Administrators Marcos 5,074 Posted October 18, 2021 Administrators Share Posted October 18, 2021 The user must choose whether to enable or disable the LG feedback system. We cannot enable it automatically for legal reasons: Peter Randziak, New_Style_xd and Andrew3000 3 Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,130 Posted October 18, 2021 ESET Moderators Share Posted October 18, 2021 On 10/15/2021 at 5:59 PM, Trooper said: Thanks so much Peter. Now will this beta version report into the ESET Protect Server? I assume I will have to separately install the agent? Cheers! Yes it can be managed by the ESET PROTECT (cloud), just the new features are not yet manageable. Yes the agent needs to be installed the same way as with GA version. On 10/15/2021 at 9:31 PM, Andrew3000 said: For Eset business beta testing is it enough to just install the software? Is it possible to integrate it with eset protect cloud? For Eset Internet Security 15 beta testing, is it still possible to join the insiders program? Yes, it is enough to install the BETA version to test it. As mentioned above, it can be managed by the ESET PROTECT cloud, but only the features available in previous generation are available to be configured and managed as of now. The ESET Insiders program is an invitation only program, join requests are being evaluated case by case. You can drop me a personal message to find out more... Peter Trooper and Andrew3000 2 Link to comment Share on other sites More sharing options...
EAV8 2 Posted October 18, 2021 Share Posted October 18, 2021 (edited) 5 hours ago, Marcos said: The user must choose whether to enable or disable the LG feedback system. We cannot enable it automatically for legal reasons: That also proofs that having the LiveGuard feature in other products, like EIS or even NOD32, wouldn't cause a big increase in cloud usage, since the majority of users will have this feature disabled, especially if it's off by default. BTW, you can enable LiveGrid automatically (feedback off), the only thing you can't enable automatically for legal reasons is the LG Feedback, because of sample submission. Right? Edited October 18, 2021 by EAV8 Link to comment Share on other sites More sharing options...
SeriousHoax 83 Posted October 18, 2021 Share Posted October 18, 2021 One thing that I don't like about LiveGuard is that it seems to send every new file created on the device to LiveGuard upon execution. Even if it's an old, trusted and safe file. As you soon as I try to execute a new file that wasn't on my device before, ESET sends that to LiveGuard. Eg: If I just extract a newly downloaded 7zip installer from a zip file where the installer exe is trusted by literally every AV, as soon as I execute it, it gets blocked and submitted to LiveGuard for analysis. What's the point of this? A ESET's reputation check shows that the file is old with reputation status being Fine & green and the number of users is also high with a green mark. ESET should feed from this LiveGrid status and determine that the file is trusted, whitelisted and not necessary to submit it to LiveGuard for analysis. This alone would massively reduce the load on LiveGuard's server. This type of unnecessary submission needs to be avoided. Kaspersky and Norton makes use of their cloud reputation appropriately, which is something ESET is not doing here. The LiveGrid reputation should mean something. The LiveGrid and the LiveGuard combo should communicate with each other to determine what needs to be submitted and what not. Otherwise, LiveGuard servers are going to be bombarded with excessive unnecessary submission. Unnecessary submission is going to annoy even expert users. NewbyUser, 0x55, New_Style_xd and 1 other 4 Link to comment Share on other sites More sharing options...
itman 1,659 Posted October 18, 2021 Share Posted October 18, 2021 13 hours ago, Marcos said: However, unlike LiveGuard LiveGrid cannot temporarily block files since it does not wait for analysis result. Finally, a clear confirmation from Eset on LiveGrid processing. Thanks. Link to comment Share on other sites More sharing options...
New_Style_xd 69 Posted October 18, 2021 Share Posted October 18, 2021 3 hours ago, SeriousHoax said: One thing that I don't like about LiveGuard is that it seems to send every new file created on the device to LiveGuard upon execution. Even if it's an old, trusted and safe file. As you soon as I try to execute a new file that wasn't on my device before, ESET sends that to LiveGuard. Eg: If I just extract a newly downloaded 7zip installer from a zip file where the installer exe is trusted by literally every AV, as soon as I execute it, it gets blocked and submitted to LiveGuard for analysis. What's the point of this? A ESET's reputation check shows that the file is old with reputation status being Fine & green and the number of users is also high with a green mark. ESET should feed from this LiveGrid status and determine that the file is trusted, whitelisted and not necessary to submit it to LiveGuard for analysis. This alone would massively reduce the load on LiveGuard's server. This type of unnecessary submission needs to be avoided. Kaspersky and Norton makes use of their cloud reputation appropriately, which is something ESET is not doing here. The LiveGrid reputation should mean something. The LiveGrid and the LiveGuard combo should communicate with each other to determine what needs to be submitted and what not. Otherwise, LiveGuard servers are going to be bombarded with excessive unnecessary submission. Unnecessary submission is going to annoy even expert users. I wonder if it's really the product that we will use from eset we use. And safe like Kaspersky, Norton, Bitdefender. Is the cloud service of the above products better than eset's? Link to comment Share on other sites More sharing options...
