- Apr 17, 2021
Yes. LiveGuard is a cloud-based sandbox that combines machine learning and behavior analysis engines in multiple layers. Sounds great right? However, in my testing, LiveGuard missed a number of threats which is detected by other trusted vendors and later detected by ESET after manual analysis. After reading the reports of EDTD (=LiveGuard, LiveGuard doesn't provide reports though), I found that those missed samples were marked as "Clean" by the machine learning layer and were not processed by the behavior analysis engines that followed the machine learning engine. Also, the detection threshold of LiveGuard is set to high, possibly due to false positive control for home products.I totally agree with your opinion. Eset lays too much stress on FP. yes, it's important but not more than protection itself. When I used ESET, I set the protection to all agressive, and it was like other AV's normal protection.
By the way, Do you know how effective Live Guard is? As I know, it's kind of sandbox module just like one in the Avast. I felt the machine learning of ESET(so called Augur) was effective, but I don't know much about Live Guard.
CyberCapture from Avast isn't a cloud-based sandbox. It's a local dynamic heuristic sandbox that will send suspicious samples to the cloud if the local dynamic engine cannot make a decision.