Checking the Real-Time File Protection and On-Demand Scan features

After installing Kaspersky Industrial CyberSecurity for Nodes, you can confirm that Kaspersky Industrial CyberSecurity for Nodes detects objects containing malicious code. To do this, use the EICAR test virus.

To check the Real-Time File Protection feature:

1. Download the eicar.com file from the EICAR website. Save it in a shared folder on the local drive of any device on the network.

   Before you save the file to the folder, make sure that Real-Time File Protection is disabled for the folder.

2. If you want to check that network user notifications are working, make sure that the Microsoft Windows Messenger Service is enabled both on the protected device and on the device where you saved the eicar.com file.
3. Open the Application Console on the protected computer.
4. Copy the saved eicar.com file to the local drive of the protected device using one of the following methods:
   • To test notifications through a Terminal Services window, copy the eicar.com file to the protected device after connecting to the protected device using the Remote Desktop Connection utility.
   • To test notifications through the Microsoft Windows Messenger Service, use the device's network places to copy the eicar.com file from the device where you saved it.

Real-Time File Protection is working correctly if the following conditions are met:

• The eicar.com file is deleted from the protected device.
• In the Application Console, the task log gets the Critical status. The log has a new line with information about a threat in the eicar.com file.
• The following Microsoft Windows Messenger Service message appears on the device from which you copied the file: Kaspersky Industrial CyberSecurity for Nodes blocked access to <path to file on the device>\eicar.com on computer <network name of the device> at <time that event occurred>. Reason: Threat detected. Virus: EICAR-Test-File. User name: <user name>. Computer name: <network name of the device from which you copied the file>.

  Make sure that the Microsoft Windows Messenger Service is running on the device from which you copied the eicar.com file.

To check the On-Demand Scan feature:

1. Download the eicar.com file from the EICAR website. Save it in a shared folder on the local drive of any device on the network.

   Before you save the file to the folder, make sure that Real-Time File Protection is disabled for the folder.

2. Open the Application Console and expand the On-Demand Scan node in the Application Console tree.
3. Select the Critical Areas Scan child node.
4. On the Scan scope settings tab, open the context menu on the Network node and select Add network file.
5. Enter the network path to the eicar.com file on the remote device in UNC (Universal Naming Convention) format.
6. Select the Path to object check box to include the added network path in the scan scope.
7. Run the Critical Areas Scan task.

The On-Demand Scan is working as it should if the following conditions are met:

• The eicar.com file is deleted from the device's hard drive.
• In the Application Console, the task log gets the Critical status. The Critical Areas Scan task log has a new line with information about a threat in the eicar.com file.

Page top