Jump to content

More LiveGuard Concerns

Recommended Posts

As far as I am concerned there is a timing issue in regards to LiveGuard uploads.

This morning I went to the Kaspersky Virus Removal Tool web site using Firefox. Upon access to the web site and in anticipation of me performing an actual download, Firefox did a partial download of the KVRT.exe file. LiveGuard immediately sent this to the cloud and generated a desktop alert:

Time;Hash;File;Size;Category;Reason;Sent to;User
5/7/2022 9:31:19 AM;2A589D5ED79B97DDF45432A24650ACF81ABA2F1E;C:\Users\xxxxxx\Downloads\KTLQMcZI.exe.part;45088768;Executable;Automatic;ESET LiveGuard;xxxxxxx

5/7/2022 9:31:19 AM;ESET Kernel;File 'KTLQMcZI.exe.part' was sent to ESET Virus Lab for analysis.;SYSTEM

Of note is I did not actually download the app and exited the web site. That was it for any other LiveGuard alerting or logging activity

Shortly thereafter, I did actually return to the web site and perform an actual download:


Note that the actual size of the KVRT.exe download is 114 MB.

Edited by itman
Link to comment
Share on other sites

I finally resolved these partial file uploads to LiveGuard via Firefox downloading.

By "playing around" with Firefox download settings, I was able to eliminate Firefox creating .part file downloads in %LocalAppData%\Temp directory. Now all Firefox .part file downloads go directly to my Downloads directory. Unfortunately, this change also activated Firefox's new download behavior where the download occurs immediately upon access to any web site where a download option is presented. As such and as far as I am concerned, setting Firefox's download option to always ask where the download should be stored is a must to prevent a drive-by download attack that sneaked though Eset detection.

Tested yesterday with a 55 MB download and Liveguard submitted the entire .exe file.

Today, retested using the Kaspersky Virus Removal Tool download. Note this download is updated daily with new malware detection's resulting in a new file hash value. Upon file download, no LiveGuard submission as expected since this file being 111 MB, exceeded LiveGuard's maximum file submission size of 64 MB.

Edited by itman
Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...