Hello,
Out of curiosity I downloaded various Eicar files from here:
https://ipinfo.info/html/testvirus.php
I was able to save most of them in a folder, without any reaction from Webroot.
If I scan the folder , the are detected as “malicious” , but no reaction when I downloaded them.
I have “Scan archived files” and “ Check files for threats when written or modified” selected.
Theoretically , these Eicar versions should have been scanned upon download.
Best answer by TripleHelix
Look at the same subjects over the years: https://community.webroot.com/search?q=Eicar
Blog: https://www.webroot.com/blog/2018/09/05/eicar-common-false-positive-world/
Wed 2022-02-16 08:53:47.0664 Blocked website: https://meineipadresse.de/testvirus/eicar.zip (Rep: 10/Cat: 56/Det: BC)
Wed 2022-02-16 08:54:59.0931 Blocked website: https://secure.eicar.org/eicar_com.zip (Rep: 10/Cat: 56/Det: BC)
Wed 2022-02-16 08:55:25.0464 Blocked website: https://secure.eicar.org/eicar.com (Rep: 10/Cat: 56/Det: BC)
Wed 2022-02-16 08:59:22.0316 Blocked website: https://meineipadresse.de/testvirus/eicar.com (Rep: 10/Cat: 56/Det: BC)
Wed 2022-02-16 09:00:01.0858 Blocked website: https://secure.eicar.org/eicar.com.txt (Rep: 10/Cat: 56/Det: BC)
Wed 2022-02-16 09:00:45.0368 Infection detected: E:\Users\Daniel\Downloads\eicar.com\eicar.com [SHA256: 275A021BBFB6489E54D471899F7DB9D1663FC695EC2FE2A2C4538AABF651FD0F] [MD5: 44D88612FEA8A8F36DE82E1278ABB02F] [3/00080200] [W32.Eicar.Testvirus.Gen]
Wed 2022-02-16 09:00:45.0369 Infection found in realtime: E:\Users\Daniel\Downloads\eicar.com\eicar.com [UniqueID: 1B025A27, MD5: 44D88612FEA8A8F36DE82E1278ABB02F, Size: 68 bytes] [524800/00000003] [W32.Eicar.Testvirus.Gen]
Wed 2022-02-16 09:01:47.0801 Blocked website: https://meineipadresse.de/testvirus/eicar.zip (Rep: 10/Cat: 56/Det: BC)
Wed 2022-02-16 09:03:08.0106 Infection detected: E:\Users\Daniel\Downloads\eicar2\eicar\eicar.com [SHA256: 275A021BBFB6489E54D471899F7DB9D1663FC695EC2FE2A2C4538AABF651FD0F] [MD5: 44D88612FEA8A8F36DE82E1278ABB02F] [3/00080200] [W32.Eicar.Testvirus.Gen]
Wed 2022-02-16 09:03:08.0106 Infection found in realtime: E:\Users\Daniel\Downloads\eicar2\eicar\eicar.com [UniqueID: 1B025A27, MD5: 44D88612FEA8A8F36DE82E1278ABB02F, Size: 68 bytes] [524800/00000003] [W32.Eicar.Testvirus.Gen]
+63Hello
As far as I know they are not detected because WSA knows there harmless but I will ping our Threat Experts
You should go here: https://www.eicar.org/
Well I got two detection when unzipping them!
HTH,
Hello
As far as I know they are not detected because WSA knows there harmless but I will ping our Threat Experts
You should go here: https://www.eicar.org/
Well I got two detection when unzipping them!
HTH,
As you can see , when unzip they are detected , so the theory about “they are not detected because WSA knows there harmless” does not hold water.
They should be detected upon download, before being stored on the PC, not after they are stored and purposely scanned.
“You should go here: https://www.eicar.org/”
This is not a detection, this is a “reaction” implemented in each and every antivirus.
As you can see, downloading Eicar from a different location doe not trigger any reaction on Webroot.
.
+63Look at the same subjects over the years: https://community.webroot.com/search?q=Eicar
Blog: https://www.webroot.com/blog/2018/09/05/eicar-common-false-positive-world/
Wed 2022-02-16 08:53:47.0664 Blocked website: https://meineipadresse.de/testvirus/eicar.zip (Rep: 10/Cat: 56/Det: BC)
Wed 2022-02-16 08:54:59.0931 Blocked website: https://secure.eicar.org/eicar_com.zip (Rep: 10/Cat: 56/Det: BC)
Wed 2022-02-16 08:55:25.0464 Blocked website: https://secure.eicar.org/eicar.com (Rep: 10/Cat: 56/Det: BC)
Wed 2022-02-16 08:59:22.0316 Blocked website: https://meineipadresse.de/testvirus/eicar.com (Rep: 10/Cat: 56/Det: BC)
Wed 2022-02-16 09:00:01.0858 Blocked website: https://secure.eicar.org/eicar.com.txt (Rep: 10/Cat: 56/Det: BC)
Wed 2022-02-16 09:00:45.0368 Infection detected: E:\Users\Daniel\Downloads\eicar.com\eicar.com [SHA256: 275A021BBFB6489E54D471899F7DB9D1663FC695EC2FE2A2C4538AABF651FD0F] [MD5: 44D88612FEA8A8F36DE82E1278ABB02F] [3/00080200] [W32.Eicar.Testvirus.Gen]
Wed 2022-02-16 09:00:45.0369 Infection found in realtime: E:\Users\Daniel\Downloads\eicar.com\eicar.com [UniqueID: 1B025A27, MD5: 44D88612FEA8A8F36DE82E1278ABB02F, Size: 68 bytes] [524800/00000003] [W32.Eicar.Testvirus.Gen]
Wed 2022-02-16 09:01:47.0801 Blocked website: https://meineipadresse.de/testvirus/eicar.zip (Rep: 10/Cat: 56/Det: BC)
Wed 2022-02-16 09:03:08.0106 Infection detected: E:\Users\Daniel\Downloads\eicar2\eicar\eicar.com [SHA256: 275A021BBFB6489E54D471899F7DB9D1663FC695EC2FE2A2C4538AABF651FD0F] [MD5: 44D88612FEA8A8F36DE82E1278ABB02F] [3/00080200] [W32.Eicar.Testvirus.Gen]
Wed 2022-02-16 09:03:08.0106 Infection found in realtime: E:\Users\Daniel\Downloads\eicar2\eicar\eicar.com [UniqueID: 1B025A27, MD5: 44D88612FEA8A8F36DE82E1278ABB02F, Size: 68 bytes] [524800/00000003] [W32.Eicar.Testvirus.Gen]
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
