Marcolino 0 Posted August 16, 2023 Posted August 16, 2023 I've been using ESET Smart Security Premium (ESSP) over a year now and I'm very satisfied with it. I'm curious what the main differences are between the LiveGuard feature included in ESSP vs. LiveGuard Advanced from the business version. I'm playing with the thought to use the "Protect Advanced" business version with 5 seats for my personal computers if there is a significant difference with the LiveGuard feature. Might be a bit overkill for home usage but whatever I'm very paranoid and I'm already used to the cloud dashboard from work.. (we have the Protect Entry version there without LG) As far as I have read you get a score back from LiveGuard Advanced and not only "Malicious/Not Malicous" like from ESSP LiveGuard. But the main thing for me would be the fact when samples are submitted to LiveGuard vs LiveGuard Advanced. I've read files to LiveGuard are only submitted with a dectection > 90% of suspicous behaviour. As far as I remember from my 30-day trial of the "Protect Advanced" business version, you can select the minimum threshold like "suspicous / highly suspicous/..." (or sth. like that) when a file will be uploaded to LiveGuard Advanced. My guess would be that the "lowest level" I could (and would) select in this case would be sth. around 75% although it's not mentioned. So I guess the default for the "normal" LiveGuard from ESSP is to only submit the "ultra suspicious" files to LiveGuard (prob. to save resources) and allow all the other executables if they are not recognized with the local scan engines from ESET on your system and ESET LiveGrid? My general hope was that ESET LiveGuard uses a big "whitelist" hash-database or sth. similar and stricly upload every executable / script etc. (what filetypes you defined in the settings) to LiveGuard so that nothing without a known hash (to ESET) can pass LiveGuard's cloud analysis. But as far as I have read thats neither the case with LiveGuard nor with LiveGuard Advanced? I've also read in this comment from another post that the ESSP LiveGuard uses "LiveGrid cloud analysis" only and not the full "execution sandbox analysis performed on MS Azure servers". Is that true? That would mean that this chart "How detection layers work" is completely different for ESSP LiveGuard compared to LG Advanced from the business version? That would be a mayor difference for me, since I want maximum cloud based protection. /Ps.: It's also a bit sad that the reports from LiveGuard Advanced have very less details and only a few more when you have 100+ seats. Would be cool to have access to massive in-depth reports in the future with attached screenshots etc. like from the "GravityZone Business Security Premium" subscription in similar price range from Bitdefender that I testet a few weeks ago for its sandbox capability. I really enjoyed to see every single step that the malware did on execution on my airgapped test machine. Overall it was slower compared to ESET's LiveGuard and featurewise ESET is still ahead imo. At least there are good external alternatives like joes sandbox or any.run and so on. /PPs.: Sorry for any mistakes, English is not my main language.
itman 1,802 Posted August 16, 2023 Posted August 16, 2023 Refer to this: https://support.eset.com/en/kb6681-comparison-of-eset-liveguard-advanced-eset-threat-intelligence-and-eset-livegrid . The main difference between LiveGuard and LiveGuard Advanced is it is designed to interface with Eset server products. 2 hours ago, Marcolino said: I've also read in this comment from another post that the ESSP LiveGuard uses "LiveGrid cloud analysis" only and not the full "execution sandbox analysis performed on MS Azure servers". Is that true? The only analysis done by LiveGrid in the Eset cloud is a file blacklist lookup. LiveGrid's primary purpose to forward suspicious files to Eset Lab for further analysis. Feature-wise the only difference between LiveGuard and LiveGuard Advanced is LiveGuard Advanced malware detection confidence level is configurable in regards to suspicious processes allowing the user to make the decision to allow or deny execution. micasayyo 1
Marcolino 0 Posted August 16, 2023 Author Posted August 16, 2023 (edited) 45 minutes ago, itman said: Refer to this: https://support.eset.com/en/kb6681-comparison-of-eset-liveguard-advanced-eset-threat-intelligence-and-eset-livegrid . The main difference between LiveGuard and LiveGuard Advanced is it is designed to interface with Eset server products. The only analysis done by LiveGrid in the Eset cloud is a file blacklist lookup. LiveGrid's primary purpose to forward suspicious files to Eset Lab for further analysis. Feature-wise the only difference between LiveGuard and LiveGuard Advanced is LiveGuard Advanced malware detection confidence level is configurable in regards to suspicious processes allowing the user to make the decision to allow or deny execution. Thank you for your answer, you're literally everywhere on this forum. I know the main difference between LiveGuard and LiveGrid, I was just a bit confused regarding your old reply where it seems LiveGuard and LG Advanced are complete different things because LG Advanced does "sandbox analysis" on Azure servers compared to "ESSP LiveGuard is performing LiveGrid cloud analysis only". That part confused me. So if I've read your reply above right the How detection layers work chart with all its layers applies for both ESSP LiveGuard and LiveGuard Advanced? (except for the "detection confidence level" to trigger LiveGuard and "final decision" score at the end) Edited August 16, 2023 by Marcolino
czesetfan 29 Posted August 17, 2023 Posted August 17, 2023 My understanding is that the evaluation of the "detection confidence level" is a process that LiveGuard implements on the servers, so it's the resulting score from the analysis. Not the "suspicion" level of the local installation of ESSP on the PC that would decide to send it to LiveGuard. (High I send, low I don't.)
Recommended Posts