Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 5327 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OK that eicar.com.txt is not recognized when moved around or loaded into an editor?

snmdla

An on demand scan will detect the EICAR test virus in file eicar.com.txt, as expected.

What puzzled me is, that the same file can be loaded into an editor, or even be moved around with the Windows Explorer, without Enpoint Protection complaining.

On Access scan is configured to observe read, write and execute opterations.

Is this "OK".

I know, that loading a file into an editor will not activate a virus, but I would have expected that On Access scan would warn me that a file I'm dealing with contains a virus (even if only the EICAR test virus).

Thanks for sharing your opinion.

Regards, Thomas

:56247


This thread was automatically locked due to age.
  • 0

    Hello Thomas,

    On-Access with the default settings scan only specific extensions (which belong to, in the broader sense, executable files). You'll find the list in an endpoint's GUI Configure -> On-access tab Extensions.

    an on demand scan will detect

    created via Scans (or policy) or a right-click scan? Right-click scan all files, On-Demand (immediate and scheduled) scans use a list like On-Access.

    read, write and execute

    it's read, write and rename (execution requires reading so ...). Just remove the .txt extension and you'll see that On-Access kicks in.

    Christian

    :56248
Unfiltered HTML