Checking the Real-Time File Protection and On-Demand Scan features
After installing Kaspersky Security for Windows Server, you can confirm that Kaspersky Security for Windows Server finds objects containing malicious code. To check this, you can use a test virus from EICAR.
To check the Real-Time File Protection feature:
- Download the eicar.com file from the EICAR website. Save it in a public folder on the local drive of any device on the network.
Before you save the file to the folder, make sure that Real-Time File Protection is disabled for the folder.
- If you want to check that network user notifications are working, make sure that the Microsoft Windows Messenger Service is enabled both on the protected device and on the device where you saved the eicar.com file.
- Open the Application Console on the protected device.
- Copy the saved eicar.com file to the local drive of the protected device using one of the following methods:
- To test notifications through a Terminal Services window, copy the eicar.com file to the protected device after connecting to the protected device using the Remote Desktop Connection utility.
- To test notifications through the Microsoft Windows Messenger Service, use the device's network places to copy the eicar.com file from the device where you saved it.
Real-Time File Protection is working correctly if the following conditions are met:
- The eicar.com file is deleted from the protected device.
- In the Application Console, the task log is given the Critical status. The log has a new line with information about a threat in the eicar.com file. (To view the task log, in the Application Console tree, expand the Real-Time Server Protection node, select the Real-Time File Protection task and in the results panel of the node click the Open task log link).
- The following Microsoft Windows Messenger Service message appears on the device from which you copied the file:
Kaspersky Security for Windows Server blocked access to <path to file on the device>\eicar.com on computer <network name of the device> at <time that event occurred>. Reason: Threat detected. Virus: EICAR-Test-File. User name: <user name>. Computer name: <network name of the device from which you copied the file>.
Make sure that the Microsoft Windows Messenger Service is running on the device from which you copied the eicar.com file.
- The following Microsoft Windows Messenger Service message appears on the device from which you copied the file:
To check the On-Demand Scan feature:
- Download the eicar.com file from the EICAR website. Save it in a public folder on the local drive of any device on the network.
Before you save the file to the folder, make sure that Real-Time File Protection is disabled for the folder.
- Open the Application Console.
- Do the following:
- Expand the On-Demand Scan node in the Application Console tree.
- Select the Critical Areas Scan child node.
- On the Scan scope settings tab, open the context menu on the Network node and select Add network file.
- Enter the network path to the eicar.com file on the remote device in UNC (Universal Naming Convention) format.
- Select the check box to include the added network path in the scan scope.
- Run the Critical Areas Scan task.
The On-Demand Scan is working as it should if the following conditions are met:
- The eicar.com file is deleted from the device's hard drive.
- In the Application Console, the task log is given the Critical status. The Critical Areas Scan task log has a new line with information about a threat in the eicar.com file. (To view the task log, in the Application Console tree, expand the On-Demand Scan child node, select the Critical Areas Scan task and in the results panel, click the Open task log link).
