Advanced threat defense

ESET LiveGuard Advanced previously ESET Dynamic Threat Defense

Provides proactive cloud-based threat defense against targeted attacks and new, never-before-seen threat types, especially ransomware.

Future-proof your organization's
IT security with:

  • Advanced unpacking & scanning
  • Cutting-edge machine learning
  • Cloud-based sandboxing
  • In-depth behavioral analysis

Enabled for ESET products:

  • Endpoint Protection
  • File Server Security
  • Mail Security
  • Cloud App Protection

Explore features

Ransomware and zero-day threat detection

ESET LiveGuard Advanced uses four separate detection layers to maximize detections. Samples first undergo static analysis and state-of-the-art unpacking, and are matched against an enriched threat database. The second layer performs static and dynamic analysis, using machine learning algorithms and techniques that include deep learning. Samples are then detonated in sophisticated sandboxes that monitor any signs of malicious behavior. Finally, all sandbox outputs are subjected to in-depth behavioral analysis to identify known malicious patterns and actions.

Granular reports

An admin can create a report from ESET LiveGuard Advanced data in the ESET PROTECT console. They can either use one of the pre-defined reports or make a custom one.

Transparent, full visibility

Every analyzed sample status is visible in the ESET PROTECT console, showing data sent to ESET LiveGrid®. For privacy, you can also require immediate post-analysis deletion of samples.

Automatic protection

The endpoint or server product automatically decides whether a sample is good, bad or unknown. If the sample is unknown, it is sent to ESET LiveGuard Advanced for analysis. Once the analysis is finished, the result is shared, and the endpoint products respond accordingly.

Mail Security protection

Not only does ESET LiveGuard Advanced work with files, but it also works directly with ESET Mail Security, to ensure that malicious emails are not delivered to your organization.


Nowadays, employees often do not work on the premises. Our advanced threat defense analyzes files no matter where users are.

Proactive protection

If a sample is found to be suspicious, it is blocked from executing, pending analysis by ESET LiveGuard Advanced. Upon detection, all endpoints in the network are protected within minutes.

Tailored customization

ESET allows per-computer detailed policy configuration for ESET LiveGuard Advanced so the admin can control what is sent and what should happen based on the receiving result.

Manual submission

At any time, a user or admin can submit samples via an ESET compatible product for analysis and get the full result. Admins will see who sent what and what the result was directly in the ESET PROTECT console.

Prerequisites for proper functioning:

  • A working ESET Business Account or ESET MSP Administrator account synchronized with an ESET management console
  • A supported ESET management console
  • Version 7.x or later of compatible ESET security products installed
  • A valid license for ESET LiveGuard Advanced
  • Activated Security products with ESET LiveGuard Advanced License
  • ESET LiveGuard Advanced enabled in policies for compatible Security products
  • Network requirements on opened ports are the same as for ESET LiveGrid®
  • Access to ESET LiveGuard Advanced online servers

Requirements for ESET Cloud Office Security users

  • ESET Endpoint Antivirus for Windows
  • ESET Endpoint Security for Windows
  • ESET Mail Security for Microsoft Exchange
  • ESET File Security for Windows Server
  • ESET Server Security for Windows Server
  • ESET Endpoint Antivirus for Linux
  • ESET Server Security for Linux
  • ESET Cloud Office Security

How our advanced, multilayered analysis works

ESET Dynamic Threat Defense is a cloud-based sandboxing solution that executes all submitted suspicious samples in an isolated test environment and evaluates their behavior using threat intelligence feeds, ESET’s multiple internal tools for static and dynamic analysis, and reputation data to detect zero-day threats. Four layers are used to analyze samples, but not all of these have to be used if we’re sure about the result in advance.

System requirements

  • A working ESET Business Account or ESET MSP Administrator account synchronized with an ESET management console
  • ESET PROTECT cloud or on-premise console deployed
  • Version 7.0 or newer of compatible ESET security products for Windows installed
  • Version 8.1 or newer of compatible ESET security products for Linux installed
  • A valid license for ESET Dynamic Threat Defense or bundled solution licence with cloud sandbox component included
  • Activated security products with ESET Dynamic Threat Defense licence
  • ESET Dynamic Threat Defense enabled in policies for compatible security products
  • Network requirements on opened ports