What files are sent to the sandbox?

If a file is submitted manually for ESET LiveGuard Advanced analysis, the system sends the selected file with no regard for file type. For automatic file submissions, the ESET security product only submits files that have not been scanned before and having the defined file type. The file type is determined based on the contents of a file, not its file extension since a user or malware can easily change the file extension.

ESET Mail Security and ESET Endpoint Security use a different approach. Different file types are processed differently in each of them.

ESET Mail Security - Processing is synchronized, the system waits for the result.

ESET Endpoint Security and ESET Server Security - Processing is asynchronous. The system does not wait for the result.

Whether a file is submitted or not depends on the source of file (web / mail / https).

arrow_down_business Table of actions according to file type

What is the maximum size of a file which can be sent?

ESET Security products can submit files up to 64 MB in size. You can define a maximum size to send in your policy for ESET LiveGuard Advanced.

What do the states of analysis and file statuses mean?

Refer to the related chapter.

How to prevent ESET security product from deleting certain file?

You can add an exclusion on hash of a file and after the exclusion is applied, restore the file. Such a file will not be scanned by ESET security product again.

How is ESET LiveGuard Advanced updated?

ESET LiveGuard Advanced is updated remotely on the ESET cloud. You do not have to update the service manually. Update your installed security products when there is a new version available, to get new features.

What happens to settings on product after the ESET LiveGuard Advanced license expires?

All settings stay unchanged, and Web Console displays warning about the expired license. Apply another policy to turn off the settings.

How long does it take to analyze the sample?

It typically takes up to five minutes to analyze a sample that has never been analyzed by ESET LiveGuard Advanced before. If a sample has already been analyzed, the user will receive the result in the next product request cycle, taking up to two minutes.

Can a computer benefit from ESET LiveGuard Advanced but submit no files?

You can set up an individual policy for a computer (or computers) with higher security requirements, which would not submit any files. If such the machine has ESET LiveGuard Advanced activated, it receives priority results from analysis of other files submitted from its company. Files evaluated as malicious are afterward detected also by ESET LiveGrid® which helps to protect other connected machines.


You can find more questions and answers in our FAQ article.

Is ESET LiveGuard Advanced sharing results of analysis across my accounts or customers?

ESET LiveGuard Advanced shares results immediately across all machines activated from a single ESET Business Account even with multiple licenses in the account.

When using an ESET MSP Administrator account, ESET LiveGuard Advanced shares results immediately only within one MSP customer. Customers of a single MSP do not share their results.

When are the detection results from ESET LiveGuard Advanced available in ESET LiveGrid®?

The most severe detections are available several hours after the result, the less severe detections later.