[KB6569] ESET LiveGuard Advanced FAQ

Issue

Solution

ESET LiveGuard Advanced operation

  1. How does ESET LiveGuard Advanced determine which samples to send for analysis?

    • When an ESET application compatible with ESET LiveGuard Advanced detects a new sample, it is automatically scanned using the multilayer ESET scanning engine.
    • If the result is not 100% malicious or 100% clean, your application decides whether to analyze the sample in ESET LiveGuard Advanced.
    • If the sample can be analyzed, a hash is sent to ESET to check if the file has already been analyzed in ESET LiveGuard Advanced.
    • If ESET has not yet received this sample, it is sent to ESET for analysis.
    • Metadata from your ESET application will be sent to ESET PROTECT or ESET PROTECT On-Prem for administrator visibility.

  2. How are sample results received by ESET applications after they have been analyzed in ESET LiveGuard Advanced?

    • Sample test results are sent to ESET Cloud running in Microsoft Azure.
    • All ESET LiveGuard Advanced compatible applications check ESET Cloud periodically for recent results.
    • If a new result is available, the hash and result are saved, and if applicable, an action is taken.

  3. Does Mail Security send internal email samples to ESET LiveGuard Advanced or only external email samples?

    ESET Mail Security scans all emails. However, ESET LiveGuard Advanced only scans external emails.

  4. What if ESET LiveGuard Advanced detects a threat in a sample you know to be clean?

    If a threat is detected in a known clean sample, the application has most likely already remediated the threat and put the sample in quarantine. If this happens, the administrator can exclude the sample: Click the sample in Submitted Files → select Add exclusion to Policy. After that, create a task to move the sample out of quarantine. The sample will never be scanned again.

  5. Can I choose which files I submit to ESET LiveGuard Advanced?

    The administrator can select from five categories of file types to be sent from each ESET application using a policy. The file types include executables, archives, scripts, documents, and others. The administrator can also create an exclusion list based on file extension or directory.

  6. Which file types does ESET LiveGuard Advanced support?

    ESET LiveGuard Advanced can analyze any file. However, only files that can harm a computer, contain or download malicious content are automatically sent for analysis. Executables, scripts, and documents are supported if they are stored in an archive.

  7. Which operating system environments can use ESET LiveGuard Advanced for analysis in a controlled environment?

    ESET LiveGuard Advanced works with supported ESET security applications. The analysis starts with the operating system, where the sample is most likely to perform harmful actions. Parameters cannot be manually defined.

  8. How do I receive notifications about the availability status of ESET LiveGuard Advanced after it is enabled?

    When ESET LiveGuard Advanced is not available, notifications about its protection status are displayed in the Status Overview section of ESET Security Management Center.

  9. Does ESET LiveGuard Advanced require that I allow additional IP addresses through my firewall?

    See this article for the list of all required addresses and ports for ESET applications.

  10. Where can I see the samples that I sent to ESET LiveGuard Advanced?

    To view the samples that were sent to ESET LiveGuard Advanced, as well as other data that was sent to ESET, including LiveGrid and diagnostic data, log in to ESET PROTECT or ESET PROTECT On-Prem and click More Submitted Files.

  11. Where can I see the emails that have been postponed for delivery while ESET LiveGuard Advanced completes an analysis?

    ESET Mail Security for Exchange postpones email delivery for a pre-defined time or until the results are received. The list of postponed emails is available in Mail Security for Exchange under ToolsESET LiveGuard Advanced.

  12. How long does it take ESET LiveGuard Advanced to analyze a sample?

    It typically takes up to five minutes to analyze a sample that has never been analyzed by ESET LiveGuard Advanced before. If a sample has already been analyzed, the result is received in the next application request cycle, which can take up to two minutes.

  13. How often is ESET PROTECT or ESET PROTECT On-Prem updated with ESET LiveGuard Advanced status changes?

    ESET PROTECT and ESET PROTECT On-Prem refresh every minute, updating the newly sent sample data and associated results.

  14. How can I enable ESET LiveGuard Advanced using ESET PROTECT or ESET PROTECT On-Prem?

    Enable ESET LiveGuard Advanced automatically using ESET PROTECT or ESET PROTECT On-Prem.

