About the EICAR test virus

This test virus is designed to verify the operation of anti-virus applications. It was developed by the European Institute for Computer Antivirus Research (EICAR).

The test virus is not a malicious object and does not contain executable code for your device, but most vendors' anti-virus applications identify it as a threat.

The file containing this test virus is called eicar.com. You can download it from the EICAR website.

Before saving the file in a folder on the device's hard drive, make sure that Real-Time File Protection is disabled on that drive.

The eicar.com file contains a line of text. When scanning the file Kaspersky Security for Windows Server detects the test threat in this line of text, assigns the Infected status to the file, and deletes it. Information about the threat detected in the file will appear in the Application Console and in the task log.

You can use the eicar.com file to check how Kaspersky Security for Windows Server disinfects infected objects and how it detects probably infected objects. To do this, open the file using a text editor, add one of the prefixes listed in the table below to the beginning of the line of text in the file, and save the file under a new name, e.g. eicar_cure.com.

To make sure that Kaspersky Security for Windows Server processes the eicar.com file with a prefix, in the Objects protection security settings section, set the All objects value for the Real-Time Server Protection tasks and Default On-Demand Scan tasks of Kaspersky Security for Windows Server.

Prefixes in EICAR files