itman 1,659 Posted October 18, 2021 Share Posted October 18, 2021 (edited) 4 hours ago, SeriousHoax said: What's the point of this? A ESET's reputation check shows that the file is old with reputation status being Fine & green and the number of users is also high with a green mark. ESET should feed from this LiveGrid status and determine that the file is trusted, whitelisted and not necessary to submit it to LiveGuard for analysis. I believe that LiveGrid maintains a list of previously submitted files files and a blacklist for ones detected as malicious . If such a file is again submitted and listed, it will be dropped from further analysis processing. The problem I believe is LiveGrid doesn't maintain a whitelist of clean files. Even if it did, it would only reflect files previously submitted. Finally, only Eset local detected suspicious files are submitted. Edited October 18, 2021 by itman Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted October 18, 2021 Administrators Share Posted October 18, 2021 Whitelisted are basically files signed by known trusted certificates, e.g. by Microsoft. Samples submitted to LiveGuard are separated from samples submitted by LiveGrid. In case of LiveGuard they are submitted to a safe environment where even access by ESET staff is very limited. This is because users can also choose to submit suspicious documents and it would not be safe if a broad group of ESET staff could access them. If a file submitted to LiveGuard turns out to be malicious, the result is shared with LiveGrid users. Other than that, nothing is shared. The fact that a file is old and more users have got it does not mean that it's 100% safe. Therefore only whitelisted files are not submitted. EDTD submits a lot of more files than LiveGuard and the systems can manage processing that load. Peter Randziak and Trooper 2 Link to comment Share on other sites More sharing options...
SeriousHoax 83 Posted October 19, 2021 Share Posted October 19, 2021 18 hours ago, itman said: I believe that LiveGrid maintains a list of previously submitted files files and a blacklist for ones detected as malicious . If such a file is again submitted and listed, it will be dropped from further analysis processing. The problem I believe is LiveGrid doesn't maintain a whitelist of clean files. Even if it did, it would only reflect files previously submitted. Finally, only Eset local detected suspicious files are submitted. Yeah, you are right on this I think. LiveGrid will be updated in case of blacklist, but it doesn't seem keep a whitelist of safe files. 18 hours ago, Marcos said: The fact that a file is old and more users have got it does not mean that it's 100% safe. Not for all files maybe but for many files out there. Like the 7zip example I gave above. It's totally unnecessary to send files like that to LiveGuard. Maybe ESET should keep a hash based whitelist for some similar trusted files to not submit. Those file's activity will still be monitored by other local protection features, so it shouldn't be a problem. Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 73 Posted October 19, 2021 ESET Insiders Share Posted October 19, 2021 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted October 19, 2021 Administrators Share Posted October 19, 2021 17 minutes ago, NewbyUser said: I was unable to reproduce it. Seems that files signed by ESET are trusted and are not submitted. The file in the notification has a weird name, what is it? What url did you download it from? Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 73 Posted October 19, 2021 ESET Insiders Share Posted October 19, 2021 6 minutes ago, Marcos said: I was unable to reproduce it. Seems that files signed by ESET are trusted and are not submitted. The file in the notification has a weird name, what is it? What url did you download it from? That was all I was downloading was the latest essp. Best I can think is it uploaded the stub from the beginning of the download. Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 73 Posted October 19, 2021 ESET Insiders Share Posted October 19, 2021 4 minutes ago, NewbyUser said: That was all I was downloading was the latest essp. Best I can think is it uploaded the stub from the beginning of the download. Just tried again the same way and this time it waited until the download was complete. Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 73 Posted October 19, 2021 ESET Insiders Share Posted October 19, 2021 Time;Hash;File;Size;Category;Reason;Sent to;User 10/19/2021 2:33:43 PM;85526304911214D45C1A7170A7A61498261342D2;C:\Users\XXX\Downloads\2fb56207-480d-4983-849c-bc5d98f7ee0e.tmp;18874368;Executable;Automatic;LiveGuard;XXXXXXXXX-XXX Log entry for said file upload Link to comment Share on other sites More sharing options...
