Test ESET LiveGuard Advanced functionality

I. Prerequisites

Ensure that ESET LiveGuard Advanced is activated, enabled, and running correctly.

II. Prepare the test file

1.Create a new folder on your computer.

2.Exclude this folder using Performance exclusions.

3.Download the test file to an excluded folder:

oWindows test file

oLinux test file

4.Extract the downloaded archive into the excluded folder. The archive is password-protected, and the password is: infected
 

5.Windows users: To make the file unique, open the command line by pressing Win+R and type powershell. Navigate to the folder with the excluded test file. Run the command below, it adds the current timestamp to the end of the file, and the file gets a new hash:

Add-Content .\EdtdTestFile.exe $(date)

 
Linux users: To make the file unique, open the terminal, navigate to the folder with the excluded test file and type date >> create_eicar.bin (optionally, you can rename the file). This command adds the current timestamp to the end of the file, and the file gets a new hash.

III. Test ESET LiveGuard Advanced

1.Copy the file prepared in section II. to a not excluded folder. The file is immediately sent to ESET LiveGuard Advanced because it is a new executable file.

2.Optionally, you can verify if the file was submitted:

oIn the ESET security product: Click Tools > Log files > Sent files.

oIn the ESET PROTECT Web Console: Click More > Submitted files.

3.After few moments, the file is deleted from the computer, and you get a notification about the malware removal. You can see the information:

oIn the ESET security product: Click Log files > Detections.

oIn the ESET PROTECT Web Console: Click More > Submitted files.

4.If you run the test file before the analysis finishes, you get information that the ESET LiveGuard Advanced test file has run. The test file drops Eicar (a standard malware test file), which is immediately deleted. After the analysis is complete, the test file is cleaned.

IV. Test multiple files

After the test file is detected, its hash is saved locally. If you copy it from an excluded folder, it is detected immediately. You can make the file unique by repeating step II. 5. so it is sent for analysis again. Then you can follow instructions from section III.

V. Test proactive protection

1.Make sure the proactive protection is enabled. In the ESET security product, (press F5 or) navigate to Advanced Setup > Detection Engine > Cloud-based protection > ESET LiveGuard Advanced > Proactive protection = Block execution until receiving the analysis result.
 

2.Ensure that the proper communication dialogs are enabled. In the ESET security product, press F5 or click Advanced preferences > Tools > Notifications > Application notifications > enable:
File analyzed
File in analysis
File not analyzed

3.Download the second test file to a non-excluded path and execute the file.

oWindows test file

oLinux test file
 

4.You will get a notification about a not-permitted operation. You cannot execute a file during the analysis.
 

5.When the analysis is finished and the file is clean, you can execute the file.

I. Prerequisites

Ensure that ESET LiveGuard Advanced policy in ESET Cloud Office Security is enabled.

II. Prepare the test file

1.Download the test file to a location (or a machine) not protected by ESET LiveGuard Advanced policy.
 

2.Extract the downloaded file. The file is an archive, and it is password-protected. The password is: infected
 

3.To make the file unique, open the command line by pressing Win+R and type powershell.

4.Navigate to the folder with the test file.

5.Run the command below. It adds the current timestamp to the end of the file, and the file gets a new hash:
 
Add-Content .\EdtdTestFile.exe $(date)

III. Test ESET LiveGuard Advanced

1.Use the file from step II in one of the following ways:

•Move the file to OneDrive

•Create an email draft (using MS Outlook) with the test file as an attachment

•Save the file to a protected location on Sharepoint
 

2.The file is immediately sent to ESET LiveGuard Advanced.

3.To verify the file was submitted in ESET Cloud Office Security, click Logs > Submitted files.

4.After a few moments, the file is deleted. You can see the analysis result in Submitted files.