Testing the Anti-Virus
Testing the Anti-virus with EICAR file
The EICAR (European Institute for Computer Anti-Virus Research) test file helps to test performance of anti-virus programs that detect threats using signature analysis.
For this purpose, most of the anti-virus software vendors generally use a standard test.com program. This program was designed specially so that users could test reaction of newly-installed anti-virus tools to threat detection without compromising security of their computers. Although the test.com program is not actually malicious, it is treated by the majority of anti-viruses as if it were a threat. On detection of this file, Dr.Web reports the following: EICAR Test File (Not a Virus!). Other anti-virus tools alert users in a similar way.
The test.com program is a 68-byte COM-file that prints the following line on the console when executed: EICAR-STANDARD-ANTIVIRUS-TEST-FILE!
The test.com file contains the following character string only:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
To make your own test file with the “threat”, create a new file with this line and save it as test.com.
|
When running in the Optimal mode, SpIDer Guard does not terminate execution of an EICAR test file and the file is not processed as malicious since it does not pose any actual threat to your system. However, if you copy or create such a file in your system, it will be detected by SpIDer Guard and moved to Quarantine by default. |
Testing the integrity
After installation, Dr.Web dynamically maintains its integrity, both during the operation of the program and while updating, in the following ways:
•Self-Protection continuously protects Dr.Web files and processes from unauthorized changes.
•Dr.Web checks the integrity of program components and virus databases by checksums of downloaded files during each update.
To check the integrity of Dr.Web without waiting for the update, you can use the Restore program option in the Uninstall/Change Wizard window.