blitzarokra 3 Posted July 9 Posted July 9 When I had this enabled, I use SSP. It did upload the file and I got a notice that it never had seen this file before. Now, nothing. I have downloaded files that have not been seen at all. I have programmed tools that have never been seen. And LiveGuard doesn't even block or upload or give a notice. I have noticed this after the last release of the product. I can't really say I have wrong settings, but I have formatted my harddrives and re-installed SSP maybe 1 week ago. I have only enabled learning mode on Firewall. That's all.
Administrators Marcos 5,466 Posted July 9 Administrators Posted July 9 Did you attempt to run such file and didn't get a notification like this? For me it works with v17.2:
blitzarokra 3 Posted July 9 Author Posted July 9 (edited) I don't get notifications about "File blocked due to analysis". The thing is. When I look at Eset LiveGuard how it have been protected me. I can see it have done some analyzes. But I never get notifications about this. So maybe LiveGuard works. But It doesn't notice me about this. What I remember have I not touched the settings for notifications of Eset LiveGuard. It does some analysis, but every time I run my own software that never have been seen It won't block it, I can run it anyway. Same to other files. Edited July 9 by blitzarokra settings, can run anyway
Administrators Marcos 5,466 Posted July 9 Administrators Posted July 9 You should get a notification only when you attempt to run a file temporarily blocked due to analysis by LiveGuard.
blitzarokra 3 Posted July 9 Author Posted July 9 (edited) I still can run any file I want. LiveGuard doesn't block me from doing it. Maybe that's the reason I never get notifications? Do I need to re-install SSP to get this working again? Or is there some form of settings? Edited July 9 by blitzarokra reinstall
Administrators Marcos 5,466 Posted July 9 Administrators Posted July 9 The question is what file you have downloaded and what application downloaded it. Maybe the file has been already scanned or it's trusted so no analysis is needed, or the file has been already analyzed recently. Please provide a hash of the file so that I can try it myself with the very same file.
blitzarokra 3 Posted July 9 Author Posted July 9 (edited) Ok here is a hash from the logging. C822A0F0C9F3EADE997277C8B2D98223CC08B944. I downloaded this file today and was able to run this file without any block or notifications. To download this file, I used my webbrowser. It's an executable file, to register at a game. Edited July 9 by blitzarokra where and how
Administrators Marcos 5,466 Posted July 9 Administrators Posted July 9 This file is 2 years old. It has been already analyzed as it was blocked for about 1 second on my machine before I could run it: 2024/07/08 22:51:11 CLEAN
blitzarokra 3 Posted July 9 Author Posted July 9 Just now, Marcos said: This file is 2 years old. Most likely it has been already analyzed as it was blocked for about 1 second on my machine before I could run it. Yes I know it's old. Is there any way to check that everything works like it should, like testing a file for LiveGuard? Maybe I have changed a setting or something?
Administrators Marcos 5,466 Posted July 9 Administrators Posted July 9 Here are instructions how to test LiveGuard: https://help.eset.com/elga/en-US/test_functionality.html
blitzarokra 3 Posted July 9 Author Posted July 9 Still the same issues. I can't see the popup you was showing me. I click and click. But the LiveGuard sent it to the sandbox, what I can see in the logs.
Administrators Marcos 5,466 Posted July 9 Administrators Posted July 9 Couldn't it be that you have changed the behavior of proactive protection?
blitzarokra 3 Posted July 9 Author Posted July 9 The settings there is the same as the one you have a rectangle around.
Administrators Marcos 5,466 Posted July 9 Administrators Posted July 9 If a test file created as per https://help.eset.com/elga/en-US/test_functionality.html was not blocked and detected, please raise a support ticket for further troubleshooting.
itman 1,807 Posted July 9 Posted July 9 (edited) 4 hours ago, Marcos said: Here are instructions how to test LiveGuard: https://help.eset.com/elga/en-US/test_functionality.html Appears to be a bug in ESSP LiveGuard processing. I followed the above test procedure exactly as stated. Just prior to receiving the LiveGuard file scan confirmation alert that the file was malicious and deleted/quarantined, I received the following alert; Selecting "Delete" option did nothing since the file was locked by LiveGuard. Also, no Detection log entry was created for this alert. In my prior testing using the LiveGuard test file procedure, this alert never appeared. Edited July 9 by itman
blitzarokra 3 Posted July 10 Author Posted July 10 (edited) On 7/9/2024 at 4:52 PM, itman said: Appears to be a bug in ESSP LiveGuard processing. I followed the above test procedure exactly as stated. Just prior to receiving the LiveGuard file scan confirmation alert that the file was malicious and deleted/quarantined, I received the following alert; Selecting "Delete" option did nothing since the file was locked by LiveGuard. Also, no Detection log entry was created for this alert. In my prior testing using the LiveGuard test file procedure, this alert never appeared. I did get this too. So I couldn't test the LiveGuard. The reason I said it didn't work. I don't know how many times I tried to change date on the file. Still the same result. Edited July 10 by blitzarokra date
itman 1,807 Posted July 10 Posted July 10 @Marcos, a follow up to my above posting. I forgot to delete the LiveGuard test folder which contained the LiveGuard test .exe yesterday. I use the Win 7 backup in Win 10 to back up my files to another drive. When that backup ran today, it copied the LiveGuard test folder to my backup drive. Shortly, thereafter I get the Eset LiveGuard popup alert that LiveGuard scanned the LiveGuard test file, found it malicious, and deleted it. The problem is I did not receive an Eset desktop notification that the file was sent to LiveGuard for analysis. Also, no entry was created in the Sent files log related to this. I checked my Eset Desktop Notification settings in regards to sent files and they are all enabled. It does appear that ver. 17.2 has changed something in regards to notifications of sent files to LiveGuard. This would lead some to believe it's not functioning properly.
itman 1,807 Posted July 10 Posted July 10 58 minutes ago, blitzarokra said: I did get this too. So I couldn't test the LiveGuard. The reason I said it didn't work Did you create the Eset real-time scanning Performance exclusion for the LiveGuard test folder you created as instructed in the test procedure? If you did not, Eset real-time protection will detect the LiveGuard test file after .zip file extraction and immediately delete it.
Solution blitzarokra 3 Posted July 15 Author Solution Posted July 15 I don't know what solved my issue. But I want to tell you guys that everything works as it should. This thread can maybe be solved?
Purpleroses 21 Posted July 17 Posted July 17 I got the message file was sent to be analysis. What I want to know am I suppose to get another message saying if it is safe because I have never seen another message.
itman 1,807 Posted July 17 Posted July 17 1 hour ago, Purpleroses said: I got the message file was sent to be analysis. What I want to know am I suppose to get another message saying if it is safe because I have never seen another message. Assuming the submission was from LiveGuard and not LiveGrid, you will only get a reply verdict popup if the file was found to be malicious. If the submission was from LiveGrid, you will never get any reply verdict popup. LiveGrid submissions are for Eset information purposes only. Peter Randziak 1
Administrators Marcos 5,466 Posted July 18 Administrators Posted July 18 You'd also receive a verdict for files analyzed by ESET LiveGuard if you have attempted to access a temporarily blocked file:
Recommended Posts