blitzarokra 3 Posted July 9 Share Posted July 9 When I had this enabled, I use SSP. It did upload the file and I got a notice that it never had seen this file before. Now, nothing. I have downloaded files that have not been seen at all. I have programmed tools that have never been seen. And LiveGuard doesn't even block or upload or give a notice. I have noticed this after the last release of the product. I can't really say I have wrong settings, but I have formatted my harddrives and re-installed SSP maybe 1 week ago. I have only enabled learning mode on Firewall. That's all. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,228 Posted July 9 Administrators Share Posted July 9 Did you attempt to run such file and didn't get a notification like this? For me it works with v17.2: Quote Link to comment Share on other sites More sharing options...
blitzarokra 3 Posted July 9 Author Share Posted July 9 (edited) I don't get notifications about "File blocked due to analysis". The thing is. When I look at Eset LiveGuard how it have been protected me. I can see it have done some analyzes. But I never get notifications about this. So maybe LiveGuard works. But It doesn't notice me about this. What I remember have I not touched the settings for notifications of Eset LiveGuard. It does some analysis, but every time I run my own software that never have been seen It won't block it, I can run it anyway. Same to other files. Edited July 9 by blitzarokra settings, can run anyway Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,228 Posted July 9 Administrators Share Posted July 9 You should get a notification only when you attempt to run a file temporarily blocked due to analysis by LiveGuard. Quote Link to comment Share on other sites More sharing options...
blitzarokra 3 Posted July 9 Author Share Posted July 9 (edited) I still can run any file I want. LiveGuard doesn't block me from doing it. Maybe that's the reason I never get notifications? Do I need to re-install SSP to get this working again? Or is there some form of settings? Edited July 9 by blitzarokra reinstall Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,228 Posted July 9 Administrators Share Posted July 9 The question is what file you have downloaded and what application downloaded it. Maybe the file has been already scanned or it's trusted so no analysis is needed, or the file has been already analyzed recently. Please provide a hash of the file so that I can try it myself with the very same file. Quote Link to comment Share on other sites More sharing options...
blitzarokra 3 Posted July 9 Author Share Posted July 9 (edited) Ok here is a hash from the logging. C822A0F0C9F3EADE997277C8B2D98223CC08B944. I downloaded this file today and was able to run this file without any block or notifications. To download this file, I used my webbrowser. It's an executable file, to register at a game. Edited July 9 by blitzarokra where and how Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,228 Posted July 9 Administrators Share Posted July 9 This file is 2 years old. It has been already analyzed as it was blocked for about 1 second on my machine before I could run it: 2024/07/08 22:51:11 CLEAN Quote Link to comment Share on other sites More sharing options...
blitzarokra 3 Posted July 9 Author Share Posted July 9 Just now, Marcos said: This file is 2 years old. Most likely it has been already analyzed as it was blocked for about 1 second on my machine before I could run it. Yes I know it's old. Is there any way to check that everything works like it should, like testing a file for LiveGuard? Maybe I have changed a setting or something? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,228 Posted July 9 Administrators Share Posted July 9 Here are instructions how to test LiveGuard: https://help.eset.com/elga/en-US/test_functionality.html Quote Link to comment Share on other sites More sharing options...
blitzarokra 3 Posted July 9 Author Share Posted July 9 Still the same issues. I can't see the popup you was showing me. I click and click. But the LiveGuard sent it to the sandbox, what I can see in the logs. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,228 Posted July 9 Administrators Share Posted July 9 Couldn't it be that you have changed the behavior of proactive protection? Quote Link to comment Share on other sites More sharing options...
blitzarokra 3 Posted July 9 Author Share Posted July 9 The settings there is the same as the one you have a rectangle around. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,228 Posted July 9 Administrators Share Posted July 9 If a test file created as per https://help.eset.com/elga/en-US/test_functionality.html was not blocked and detected, please raise a support ticket for further troubleshooting. Quote Link to comment Share on other sites More sharing options...