Andrew3000 4 Posted October 19, 2021 Share Posted October 19, 2021 It's probably the download cache Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 202 Posted October 20, 2021 Most Valued Members Share Posted October 20, 2021 I wonder what you guys meaning of all of this, LiveGuard was introduced probably because there was need for 0-day protection and also Smart Security lacked something special that differs it from Internet Security The complaint here is that LiveGuard does take 1-10 minutes inorder to process what has been sent to Cloud and with that time it's blocked till it gets approved by ESET, even also as been reported that Signed files are even reported and uploaded, Let's not forget that before a while there was an article about Microsoft signing drivers which in the end was a malware LiveGuard is a kind of sandbox analysis server that is available for Smart Security products, which is normal thing for a sandbox to take time to process and analyze and send back information, there was a complaint before that LiveGrid doesn't block/prevent because it didn't have an update for a kind of file/threat , now that what LiveGuard is doing , it's blocking a file that it never seen before , which what people requested in order to prevent never seen before Ransomware files For sure a new feature , it would contain bugs and need to be fixed and optimized more and so the servers are , even if one will go and have EDTD and one endpoint for it , it would take the same amount of time for analysis Quote How long does it take ESET Dynamic Threat Defense to analyze a sample? It typically takes up to 5 minutes to analyze a sample that has never been analyzed by ESET Dynamic Threat Defense before. If a sample has already been analyzed, the result will be received in the next product request cycle, which can take up to 2 minutes. And probably LiveGuard is powered by EDTD so would be same same. LiveGuard is very nice addition by ESET , it can be fixed and optimized more for sure and I believe by the time passes it's database will be bigger and better, it's still the first public version for it , but for the question to use it or not , well Internet Security is still there if answer is not. Peter Randziak, New_Style_xd and NewbyUser 3 Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 393 Posted October 20, 2021 Most Valued Members Share Posted October 20, 2021 14 hours ago, Nightowl said: I wonder what you guys meaning of all of this, LiveGuard was introduced probably because there was need for 0-day protection and also Smart Security lacked something special that differs it from Internet Security The complaint here is that LiveGuard does take 1-10 minutes inorder to process what has been sent to Cloud and with that time it's blocked till it gets approved by ESET, even also as been reported that Signed files are even reported and uploaded, Let's not forget that before a while there was an article about Microsoft signing drivers which in the end was a malware LiveGuard is a kind of sandbox analysis server that is available for Smart Security products, which is normal thing for a sandbox to take time to process and analyze and send back information, there was a complaint before that LiveGrid doesn't block/prevent because it didn't have an update for a kind of file/threat , now that what LiveGuard is doing , it's blocking a file that it never seen before , which what people requested in order to prevent never seen before Ransomware files For sure a new feature , it would contain bugs and need to be fixed and optimized more and so the servers are , even if one will go and have EDTD and one endpoint for it , it would take the same amount of time for analysis And probably LiveGuard is powered by EDTD so would be same same. LiveGuard is very nice addition by ESET , it can be fixed and optimized more for sure and I believe by the time passes it's database will be bigger and better, it's still the first public version for it , but for the question to use it or not , well Internet Security is still there if answer is not. I think the issue people have is that they feel this is a key security feature and so should be part of at least internet security, although as mentioned above the reason this isn't the case is due to its running costs. Another issue I've seen some people mention is the fact that for a lot of users, they feel there is no reason to upgrade to premium e.g. they don't need a password manager and/or the encryption tool, and so some users feel it is a bit expensive to upgrade just for LiveGuard. I can see both sides really - I have often wondered if more people would use the top end version if it had more features. The password manager will be quite handy, but I don't think a lot of people would use the encryption tool or realise how it can help. Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 202 Posted October 21, 2021 Most Valued Members Share Posted October 21, 2021 8 hours ago, peteyt said: I think the issue people have is that they feel this is a key security feature and so should be part of at least internet security, although as mentioned above the reason this isn't the case is due to its running costs. Another issue I've seen some people mention is the fact that for a lot of users, they feel there is no reason to upgrade to premium e.g. they don't need a password manager and/or the encryption tool, and so some users feel it is a bit expensive to upgrade just for LiveGuard. I can see both sides really - I have often wondered if more people would use the top end version if it had more features. The password manager will be quite handy, but I don't think a lot of people would use the encryption tool or realise how it can help. I would like also to use it in Internet Security , but I believe LiveGuard step worked on me for Smart Security , I started to want to upgrade , but I would wait more time since my license is newly renewed and still have time. Link to comment Share on other sites More sharing options...
Guilhermesene 3 Posted October 22, 2021 Share Posted October 22, 2021 I know I don't usually post replies here on the forum, but I came to thank the whole ESET team. I have been an ESET customer for over 4 years, and honestly I found this version great, it is very stable on my machine, I could also notice that it left the machine faster. Regarding LiveGuard, in my humble point of view we have to let the new protection module “mature” because it is still very premature to have a concrete position on how good is the new feature provided by the ESET team. Anyway, this post is to thank the ESET team, because I am using ESET Smart Security (with a 3-year subscription) and it is great, even more with this new feature. Peter Randziak 1 Link to comment Share on other sites More sharing options...
Recommended Posts