6.4 to 6.5 to try it out.

The first thing I see is a big reg warning, telling me that I should enable ESET LiveGrid.

I run an ERA 6.5 Server and have knowingly disabled LiveGrid via Policy. But now those clients also show up in the ERA Server with a red Warning and a "Security Risk".

I have no intention of activating LiveGrid. How do I disable this Message in the Client and Server?

Share this post


Link to post
Share on other sites

LiveGrid is a crucial protection functionality. By default, checking file or url hashes against both the local LiveGrid dabatase and cloud LiveGrid servers is enabled in ESET's products.

Disabling LiveGrid completely (ie. even checking hashes against the local and cloud LiveGrid database) has adverse effect on protection and substantially deteriorates detection and protection capabilities of the ESET product when it comes to newly emerging threats. Disabling LiveGrid completely will cause that a detection of a particular malware (e.g. ransomware encrypting files) will be added with the delay of several hours instead of ESET being able to detect and protect you from it virtually instantly.

In environments with a strict policy where no submission of statistics or files is allowed, the following policy is recommended:

ees6_lg_suboff.png

As for submission of samples, this setting should be kept enabled in order for automated systems or malware analysts to generate smart detections for suspicious (malicious) files and to improve cleaning. Sensitive files, such as documents, are excluded from submission by default.

Even if you decide to turn off LiveGrid completely (not recommended) and take the risk, you can disable changing of the protection status in the Applications statuses setup in the Tools section.

Share this post


Link to post
Share on other sites

Hi Marcos,

Your explanation is understood, but I still need to mute these alerts. We are in the middle of migration from v5 to v6.

Currently, I am struggling to find clients with other issues, because ALL my clients report LiveGrid disabled.
This is very inconvenient, because I will not see any other issues if they pop up on my clients. And at this point, this is more important.

So, I need to either:
- hide all LiveGrid alerts until I am ready to deal with LiveGrid
- force activate LiveGrid on all clients (which only by policy does not work, I am still getting the alerts)

 

So, what can I do, please?

Share this post


Link to post
Share on other sites
10 minutes ago, KarolB said:

So, I need to either:

- hide all LiveGrid alerts until I am ready to deal with LiveGrid
- force activate LiveGrid on all clients (which only by policy does not work, I am still getting the alerts)

You can temporarily disable notifications about LiveGrid via a policy -> User interface -> Application statuses. Remember to remove it later when  you are ready to use LiveGrid.

LiveGrid will enable:
- quick response to new threats without waiting hours for detection engine update
- better performance thanks to omitting popular files from scanning
- better cleaning of malware, especially if detected running in memory

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...