ESET Online Help

Search English
Select the topic

ESET LiveGuard

ESET LiveGuard is a feature that adds a layer of cloud-based protection specifically designed to mitigate never-before-seen threats.

When enabled, suspicious samples not yet confirmed as malicious and potentially carrying malware are automatically submitted to the ESET cloud. Submitted samples are run in a sandbox and are evaluated by our advanced malware detection engines. Malicious samples or suspicious spam emails are submitted to ESET LiveGrid®. Email attachments are handled separately and are subject to submission to ESET LiveGuard. You can define the scope of submitted files and the file retention period in the ESET cloud. Documents and PDF files with active content (macros, javascript) are not submitted by default.

ESET LiveGuard can be enabled or disabled in:

Main program window > Setup > Computer protection

Advanced setup > Detection Engine > Cloud-based Protection

To access advanced settings for ESET LiveGuard, open Advanced setup > Detection Engine > Cloud-based Protection > ESET LiveGuard.

Action after detection—Sets the action to take if the analyzed sample is evaluated as a threat.

Proactive protection—Allows or blocks the execution of files being analyzed by ESET LiveGuard. If a file is suspicious, proactive protection blocks its execution until the analysis completes. Proactive protection detects only files from the following sources:

Files downloaded using a supported web browser

Downloaded from a mail client

Files extracted from an unencrypted or encrypted archive using one of the supported archive utilities

Executed and opened files located on a removable device

See the supported applications in the table below:

Web browsers

Mail Clients

Archive utilities

Removable devices

Internet Explorer

Microsoft Outlook


USB flash drive

Microsoft Edge

Mozilla Thunderbird


USB hard drive


Microsoft Mail

Microsoft Explorer built-in unpacker





Floppy disk




Built-in card reader

Brave Browser






Files copied using Windows Explorer from an excluded location to a protected location get blocked by proactive protection because ESET Smart Security Premium recognizes explorer.exe as an archive utility.


If Proactive protection is set to Block execution until receiving the analysis result and you want to unblock the file being analyzed, right-click the file and click Unblock file analyzed by ESET LiveGuard.

Maximum wait time for the analysis result (min)—Sets the time after which the analyzed files will be unblocked regardless of whether the analysis has finished.

ESET LiveGuard will inform you about the analysis status using notifications. See the available notifications below:

Notification title


ICON_INFO File blocked due to analysis

The file is blocked by ESET LiveGuard. ESET LiveGuard is analyzing the file to ensure it is safe to use. You can wait or choose one of the following options:

Unblock the file—Unblocks the file, but the analysis continues. You will get a notification about the result. This is not recommended if you are not sure about the file integrity.

Change setup—Opens the Computer protection setup window where you can disable the ESET LiveGuard and its proactive protection.

ICON_INFO File unblocked

The file is no longer blocked. The analysis continues, and you will get a notification about the result. You can open the file.

ICON_CAUTION File still in analysis

ESET LiveGuard needs more time to finish the analysis. You can open the file if needed.

ICON_WARNING Threat removed

ESET LiveGuard has finished the analysis and the file contained a threat. The file has been cleaned.


ESET LiveGuard has finished the analysis, and the file is safe to use.

If ESET LiveGuard is not functioning properly, you will receive a notification in the main program window > Overview. Follow the instructions in the notification to resolve the issue. If you are unable to resolve the issue, Contact Technical Support.