Solved

No detection from Webroot upon downloading various Eicar files

  • 16 February 2022
  • 3 replies
  • 183 views

Userlevel 1

Hello,

Out of curiosity I downloaded various Eicar files from here:

https://ipinfo.info/html/testvirus.php

I was able to save most of them in a folder, without any reaction from Webroot.

If I scan the folder , the are detected as “malicious” , but no reaction when I downloaded them.

I have “Scan archived files” and “ Check files for threats when written or modified” selected.

Theoretically , these Eicar versions should have been scanned upon download.

icon

Best answer by TripleHelix 16 February 2022, 16:04

View original

3 replies

Userlevel 7
Badge +63

Hello @popescu 

 

As far as I know they are not detected because WSA knows there harmless but I will ping our Threat Experts @DanP and @TylerM 

 

You should go here: https://www.eicar.org/

 

 

Well I got two detection when unzipping them!

 

 

 

HTH,

Userlevel 1

Hello @popescu 

 

As far as I know they are not detected because WSA knows there harmless but I will ping our Threat Experts @DanP and @TylerM 

 

You should go here: https://www.eicar.org/

 

 

Well I got two detection when unzipping them!

 

 

 

HTH,

As you can see , when unzip they are detected , so the theory about “they are not detected because WSA knows there harmless” does not hold water.

 

They should be detected upon download, before being stored on the PC, not after they are stored and purposely scanned.

 

“You should go here: https://www.eicar.org/

 

This is not a detection, this is a “reaction” implemented in each and every antivirus.

 

As you can see, downloading Eicar from a different location doe not trigger any reaction on Webroot.

 

 

.

 

Userlevel 7
Badge +63

Look at the same subjects over the years: https://community.webroot.com/search?q=Eicar

 

 

Blog: https://www.webroot.com/blog/2018/09/05/eicar-common-false-positive-world/

 

Wed 2022-02-16 08:53:47.0664    Blocked website: https://meineipadresse.de/testvirus/eicar.zip (Rep: 10/Cat: 56/Det: BC)
Wed 2022-02-16 08:54:59.0931    Blocked website: https://secure.eicar.org/eicar_com.zip (Rep: 10/Cat: 56/Det: BC)
Wed 2022-02-16 08:55:25.0464    Blocked website: https://secure.eicar.org/eicar.com (Rep: 10/Cat: 56/Det: BC)
Wed 2022-02-16 08:59:22.0316    Blocked website: https://meineipadresse.de/testvirus/eicar.com (Rep: 10/Cat: 56/Det: BC)
Wed 2022-02-16 09:00:01.0858    Blocked website: https://secure.eicar.org/eicar.com.txt (Rep: 10/Cat: 56/Det: BC)
Wed 2022-02-16 09:00:45.0368    Infection detected: E:\Users\Daniel\Downloads\eicar.com\eicar.com [SHA256: 275A021BBFB6489E54D471899F7DB9D1663FC695EC2FE2A2C4538AABF651FD0F] [MD5: 44D88612FEA8A8F36DE82E1278ABB02F] [3/00080200] [W32.Eicar.Testvirus.Gen]
Wed 2022-02-16 09:00:45.0369    Infection found in realtime: E:\Users\Daniel\Downloads\eicar.com\eicar.com [UniqueID: 1B025A27, MD5: 44D88612FEA8A8F36DE82E1278ABB02F, Size: 68 bytes] [524800/00000003] [W32.Eicar.Testvirus.Gen]
Wed 2022-02-16 09:01:47.0801    Blocked website: https://meineipadresse.de/testvirus/eicar.zip (Rep: 10/Cat: 56/Det: BC)
Wed 2022-02-16 09:03:08.0106    Infection detected: E:\Users\Daniel\Downloads\eicar2\eicar\eicar.com [SHA256: 275A021BBFB6489E54D471899F7DB9D1663FC695EC2FE2A2C4538AABF651FD0F] [MD5: 44D88612FEA8A8F36DE82E1278ABB02F] [3/00080200] [W32.Eicar.Testvirus.Gen]
Wed 2022-02-16 09:03:08.0106    Infection found in realtime: E:\Users\Daniel\Downloads\eicar2\eicar\eicar.com [UniqueID: 1B025A27, MD5: 44D88612FEA8A8F36DE82E1278ABB02F, Size: 68 bytes] [524800/00000003] [W32.Eicar.Testvirus.Gen]

Reply