Jump to content

What exactly gets sent to LiveGrid?


thatguy
 Share

Recommended Posts

Hello --

I just updated a couple test machines to EndPoint Antivirus v6.5.2094.0 (from 6.4.2014) and File Security v6.5.12007, and suddenly they're all complaining about LiveGrid being disabled.  I have that disabled by global policy because a) we're a healthcare facility and need to protect patient info at all costs, and b) I've never been able to find or get a clear, concise, and technical answer about what exactly is sent outside my network.  

I'd like to avoid the tedium of monitoring network traffic to and from external ESET servers, so if anyone could offer details, it would be much appreciated..  
What exactly gets transmitted? how often? is it encrypted and how? is any of that data stored on ESET (or others') servers?  why?  for how long?  (these questions are moot if there is NO chance of personally identifiable info is sent)..  what gets sent back? etc etc etc..  I'm looking for exact details.

And a related question, why the sudden change to enforce LiveGrid participation?
Thanks.

Edited by thatguy
Link to comment
Share on other sites

  • Administrators

As for LiveGrid reputation system, it's enabled by default in ESET's products as it's vital for ensuring quick response to new threats. When enabled, your ESET products will query ESET's servers about hashes of particular objects (files, urls). The reputation system does not transmit any files or statistics except hashes. If disabled, your ESET products may not detect new borne threats and recognition of such threats will be added in one of the next updates, ie. with a delay of several hours which may be too late if malware has already encrypted files for instance.
Having the reputation system enabled does not only significantly improve detection of new threats but it also makes scanning faster as trusted / whitelisted files are not scanned again and again. LiveGrid information also helps us terminate suspicious processes.

Regarding the LiveGrid feedback system, it sends suspicious files to ESET where suspicious undetected files are replicated and a detection may be created automatically if a file turns out to be malicious. As a result, a brand new malware potentially running on your computer may be recognized and cleaned automatically within a couple of minutes. Note that sensitive files, such as Office documents, are excluded from submission by default. In environments with a strict policy not allowing to submit files, you can disable the LiveGrid feedback system while still keep the reputation system enabled and thus benefit from what LiveGrid brings.

Link to comment
Share on other sites

  • ESET Staff

Regarding the "sudden change", we want to actively convince people to increase their protection by enabling essential protection features. ESET is no longer an "old fashioned AV based on signatures".

Cloud-based reputation, and other advanced / layered protection modules are essential when fighting recent malware. 

Link to comment
Share on other sites

Thank you for the replies.  

If it's now required to have LiveGrid enabled (which, essentially it is, otherwise users will be threatened with warnings and IT Depts will be inundated with calls about those warnings), then what's the point of having the option to disable LiveGrid anymore?  The other two options [regarding submitting statistics and samples] are obviously helpful.

With those two options Disabled/Off (but LiveGrid enabled), is it safe to say that we will be 100% HIPAA(et al)-compliant?  Meaning there is NO possibility that ANY readable file would ever get sent out from our network (infected, suspicious, or otherwise)?

Link to comment
Share on other sites

  • Administrators
54 minutes ago, thatguy said:

... what's the point of having the option to disable LiveGrid anymore? 

Users can still disable LiveGrid completely if they feel uncomfortable with sending hashes to ESET's servers and if they are willing to sacrifice safety (ie. quick reaction to new threats) in favor of not submitting any data (in this case hashes) either. Changing the protection status can be suppressed in the Application statuses setup.

 

Quote

With those two options Disabled/Off (but LiveGrid enabled), is it safe to say that we will be 100% HIPAA(et al)-compliant?  Meaning there is NO possibility that ANY readable file would ever get sent out from our network (infected, suspicious, or otherwise)?

If submission of files and statistics is disabled, then no data except hashes will be transmitted to ESET servers.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...