Jump to content

It feels like Eset LiveGuard is no longer working


Go to solution Solved by blitzarokra,

Recommended Posts

When I had this enabled, I use SSP. It did upload the file and I got a notice that it never had seen this file before.

Now, nothing. I have downloaded files that have not been seen at all. I have programmed tools that have never been seen.

And LiveGuard doesn't even block or upload or give a notice. I have noticed this after the last release of the product.

I can't really say I have wrong settings, but I have formatted my harddrives and re-installed SSP maybe 1 week ago. I have only enabled learning mode on Firewall. That's all.

Link to comment
Share on other sites

  • Administrators

Did you attempt to run such file and didn't get a notification like this? For me it works with v17.2:

image.png

Link to comment
Share on other sites

Posted (edited)

I don't get notifications about "File blocked due to analysis". The thing is. When I look at Eset LiveGuard how it have been protected me. I can see it have done some analyzes. But I never get notifications about this. So maybe LiveGuard works. But It doesn't notice me about this.

What I remember have I not touched the settings for notifications of Eset LiveGuard.

It does some analysis, but every time I run my own software that never have been seen It won't block it, I can run it anyway. Same to other files.

Edited by blitzarokra
settings, can run anyway
Link to comment
Share on other sites

  • Administrators

You should get a notification only when you attempt to run a file temporarily blocked due to analysis by LiveGuard.

Link to comment
Share on other sites

Posted (edited)

I still can run any file I want. LiveGuard doesn't block me from doing it. Maybe that's the reason I never get notifications?

Do I need to re-install SSP to get this working again? Or is there some form of settings?

Edited by blitzarokra
reinstall
Link to comment
Share on other sites

  • Administrators

The question is what file you have downloaded and what application downloaded it. Maybe the file has been already scanned or it's trusted so no analysis is needed, or the file has been already analyzed recently. Please provide a hash of the file so that I can try it myself with the very same file.

Link to comment
Share on other sites

Posted (edited)

Ok here is a hash from the logging. C822A0F0C9F3EADE997277C8B2D98223CC08B944. I downloaded this file today and was able to run this file without any block or notifications.

To download this file, I used my webbrowser. It's an executable file, to register at a game.

Edited by blitzarokra
where and how
Link to comment
Share on other sites

  • Administrators

This file is 2 years old. It has been already analyzed as it was blocked for about 1 second on my machine before I could run it:

2024/07/08 22:51:11   CLEAN
Link to comment
Share on other sites

Just now, Marcos said:

This file is 2 years old. Most likely it has been already analyzed as it was blocked for about 1 second on my machine before I could run it.

Yes I know it's old. Is there any way to check that everything works like it should, like testing a file for LiveGuard?

Maybe I have changed a setting or something?

Link to comment
Share on other sites

Still the same issues. I can't see the popup you was showing me. I click and click. But the LiveGuard sent it to the sandbox, what I can see in the logs.

Link to comment
Share on other sites

  • Administrators

Couldn't it be that you have changed the behavior of proactive protection?

image.png

Link to comment
Share on other sites

Posted (edited)
4 hours ago, Marcos said:

Here are instructions how to test LiveGuard: https://help.eset.com/elga/en-US/test_functionality.html

Appears to be a bug in ESSP LiveGuard processing.

I followed the above test procedure exactly as stated. Just prior to receiving the LiveGuard file scan confirmation alert that the file was malicious and deleted/quarantined, I received the following alert;

Eset_LiveGuard.png.12e43a8f52978ce299dc5b38845468a8.png

Selecting "Delete" option did nothing since the file was locked by LiveGuard. Also, no Detection log entry was created for this alert.

In my prior testing using the LiveGuard test file procedure, this alert never appeared.

Edited by itman
Link to comment
Share on other sites

Posted (edited)
On 7/9/2024 at 4:52 PM, itman said:

Appears to be a bug in ESSP LiveGuard processing.

I followed the above test procedure exactly as stated. Just prior to receiving the LiveGuard file scan confirmation alert that the file was malicious and deleted/quarantined, I received the following alert;

Eset_LiveGuard.png.12e43a8f52978ce299dc5b38845468a8.png

Selecting "Delete" option did nothing since the file was locked by LiveGuard. Also, no Detection log entry was created for this alert.

In my prior testing using the LiveGuard test file procedure, this alert never appeared.

I did get this too. So I couldn't test the LiveGuard. The reason I said it didn't work.

I don't know how many times I tried to change date on the file. Still the same result.

Edited by blitzarokra
date
Link to comment
Share on other sites

@Marcos, a follow up to my above posting.

I forgot to delete the LiveGuard test folder which contained the LiveGuard test .exe yesterday.

I use the Win 7 backup in Win 10 to back up my files to another drive. When that backup ran today, it copied the LiveGuard test folder to my backup drive. Shortly, thereafter I get the Eset LiveGuard popup alert that LiveGuard scanned the LiveGuard test file, found it malicious, and deleted it.

The problem is I did not receive an Eset desktop notification that the file was sent to LiveGuard for analysis. Also, no entry was created in the Sent files log related to this. I checked my Eset Desktop Notification settings in regards to sent files and they are all enabled.

It does appear that ver. 17.2 has changed something in regards to notifications of sent files to LiveGuard. This would lead some to believe it's not functioning properly.

Link to comment
Share on other sites

58 minutes ago, blitzarokra said:

I did get this too. So I couldn't test the LiveGuard. The reason I said it didn't work

Did you create the Eset real-time scanning Performance exclusion for the LiveGuard test folder you created as instructed in the test procedure? If you did not, Eset real-time protection will detect the LiveGuard test file after .zip file extraction and immediately delete it.

Link to comment
Share on other sites

  • Solution

I don't know what solved my issue. But I want to tell you guys that everything works as it should. This thread can maybe be solved?

Link to comment
Share on other sites

I got the message file was sent to be analysis.  What I want to know am I suppose to get another message saying if it is safe because I have never seen another message.

Link to comment
Share on other sites

1 hour ago, Purpleroses said:

I got the message file was sent to be analysis.  What I want to know am I suppose to get another message saying if it is safe because I have never seen another message.

Assuming the submission was from LiveGuard and not LiveGrid, you will only get a reply verdict popup if the file was found to be malicious.

If the submission was from LiveGrid, you will never get any reply verdict popup. LiveGrid submissions are for Eset information purposes only.

Link to comment
Share on other sites

  • Administrators

You'd also receive a verdict for files analyzed by ESET LiveGuard if you have attempted to access a temporarily blocked file:

image.png

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...