How To Make Sure Your Antivirus Software Is Working

Viruses are practically everywhere, from the home environment to the small business. Today, both the antivirus and the firewall form a kind of team to get rid of threats. The antivirus software prevents infections, and the firewalls prevent those infections from penetrating into your network. Both of them play very important roles in your computer’s arsenal. That’s why it’s important to test them. Yet how do you test your security software without actually infecting your computer intentionally? That’s what we’re about to find out.

You’ve probably asked yourself the following question: How do I make sure that the new antivirus software I installed will actually detect threats? This creates a dilemma. You certainly can’t just infect your computer out of the blue. Viruses can damage your system in ways that may make your software respond unpredictably. Chances are you won’t destroy your computer, but it will certainly be a headache to get rid of a virus, and the process may take anywhere from five minutes to an hour to completely erase.

Fortunately, there’s a simple solution: Write your own little virus. The European Institute for Computer Antivirus Research (EICAR) has created a standard for antivirus developers. Virtually all antivirus programs recognize this little file created by EICAR as a virus. It’s called the EICAR standard anti-virus test file (EICAR test file, in short). The entire file is only 70 bytes long and, when executed, simply displays “EICAR-STANDARD-ANTIVIRUS-TEST-FILE!” on your screen. Harmless, right?

antivirustest-eicar

How do we create our own EICAR file? Let’s follow the steps I took:

1. Open up Notepad and type the following string into it:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

2. Click “File,” then “Save As.” Then, select “All Files (*.*)” under “Save as type.”

3. As the file name, save it as “eicar.com”

You’re done! Now you have an official test file. If your antivirus is already telling you that you have a virus at this point, you can rest assured that the system is working perfectly.

antivirustest-eicar-detected

Ignore any messages from your antivirus software (or disable the software entirely if you cannot possibly save the EICAR file to your computer). After that, try sending it to yourself as an attachment via email. This is useful in testing the antivirus’ capabilities in intercepting malicious messages.

I’ve tested this on many antivirus platforms, and it turns out that Malwarebytes don’t pick up the EICAR test file. I did a little digging and found out that they “don’t have the time” to add such things to their databases since they’re busy trying to add more real viruses. It’s a noble goal, I suppose, but it wouldn’t take more than a few minutes to add such a signature. The test file is short specifically so that its signature would be easier to add to a database.

Keep this in mind, as other antivirus solutions might ignore the EICAR file also. They’re free to do as they wish. It doesn’t make their software any less competent, but it would be nice if you had a way to test your software without having to actually get infected at one point.

Are you running 64-bit Windows? If you are, the EICAR test file won’t open. This will not impact the antivirus software’s ability to detect it as a virus, though. If you didn’t copy and paste the code properly, or have otherwise not followed the instructions I provided to the letter, then you also will have problems running the COM file. After all, it’s practically a program in itself.

If you have any questions about the process of making sure your antivirus software is working (I know there are perhaps some I didn’t conceive of yet), please don’t hesitate to leave a comment. I answer comments very quickly and always enjoy walking people through trouble spots.