Jump to content

Recommended Posts

Posted

When I had this enabled, I use SSP. It did upload the file and I got a notice that it never had seen this file before.

Now, nothing. I have downloaded files that have not been seen at all. I have programmed tools that have never been seen.

And LiveGuard doesn't even block or upload or give a notice. I have noticed this after the last release of the product.

I can't really say I have wrong settings, but I have formatted my harddrives and re-installed SSP maybe 1 week ago. I have only enabled learning mode on Firewall. That's all.

  • Administrators
Posted

Did you attempt to run such file and didn't get a notification like this? For me it works with v17.2:

image.png

Posted (edited)

I don't get notifications about "File blocked due to analysis". The thing is. When I look at Eset LiveGuard how it have been protected me. I can see it have done some analyzes. But I never get notifications about this. So maybe LiveGuard works. But It doesn't notice me about this.

What I remember have I not touched the settings for notifications of Eset LiveGuard.

It does some analysis, but every time I run my own software that never have been seen It won't block it, I can run it anyway. Same to other files.

Edited by blitzarokra
settings, can run anyway
  • Administrators
Posted

You should get a notification only when you attempt to run a file temporarily blocked due to analysis by LiveGuard.

Posted (edited)

I still can run any file I want. LiveGuard doesn't block me from doing it. Maybe that's the reason I never get notifications?

Do I need to re-install SSP to get this working again? Or is there some form of settings?

Edited by blitzarokra
reinstall
  • Administrators
Posted

The question is what file you have downloaded and what application downloaded it. Maybe the file has been already scanned or it's trusted so no analysis is needed, or the file has been already analyzed recently. Please provide a hash of the file so that I can try it myself with the very same file.

Posted (edited)

Ok here is a hash from the logging. C822A0F0C9F3EADE997277C8B2D98223CC08B944. I downloaded this file today and was able to run this file without any block or notifications.

To download this file, I used my webbrowser. It's an executable file, to register at a game.

Edited by blitzarokra
where and how
  • Administrators
Posted

This file is 2 years old. It has been already analyzed as it was blocked for about 1 second on my machine before I could run it:

2024/07/08 22:51:11   CLEAN
Posted
Just now, Marcos said:

This file is 2 years old. Most likely it has been already analyzed as it was blocked for about 1 second on my machine before I could run it.

Yes I know it's old. Is there any way to check that everything works like it should, like testing a file for LiveGuard?

Maybe I have changed a setting or something?

Posted

Still the same issues. I can't see the popup you was showing me. I click and click. But the LiveGuard sent it to the sandbox, what I can see in the logs.

  • Administrators
Posted

Couldn't it be that you have changed the behavior of proactive protection?

image.png

Posted

The settings there is the same as the one you have a rectangle around.

Posted (edited)
4 hours ago, Marcos said:

Here are instructions how to test LiveGuard: https://help.eset.com/elga/en-US/test_functionality.html

Appears to be a bug in ESSP LiveGuard processing.

I followed the above test procedure exactly as stated. Just prior to receiving the LiveGuard file scan confirmation alert that the file was malicious and deleted/quarantined, I received the following alert;

Eset_LiveGuard.png.12e43a8f52978ce299dc5b38845468a8.png

Selecting "Delete" option did nothing since the file was locked by LiveGuard. Also, no Detection log entry was created for this alert.

In my prior testing using the LiveGuard test file procedure, this alert never appeared.

Edited by itman
Posted (edited)
On 7/9/2024 at 4:52 PM, itman said:

Appears to be a bug in ESSP LiveGuard processing.

I followed the above test procedure exactly as stated. Just prior to receiving the LiveGuard file scan confirmation alert that the file was malicious and deleted/quarantined, I received the following alert;

Eset_LiveGuard.png.12e43a8f52978ce299dc5b38845468a8.png

Selecting "Delete" option did nothing since the file was locked by LiveGuard. Also, no Detection log entry was created for this alert.

In my prior testing using the LiveGuard test file procedure, this alert never appeared.

I did get this too. So I couldn't test the LiveGuard. The reason I said it didn't work.

I don't know how many times I tried to change date on the file. Still the same result.

Edited by blitzarokra
date
Posted

@Marcos, a follow up to my above posting.

I forgot to delete the LiveGuard test folder which contained the LiveGuard test .exe yesterday.

I use the Win 7 backup in Win 10 to back up my files to another drive. When that backup ran today, it copied the LiveGuard test folder to my backup drive. Shortly, thereafter I get the Eset LiveGuard popup alert that LiveGuard scanned the LiveGuard test file, found it malicious, and deleted it.

The problem is I did not receive an Eset desktop notification that the file was sent to LiveGuard for analysis. Also, no entry was created in the Sent files log related to this. I checked my Eset Desktop Notification settings in regards to sent files and they are all enabled.

It does appear that ver. 17.2 has changed something in regards to notifications of sent files to LiveGuard. This would lead some to believe it's not functioning properly.

Posted
58 minutes ago, blitzarokra said:

I did get this too. So I couldn't test the LiveGuard. The reason I said it didn't work

Did you create the Eset real-time scanning Performance exclusion for the LiveGuard test folder you created as instructed in the test procedure? If you did not, Eset real-time protection will detect the LiveGuard test file after .zip file extraction and immediately delete it.

  • Solution
Posted

I don't know what solved my issue. But I want to tell you guys that everything works as it should. This thread can maybe be solved?

Posted

I got the message file was sent to be analysis.  What I want to know am I suppose to get another message saying if it is safe because I have never seen another message.

Posted
1 hour ago, Purpleroses said:

I got the message file was sent to be analysis.  What I want to know am I suppose to get another message saying if it is safe because I have never seen another message.

Assuming the submission was from LiveGuard and not LiveGrid, you will only get a reply verdict popup if the file was found to be malicious.

If the submission was from LiveGrid, you will never get any reply verdict popup. LiveGrid submissions are for Eset information purposes only.

  • Administrators
Posted

You'd also receive a verdict for files analyzed by ESET LiveGuard if you have attempted to access a temporarily blocked file:

image.png

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...