Security and Privacy

  1. How are documents kept secure when they are sent from an ESET application to ESET LiveGuard Advanced?

    All samples are encrypted and sent through HTTPS. They are then stored on a dedicated storage server with limited access by ESET employees for the pre-defined time set by the sender's computer policy, after which they are deleted or stored securely.

  2. Is the information anonymized in any way?

    The data arrives in an anonymous format: the systems have access only to the customer ID from their ESET PROTECT Hub. However, the customer ID is not associated with the data from the specific computer that sent a sample for analysis. By default, the customer ID and the customer name are not available to any employee.

  3. In which regions are ESET LiveGuard Advanced processing servers and storage hosted?

    All samples are sent to ESET headquarters, located in Bratislava, Slovakia, Europe.

    When the analysis is finished, the hash and result are stored in ESET Cloud, which runs in Microsoft Azure data centers in the US and Europe. All computers request results from Microsoft Azure, not ESET Headquarters.

  4. How are samples from ESET LiveGuard Advanced handled?

    Samples received to ESET LiveGuard Advanced are stored on a dedicated storage server with exceptional security. They are not stored on the same server as the LiveGrid samples. As an additional layer of security, only selected employees have access to the ESET LiveGuard Advanced samples. You can choose when the clean samples should be deleted from the servers after analysis. This setting is located in your application and includes the following delete options:

    • Never
    • After 30 days
    • Immediately after analysis

    This option is available only when you've purchased the ESET LiveGuard Advanced service. Document samples are always deleted from ESET servers. Note that if the sample is found to be malicious, it is kept for further analysis and to enhance the detection systems.

  5. Why should I opt to allow ESET to keep samples for 30 days after analysis?

    As ESET Machine Learning models or Scanning Engine are updated, a sample that was classified as clean might be reclassified as Suspicious or Malicious. If this occurs, ESET re-analyzes stored samples and notifies you of the updated result, which detects a new type of advanced persistent threat in your infrastructure.

  6. Are the samples or metadata that are sent to ESET LiveGuard Advanced shared with third-party entities?

    No. ESET cooperates with other vendors to exchange malicious samples sent via LiveGrid to improve the knowledge. However, samples sent to ESET LiveGuard Advanced are never shared with other parties. ESET does not share any samples or metadata sent to ESET LiveGuard Advanced with any third-party entity. ESET believes in consumer privacy and has put in place countless measures to be considered a trustworthy partner with whom you can trust your data. All hardware that stores or processes samples is always owned by and located in ESET headquarters.

  7. How long does ESET LiveGuard Advanced keep submitted samples and documents?

    When ESET LiveGuard Advanced is purchased, the administrator can set the per-computer policy to delete samples like executables, scripts, archives, or others immediately after analysis, after 30 days, or never if the result is clean. For documents, the administrator can set only immediately after analysis or after 30 days, after the result of the analysis is clean. If the sample is detected as suspicious or worse, ESET keeps the sample for further analysis and also keeps metadata for service improvement.

  8. What happens if one data center becomes temporarily unavailable?

    Your data is analyzed at ESET headquarters, where all systems are in high-availability mode and under 24/7/365 monitoring.

    For ESET Cloud in Microsoft Azure, all systems are in high-availability mode within a data center. The systems in ESET data centers are under 24/7/365 monitoring. If the US or Europe data center is not available, they are still in high-availability mode between each other, and all information is synchronized among data centers. Therefore, no service degradation should ever occur. As a precaution, however, all samples are stored in a queue, and after they are processed, the results are delivered as soon as possible.

  9. Which data does ESET store in Microsoft Azure?

    ESET stores the following data in Microsoft Azure:

    • Customer ID
    • Data visible in ESET PROTECT or ESET PROTECT On-Prem:
      • Hash of sample
      • The result (status)
      • Category (file type)
      • State of analysis
      • Size of the analyzed file
    • Other internal statistical data

  10. Where are the Terms of Use and Privacy Policy documents for ESET LiveGuard Advanced?

Last Updated: Feb 26, 2026

Additional resources

User guides

ESET Forum

YouTube videos
ESET Support News ESET Customer Advisories ESET Status Portal ESET Technical Support

Existing customer?