Cloud-based protection
Quick links: Cloud-based protection, Submission of samples, ESET LiveGuard Advanced
ESET LiveGrid® is an advanced early warning system comprised of several cloud-based technologies. It helps to detect emerging threats based on reputation and improves scanning performance utilizing whitelisting.
When deploying ESET Endpoint Antivirus for Linux remotely through ESET PROTECT, you can configure one of the following options regarding cloud-based protection:
•You can decide not to enable ESET LiveGrid®. Your software will not lose any functionality, but in some cases, ESET Endpoint Antivirus for Linux may respond slower to new threats than detection engine database update.
•You can configure ESET LiveGrid® to submit anonymous information about new threats and where the new threatening code was detected. This file can be sent to ESET for detailed analysis. Studying these threats will help ESET update its threat detection capabilities.
By default, ESET Endpoint Antivirus for Linux is configured to submit suspicious files to the ESET Virus Lab for analysis. Files with certain extensions such as .doc or .xls are always excluded. You can also add other extensions if there are specific files that you or your organization want to avoid sending.
Cloud-based protection
Enable ESET LiveGrid® reputation system (recommended)
The ESET LiveGrid® reputation system improves the efficiency of ESET anti-malware solutions by comparing scanned files to a database of whitelisted and blacklisted items in the cloud.
Enable ESET LiveGrid® feedback system
Data will be sent to the ESET Research Lab for further analysis.
Submit crash reports and diagnostic data
Submit data such as crash reports, modules or memory dumps.
Help improve the product by submitting anonymous usage statistics
Allow ESET to collect information about newly detected threats such as the threat name, date and time of detection, detection method and associated metadata, scanned files (hash, filename, origin of the file, telemetry), blocked and suspicious URL's, product version and configuration, including information about your system.
Contact email (optional)
Your contact email can be included with any suspicious files and may be used to contact you if further information is required for analysis. Please note that you will not receive a response from ESET unless more information is needed.
Submission of samples
Automatic submission of detected samples
Based on the selected option, this can submit infected samples to ESET for analysis and to improve future detection.
•All infected samples
•All samples except documents
•Do not submit
Automatic submission of suspicious samples
Suspicious samples resembling threats, and/or samples with unusual characteristics or behavior are submitted to ESET for analysis.
•Executable - Includes executable files: .exe, .dll, .sys
•Archives - Includes archive file types: .zip, .rar, .7z, .arch, .arj, .bzip2, .gzip, .ace, .arc, .cab
•Scripts - Includes script file types: .bat, .cmd, .hta, .js, .vbs, .ps1
•Other - Includes file types: .jar, .reg, .msi, .swf, .lnk
•Documents - Includes documents created in Microsoft Office, Libre Office or other office tool, or PDF's with active content
Exclusions
Click Edit next to Exclusions to configure how threats are submitted to ESET Virus Labs for analysis.
Maximum size of samples (MB)
Define the maximum size of samples to be scanned.
Allow the below network prerequisites in your firewall for ESET Endpoint Antivirus for Linux to work correctly: •For correct operation of ESET LiveGrid® see the Knowledgebase article •For correct operation of ESET LiveGrid® feedback system (submission of samples) see the Knowledgebase article |
ESET LiveGuard Advanced
ESET LiveGuard Advanced is a paid service provided by ESET. Its purpose is to add a layer of protection specifically designed to mitigate new threats in the world.
Availability The service is available only if ESET Endpoint Antivirus for Linux version 8.1 or later is managed remotely. Depending on the proactive protection settings of ESET LiveGuard Advanced, a file submitted for analysis might be blocked from execution until a result is received. Such blocking is accompanied by a message of "Operation not permitted" or a similar message. |
To see the status of ESET LiveGuard Advanced service in your instance of EEAU, execute one of the following commands in a Terminal window as a privileged user:
/opt/eset/eea/lib/cloud -l
or
/opt/eset/eea/lib/cloud --liveguard-status
To enable the service in EEAU:
1.In ESET PROTECT, click Policies > New policy and type a name for the policy.
2.Click Settings and select ESET Endpoint for Linux (V7+) from the drop-down menu.
3.Click Detection engine > Cloud-based protection.
4.Enable Enable ESET LiveGrid® reputation system (recommended), Enable ESET LiveGrid® feedback system, and Enable ESET LiveGuard.
5.To modify the default ESET LiveGuard Advanced settings, click ESET LiveGuard, and adjust the available options. For more information on those ESET LiveGuard settings, see the table with the heading "Section: ESET LiveGuard Advanced" in the ESET LiveGuard Advanced documentation.
6.Click Continue > Assign and select the desired group of computers to which the policy applies.
7.Click OK, and then click Finish.
ESET Status Portal
ESET Status Portal displays the current status of ESET cloud services, scheduled outages and past incidents. If you are experiencing an issue with a supported ESET service and do not see it listed in the Status Portal, contact ESET Technical Support.
Monitoring teams verify potential issues internally, and confirmed incidents are posted and updated manually to maintain high credibility and accuracy. Therefore, they appear on the Status Portal with a slight delay. Incidents with a short duration may not be posted if they are resolved before being manually confirmed.