This test virus is designed to verify the operation of anti-virus applications. It was developed by the European Institute for Computer Antivirus Research (EICAR).
The test virus is not a malicious object and does not contain executable code for your device, but most vendors' anti-virus applications identify it as a threat.
The file containing this test virus is called eicar.com. You can download it from the EICAR website.
Before saving the file in a folder on the device's hard drive, make sure that Real-Time File Protection is disabled on that drive.
The eicar.com file contains a line of text. When scanning the file Kaspersky Industrial CyberSecurity for Nodes detects the test threat in this line of text, assigns the Infected status to the file, and deletes it. Information about the threat detected in the file will appear in the Application Console and in the task log.
You can use the eicar.com file to check how Kaspersky Industrial CyberSecurity for Nodes disinfects the infected objects and how it detects probably infected objects. To do this, open the file using a text editor, add one of the prefixes listed in the table below to the beginning of the line of text in the file, and save the file with a new name, such as eicar_cure.com.
To make sure that Kaspersky Industrial CyberSecurity for Nodes processes the eicar.com file with a prefix, in the Objects protection security settings section, set the All objects value for the Real-Time Computer Protection tasks and Default On-Demand Scan tasks of Kaspersky Industrial CyberSecurity for Nodes.
Prefixes in EICAR files
Prefix |
File status after the scan and Kaspersky Industrial CyberSecurity for Nodes action |
---|---|
No prefix |
Kaspersky Industrial CyberSecurity for Nodes assigns the Infected status to the object and deletes it. |
SUSP– |
Kaspersky Industrial CyberSecurity for Nodes assigns the Probably infected status to the object detected by the heuristic analyzer and deletes it since probably infected objects are not disinfected. |
WARN– |
Kaspersky Industrial CyberSecurity for Nodes assigns the Probably infected status to the object (the object's code partly matches the code of a known threat) and deletes it since probably infected objects are not disinfected. |
CURE– |
Kaspersky Industrial CyberSecurity for Nodes assigns the Infected status to the object and disinfects it. If disinfection is successful, the entire text in the file is replaced with the word "CURE". |