ESET LiveGuard Advanced – Table of Contents

Overview

Copy current article URL Share via email

This article (PDF) Whole documentation (PDF)

About the service

ESET LiveGuard Advanced is a paid security service that adds a layer of protection designed to mitigate new, unknown threats. It analyzes suspicious files in a cloud sandbox using advanced detection engines.

How ESET LiveGuard Advanced works

Sample submission

Suspicious samples are automatically submitted to the ESET cloud for analysis in an isolated sandbox environment. Submitted samples are run in a sandbox and are evaluated by the advanced malware detection engines.

Detection and analysis

Administrators and users can define:

•The scope of files that are submitted.

•The retention period of the file in the ESET cloud.

Malicious samples or suspicious spam emails are submitted to ESET LiveGrid®. Email attachments are handled separately and are subject to submission to ESET LiveGuard Advanced. Documents and PDF files with active content (macros, javascript) are not submitted by default. See the detailed description of How detection layers work.

Manual submissions

Files can be submitted manually or automatically based on policy configuration. In the ESET PROTECT Web Console, a user can submit files reported from client machines.

What are the differences between ESET LiveGuard Advanced, ESET LiveGrid® and ESET Threat Intelligence?

Integration with ESET products

ESET security products and management console

When a sample is submitted to ESET LiveGuard Advanced for analysis, its metadata is uploaded to the management console—if the client can connect to the Server. This provides the console Administrator with a list of samples uploaded to the ESET cloud.

ESET security products and ESET LiveGuard Advanced

When an activated and configured ESET security product submits the suspicious file for analysis, the sample is uploaded to ESET LiveGuard Advanced. After ESET LiveGuard Advanced analyzes the sample, it provides the result to all machines in that company (or MSP customer) and to all companies that have ever submitted that file. The security product takes the appropriate action based on the policy in place.

In ESET endpoint and ESET server products version 7.2 and later, you can choose an action to take on suspicious files downloaded by browsers and email clients.

ESET signs all transferred packages to mitigate the risk of attack. When using an HTTP connection in the internal network, the product checks if the connection is upgraded to HTTPS behind a proxy. If the proxy is not configured correctly, the HTTPS connection is also used in the internal network.

ESET management consoles and ESET LiveGuard Advanced

The ESET LiveGuard Advanced is available in on-premises and cloud-based management consoles (ESET PROTECT On-Prem, ESET PROTECT). After ESET LiveGuard Advanced receives a sample from an ESET security product, it automatically informs the management console about the status of the analysis. When the analysis is complete, the result is transferred to the management console.

Roaming Endpoints and ESET LiveGuard Advanced

A roaming endpoint is any client with an ESET security product operating outside of your company's perimeter and has no connection to ESET PROTECT On-Prem. Usually, it is a computer at home or on a business trip without a VPN.

A roaming client takes full advantage of ESET LiveGuard Advanced. However, it does not notify ESET PROTECT On-Prem about samples that have been submitted for analysis. When the client returns to your perimeter and connects to ESET PROTECT On-Prem, the client's metadata is synchronized, and the list of submitted files is updated. Other clients on your network can receive updates that result from discovered threats while a client is roaming even before it synchronizes with ESET PROTECT On-Prem.

ESET Cloud Office Security and ESET LiveGuard Advanced

ESET LiveGuard Advanced analyzes submitted files by executing suspicious code in an isolated environment to evaluate its behavior. ESET Cloud Office Security submits suspicious email attachments and files from Microsoft Exchange Online, OneDrive, Teams groups and SharePoint sites to ESET LiveGuard Advanced for analysis. ESET Cloud Office Security does not require or upload data to an ESET management console. Information about submitted files and their results are present in ESET Cloud Office Security.

Global Database

ESET LiveGuard Advanced uses two Azure data centers (the USA and Europe) to store hashes of the files and the results of their analysis. Data centers provide faster results for already analyzed files. The ESET Headquarters (located in Slovakia) stores all the submitted files and performs the analysis. Each customer's (company's) data is stored separately in one global database. ESET routes user connections to the nearest data center.

We highly recommend that you use a Proxy for caching responses from ESET servers, especially for users with a high number of client machines (hundreds or more), since using a Proxy can save significant network traffic.

You can exclude selected folders and processes to decrease the number of submitted files and improve the overall performance.

˄˅