Doodlekin 0 Posted January 24, 2018 Share Posted January 24, 2018 Hi, as a new user it'd be great if you guys could clear up some questions I have regarding the file reputation mechanism, Eset Livegrid (I am using NOD32 Antivirus). 1. How come it doesn't pop up when I launch self-made exe's? I mean, considering they shouldn't have any reputation at all, I wonder if its normal since it doesn't even warn me. 2. Does eset livegrid trigger only when downloading files, or when launching files too? what formats are supported? 3. Does it trigger only based on static file traits or is the file being sent over to the cloud and ran there? thanks! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted January 24, 2018 Administrators Share Posted January 24, 2018 59 minutes ago, Doodlekin said: 1. How come it doesn't pop up when I launch self-made exe's? I mean, considering they shouldn't have any reputation at all, I wonder if its normal since it doesn't even warn me. Imagine a popular application updates and ESET would start asking millions of users whether to allow it to run. That is not the approach we want; all decisions must be done in a smart way, ideally without user's interaction and without excessive nagging or false positives. LiveGrid works fully in the background and the program utilizes the data that it receives from LiveGrid servers. Quote 2. Does eset livegrid trigger only when downloading files, or when launching files too? what formats are supported? Both. However, LiveGrid is not about notifying you about unpopular files as you probably understand it. Also the program doesn't ask LiveGrid servers each time you execute an application, otherwise it would significantly slow down the execution and would unnecessarily nag users since there are very many new executables and dlls distributed on a daily basis. Quote 3. Does it trigger only based on static file traits or is the file being sent over to the cloud and ran there? LiveGrid is also used for blacklisting urls. If a particular file is highly suspicious and submission of samples is not disabled, the file is submitted to ESET, replicated on ESET's servers and, if it turns out to be malicious, it gets blacklisted and this information is shared with other users. For blacklisting we use DNA hashes which enables us to blacklist files with a similar behavior. For more information about ESET's technologies, please read https://cdn1-prodint.esetstatic.com/ESET/INT/Docs/Others/Technology/ESET-Technology.pdf. Link to comment Share on other sites More sharing options...
Doodlekin 0 Posted January 28, 2018 Author Share Posted January 28, 2018 (edited) Many thanks for the quick reply, After looking up the subject a bit further, I have stumbled upon this forum post from around 2014 (https://forum.eset.com/topic/3100-small-question-eset-livegrid-file-reputation/) where it is stated that LiveGrid is triggered *only* on file download and email receivals, so could the info there be considered outdated at this point, or did I miss something? Edit: Also, regarding the 3rd question, so I'm still not sure regarding the Livegrid mechanism, which of my data is sent over to ESET, if whole files are rarely sent (and the option could be disabled altogether), and rarity does not play a major role, where does the whole "reputation" part of the mechanism name come into play? Thanks! Edited January 28, 2018 by Doodlekin Link to comment Share on other sites More sharing options...
Recommended Posts