ESET LiveGuard Advanced – Table of Contents

Behavioral report

The behavioral report contains essential data about the inspected file and observed behavior from the sandbox analysis. Each sample can have multiple observed behaviors.

To view the report, navigate to Submitted Files in the Web Console. Select the file and click Show Details > View Behavior to see the File Behavior Report.

Behavioral report layout

The report layout and available sections depend on your license type:

Report sections

EDR/XDR

non-EDR/non-XDR

Result

Available

Available

Summary

Available

X

Analysis parameters

Available

Available

Analyzed behaviors

Available

Available

Static analysis

Available

X

Dynamic analysis

Available

X

Important

All behavioral reports for non-EDR/non-XDR license users generated before December 15, 2025 will remain in the legacy format.

Result

The result section provides the final assessment of the file. The section includes SHA-1 and SHA-256 hashes of the submitted file, information on the file category and details of the detection, if available.

Result

Summary

The Summary section contains an AI-generated summary for reports with results other than Clean. The summary provides a review of the sandbox analysis for the submitted file. The Summary is dynamically generated when you open the report. Click Show more details to view additional information.

This section is available only to EDR/XDR license users.

Summary

Analysis parameters

Analysis parameters are grouped into two categories:

File details contain information about the filename, category, and size. The section also includes SHA-1 and SHA-256 hashes of the submitted file.

Note

Users can redirect to VirusTotal via a redirect Redirect icon next to the SHA hashes.

Sandbox details show parameters with which the replication was run.

Analysis parameters

Analyzed behaviors

The Analyzed behaviors section provides a list of detected behaviors, their details, and the number of reasons for detection. Click the arrow-down arrow_down icon at the end of the line to view more information on the detection.

Analyzed behaviors

Static analysis

You can view the Static analysis section to analyze samples within their environments.

This section is available only to EDR/XDR license users.

The following tabs are available:

Details—Consists of two sections: A General info section with an overview of the file and a Versions section with the file version details.

File geometry—Lists structural information obtained from ESET subsystems. The files included in a nested file are highlighted.

Imports—Lists visible libraries and their imports, including those unaffected by the file. You can find the dynamically loaded libraries and their imports in the API Logs section. The files included in a nested file are highlighted.

Exports—Lists the export functions valid for .dll files.

Sections—Lists the portable executables containing code and data complying with the program.

Resources—Lists the content from the .rsrc section. The files with the known file type are highlighted.

Methods—Lists the methods and functions utilized by the samples.

Objective-C classes—Lists Objective-C classes specific to macOS samples. The files included in a nested file are highlighted.

Note

The example below displays only four tabs. There may be more depending on the file type.

Static analysis

Dynamic analysis

This section is available only to EDR/XDR license users.

Use the search bar or view the logs based on the following:

Process—The tree-structured list of actions is grouped by running processes. You can see the files and registry changes grouped by process. Select a process marked with a blue dot in the tree to display the details of the performed operations. Processes without a blue dot in the tree did not perform any monitored operations.

arrow_down_business Process tree view

Operations—List of actions based on operation type. The Operations tab is divided into sections:

File—Details about the affected files.

Interaction—Detailed sandbox interaction overview.

Network—List of network activities.

Process—List of actions taken on processes.

Registry—Details about the affected registries.

Based on the performed operations, the Operations tab may also include other dynamic sections.

arrow_down_business Operations list

API Logs—Overview of the process activity through selected system functions.

arrow_down_business API Logs

View and download the behavioral report

Flat mode

You can view the behavioral report in a flat mode. The flat mode displays all recorded actions or events in a linear list, without grouping or nesting under parent processes, categories, or hierarchies.

The flat mode is disabled by default. You can enable the flat mode by clicking the Flat mode toggle in the top corner of the report.

Download the behavioral report

You can download the report by clicking the Download button in the analysis result section. You can download the report as a PDF or JSON file.

When you select a PDF format, a PDF download indicator appears in the top corner, displaying the download progress. Alternatively, you can download the PDF report directly from the Submitted files > Export report.

Report header