On-access Or Rtp Not Detecting Eicar Test File

Options

I have successfully download the EICAR test file, and when I access it, Bitdefender neither detect it nor showing any pop-up, but when I try to copy it into the other location, Bitdefender successfully detect it. Is this normal behavior of RTP?

Comments

  • I have successfully download the EICAR test file, and when I access it, Bitdefender neither detect it nor showing any pop-up, but when I try to copy it into the other location, Bitdefender successfully detect it. Is this normal behavior of RTP?


    Well, here is the EIACAR test file


    X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


    if you copy it to notepad and try to save it, BD will prevent you from doing it, deleting or quarantining it.


    Note however that, if it is quarantined, you are not able to restore it because BD will again quarantine it (this should not be so, i think), unless you do it in a previously declared "not to scan" folder.

  • rootkit
    Options

    Hello :)


    In the initial situation, are we talking about the packed (zipped) Eicar file?


    Thank you!

  • coolcool1227
    Options

    Both txt and zip files. When I select or click on EICAR test file, Bitdefender don't detect it and don't show any pop-up.

  • rootkit
    rootkit ✭✭✭
    edited November 2012
    Options

    Hello :)


    The toolbar and the protection were on when you downloaded the file?


    In the default settings, the Shield is not scanning the archives. Only when you will actually open the archive, the product will scan the content.


    So everything is working as designed.


    Thank you!


    post-9374-1351903510_thumb.png

  • Zeljkok
    edited November 2012
    Options

    BD cant deal with eicar,BD cant clean eicar test file what we shoud expect when BD detect real malware when he cant delete test file.


    eicar.jpg


    eicar2.jpg


    I try this on Windows 7 Ultimate x64 and Windows XP x86 and results are same.

  • coolcool1227
    Options

    Also I copy paste the text in the EICAR file into a word file and then scan it with Bitdefender. But this time Bitdefender didn't detect it. So what does Bitdefender see in normal EICAR file which is in txt or ZIP format?

  • rootkit
    rootkit ✭✭✭
    edited November 2012
    Options

    Hello :)


    After several tests on http://www.eicar.org/85-0-Download.html, I have some conclusions:


    1. If Bitdefender has the Scan SSL turned on, all the files from the official Eicar website will be blocked by the cloud protection in your browser.


    2. The Eicar test file stored in the zip archive is blocked by On Access scanner in the cache folder of your browser. Depending on the browser, the file can be automatically cleaned in that moment or when the browser is closed(in this way the will not be in use). In both cases, if you try to open that archive, you will see that is corrupted(the file is altered and the code can not run on that machine).


    3. For security reasons, some archives can not be cleaned without permission from the user. That's why you see that message in the Events.


    At the end, I can tell you that our products properly detect the Eicar Test file.


    Thank you!

  • Zeljkok
    edited November 2012
    Options

    I didnt say that BD didnt detect eicar yes he detect eicar.My question is why he didnt put eicar in quarantine or delete him its thrue that cloud block download but if i ignore cloud BD only alert me that he not clean file and i try same on 2 OS Win 7 x64 with IS 2013 and XP x86 with BD Antivirus pro with same result. But i notice that BD block eicar to start if I try to run eicar then BD put him in the quarantine and I didnt say for ziped file i speak about non ziped.

  • Zeljkok
    edited November 2012
    Options

    After reinstalling BD evrything is perfect i have Antivirus Pro and i uninstall him and buy licence for IS and after installing IS he demand evry day to restart after update,he cant quarantine eicar today he start to crashing when i start Sandboxed web browser but after reinstallation evrything is just fine and now he work perfect something goes wrong when i uninstall Antivirus pro and install IS.

  • rootkit
    Options

    Hi :)


    Welcome to the forums.


    Please follow the steps explained in the article below and send me via PM the generated log file:


    http://forum.bitdefender.com/index.php?showtopic=29927


    If the file is too big to attach it, upload it on


    http://www.sendspace.com


    or


    http://www.mediafire.com


    and send me a PM with the download link.


    If you were already asked to generate the log file, disregard the message above and just post the ticket ID.


    Have a nice day.