itman 1,739 Posted July 9 Share Posted July 9 (edited) 4 hours ago, Marcos said: Here are instructions how to test LiveGuard: https://help.eset.com/elga/en-US/test_functionality.html Appears to be a bug in ESSP LiveGuard processing. I followed the above test procedure exactly as stated. Just prior to receiving the LiveGuard file scan confirmation alert that the file was malicious and deleted/quarantined, I received the following alert; Selecting "Delete" option did nothing since the file was locked by LiveGuard. Also, no Detection log entry was created for this alert. In my prior testing using the LiveGuard test file procedure, this alert never appeared. Edited July 9 by itman Quote Link to comment Share on other sites More sharing options...
blitzarokra 3 Posted July 10 Author Share Posted July 10 (edited) On 7/9/2024 at 4:52 PM, itman said: Appears to be a bug in ESSP LiveGuard processing. I followed the above test procedure exactly as stated. Just prior to receiving the LiveGuard file scan confirmation alert that the file was malicious and deleted/quarantined, I received the following alert; Selecting "Delete" option did nothing since the file was locked by LiveGuard. Also, no Detection log entry was created for this alert. In my prior testing using the LiveGuard test file procedure, this alert never appeared. I did get this too. So I couldn't test the LiveGuard. The reason I said it didn't work. I don't know how many times I tried to change date on the file. Still the same result. Edited July 10 by blitzarokra date Quote Link to comment Share on other sites More sharing options...
itman 1,739 Posted July 10 Share Posted July 10 @Marcos, a follow up to my above posting. I forgot to delete the LiveGuard test folder which contained the LiveGuard test .exe yesterday. I use the Win 7 backup in Win 10 to back up my files to another drive. When that backup ran today, it copied the LiveGuard test folder to my backup drive. Shortly, thereafter I get the Eset LiveGuard popup alert that LiveGuard scanned the LiveGuard test file, found it malicious, and deleted it. The problem is I did not receive an Eset desktop notification that the file was sent to LiveGuard for analysis. Also, no entry was created in the Sent files log related to this. I checked my Eset Desktop Notification settings in regards to sent files and they are all enabled. It does appear that ver. 17.2 has changed something in regards to notifications of sent files to LiveGuard. This would lead some to believe it's not functioning properly. Quote Link to comment Share on other sites More sharing options...
itman 1,739 Posted July 10 Share Posted July 10 58 minutes ago, blitzarokra said: I did get this too. So I couldn't test the LiveGuard. The reason I said it didn't work Did you create the Eset real-time scanning Performance exclusion for the LiveGuard test folder you created as instructed in the test procedure? If you did not, Eset real-time protection will detect the LiveGuard test file after .zip file extraction and immediately delete it. Quote Link to comment Share on other sites More sharing options...
Solution blitzarokra 3 Posted July 15 Author Solution Share Posted July 15 I don't know what solved my issue. But I want to tell you guys that everything works as it should. This thread can maybe be solved? Quote Link to comment Share on other sites More sharing options...
Purpleroses 21 Posted July 17 Share Posted July 17 I got the message file was sent to be analysis. What I want to know am I suppose to get another message saying if it is safe because I have never seen another message. Quote Link to comment Share on other sites More sharing options...
itman 1,739 Posted July 17 Share Posted July 17 1 hour ago, Purpleroses said: I got the message file was sent to be analysis. What I want to know am I suppose to get another message saying if it is safe because I have never seen another message. Assuming the submission was from LiveGuard and not LiveGrid, you will only get a reply verdict popup if the file was found to be malicious. If the submission was from LiveGrid, you will never get any reply verdict popup. LiveGrid submissions are for Eset information purposes only. Peter Randziak 1 Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,228 Posted July 18 Administrators Share Posted July 18 You'd also receive a verdict for files analyzed by ESET LiveGuard if you have attempted to access a temporarily blocked file: Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.