This document provides steps on how to perform a simple EICAR test to verify if your antivirus software is correctly honoring specific file or folder exclusions.
The EICAR (European Institute for Computer Antivirus Research) test file is a harmless, non-viral string designed specifically to be detected by antivirus programs. It's a safe way to confirm your antivirus is operational and that your exclusion settings are effective.
Steps to Perform the EICAR Test:
Obtain the EICAR Test String:
The standard EICAR test string is:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Ensure you copy this string exactly as it appears, with no extra spaces or characters.
2. Create a File Containing the String:
Open a simple text editor, such as Notepad (available on all Windows systems).
Paste the EICAR string you copied in Step 1 into the blank document.
Go to File > Save As....
In the "Save as type" dropdown, select "All Files (*.*)". This is crucial to prevent Notepad from automatically adding a .txt extension.
Name the file something like eicar.com. You can also use .txt, .zip, or other common extensions, but .com is often used to simulate an executable and is a common test case.
Choose a temporary location to save this initial file (e.g., your Desktop).
3. Place the Test File in the Excluded Location:
Navigate to the folder or directory path that you have configured as an exclusion in your antivirus software or backup application.
Copy or move the eicar.com file you created in Step 2 into this specific excluded location.
4. Observe Your Antivirus Software's Behavior:
Once the eicar.com file is placed in the excluded folder, observe your antivirus software.
If the exclusion is working correctly: Your antivirus software should NOT detect, quarantine, or delete the eicar.com file in this location. It should ignore it based on the exclusion rule.
If the exclusion is NOT working correctly: Your antivirus software WILL likely detect the eicar.com file as a virus and may quarantine, delete, or alert you about it, even though it's in the supposed exclusion path.
Interpreting the Results:
If the file is not detected in the excluded location, your exclusion is likely configured correctly for that path.
If the file is detected in the excluded location, there is an issue with your exclusion configuration, and it is not being applied as expected. You will need to review and correct your antivirus or backup software's exclusion settings.