About the EICAR test virus

This test virus is designed to verify the operation of anti-virus applications. It was developed by the European Institute for Computer Antivirus Research (EICAR).

The test virus is not a malicious object and does not contain executable code for your device, but most vendors' anti-virus applications identify it as a threat.

The file containing this test virus is called eicar.com. You can download it from the EICAR website.

Before saving the file in a folder on the device's hard drive, make sure that Real-Time File Protection is disabled on that drive.

The eicar.com file contains a line of text. When scanning the file Kaspersky Embedded Systems Security for Windows detects the test threat in this line of text, assigns the Infected status to the file, and deletes it. Information about the threat detected in the file will appear in the Application Console and in the task log.

You can use the eicar.com file to check how Kaspersky Embedded Systems Security for Windows disinfects the infected objects and how it detects probably infected objects. To do this, open the file using a text editor, add one of the prefixes listed in the table below to the beginning of the line of text in the file, and save the file with a new name, such as eicar_cure.com.

To make sure that Kaspersky Embedded Systems Security for Windows processes the eicar.com file with a prefix, in the Objects protection security settings section, set the All objects value for the Real-Time Computer Protection tasks and Default On-Demand Scan tasks of Kaspersky Embedded Systems Security for Windows.

Prefixes in EICAR files