I. Prerequisites
Ensure that ESET LiveGuard Advanced is activated, enabled, and running correctly.
II. Prepare the test file
1.Create a new folder on your computer.
2.Exclude this folder using Performance exclusions.
3.Download the test file to an excluded folder:
Windows test file
Linux test file
4.Extract the downloaded archive into the excluded folder. The archive is password-protected, and the password is: infected
5.Windows users: To make the file unique, open the command line by pressing Win+R and type powershell. Navigate to the folder with the excluded test file. Run the command below, it adds the current timestamp to the end of the file, and the file gets a new hash:
Add-Content .\EdtdTestFile.exe $(date)
Linux users: To make the file unique, open the terminal, navigate to the folder with the excluded test file and type date >> create_eicar.bin (optionally, you can rename the file). This command adds the current timestamp to the end of the file, and the file gets a new hash.
III. Test ESET LiveGuard Advanced
1.Copy the file prepared in section II. to a not excluded folder. Do not move the file. It is immediately sent to ESET LiveGuard Advanced because it is a new executable file.
2.Optionally, you can verify if the file was submitted:
In the ESET security product: Click Tools > Log files > Sent files.
In the ESET PROTECT Web Console: Click More > Submitted files.
3.After a few moments, the file is deleted from the computer, and you get a notification about the malware removal. You can see the information:
In the ESET security product: Click Log files > Detections.
In the ESET PROTECT Web Console: Click More > Submitted files.
4.If you run the test file before the analysis finishes, you get information that the ESET LiveGuard Advanced test file has run. The test file drops Eicar (a standard malware test file), which is immediately deleted. After the analysis is complete, the test file is cleaned.
IV. Test multiple files
After the test file is detected, its hash is saved locally. If you copy it from an excluded folder, it is detected immediately. You can make the file unique by repeating step II. 5. so it is sent for analysis again. Then you can follow instructions from section III.
V. Test proactive protection
1.Verify that the proactive protection is enabled. In the ESET security product, (press F5 or) navigate to Advanced Setup > Detection Engine > Cloud-based protection > ESET LiveGuard Advanced > Proactive protection = Block execution until receiving the analysis result.
2.Ensure that the proper communication dialogs are enabled. In the ESET security product, press F5 or click Advanced preferences > Notifications > Desktop notifications > Desktop notifications > Edit and enable:
File analyzed
File in analysis
File not analyzed
3.Download the second test file to a non-excluded path and execute the file.
Windows test file
Linux test file
4.You will get a notification about a not-permitted operation. You cannot execute a file during the analysis.
5.When the analysis is finished, and the file is clean, you can execute the file. |
ESET PROTECT users