╔═══════════════════════════════════════ ║ Instructions - Antimalware On-Access Scanner Test - Self-Contained ┌─────────────────────────────────────── │ Plainspeak • This document allows you to immediately test your antimalware software's on-access scanner:     · Without configuring antimalware exclusions.     · Without accessing the EICAR web site.     · Without accessing the Internet.     · Using the 'Run' dialog, the command line, or a Windows shortcut. • This document, itself, will not be detected as an EICAR threat despite the apparent EICAR string contained within it.     · The inert EICAR variant string in this document contains two caret characters '^', whereas EICAR contains only one.     · Do not alter the inert EICAR variant string in this document or in the command lines indicated. • This inert EICAR variant test may be executed using utilities such as Windows Scheduled Tasks, psexec.exe, login script, etc., to canvass an organization for antimalware on-access scanner health. ┌─────────────────────────────────────── │ References • EICAR • EICAR Anti-malware Test File ┌─────────────────────────────────────── │ Test Using the 'Run' Dialog or cmd.exe Prompt • In the 'Run' dialog box, execute:     %COMSPEC% /C "ECHO X5O!P%@AP[4\PZX54(P^^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* >%TEMP%\EICAR.EXE"     · A detection should result if exclusions and scan categories do not deliberately prevent scanning of the target file.         · The antimalware on-access scanner should eventually detect the target file after any configured write-scan delay interval passes.     · Some antimalware software will not generate a user alert for quickly-repeated identical detections generated within a short time period.         · Verify any quickly-repeated detections within the antimalware software's log files. • The command can be reissued from the cmd.exe buffer. ┌─────────────────────────────────────── │ Test Using a Windows Shortcut • In File Explorer, create a new Windows shortcut:  PSPro's.EICAR.Test.Generator     · In the Target field, enter:     %COMSPEC% /C "ECHO X5O!P%@AP[4\PZX54(P^^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* >%TEMP%\EICAR.EXE"     · In the 'Start in' field, enter: %WINDIR%     · Click: OK • Optional:     · Assign a distinctive icon to the Windows shortcut from a Windows icon resource file present and resolvable on all Windows systems.         · Recommended: imageres.dll, fourth page, top row, red shield with white 'x' marking.      • In File Explorer, execute the Windows shortcut.     · A detection should result if exclusions and scan categories do not deliberately prevent scanning of the target file.         · The antimalware on-access scanner should eventually detect the target file after any configured write-scan delay interval passes.     · Some antimalware software will not generate a user alert for quickly-repeated identical detections generated within a short time period.         · Verify any quickly-repeated detections within the antimalware software's log files. • This Windows shortcut may be executed from any local or shared file system location. ┌─────────────────────────────────────── │ Test Steps Explained • %COMSPEC% /C "<content below>"     · Start the command interpeter (cmd.exe), execute the content within double-quotes, and then exit. • ECHO X5O!P%@AP[4\PZX54(P^^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* >%TEMP%\EICAR.EXE     · The command interpreter (cmd.exe) creates the target file '%TEMP%\EICAR.EXE' using the EICAR variant string as input.         · cmd.exe's escape character is the caret.         · The EICAR variant string contains two carets.         · One caret will be removed by cmd.exe as an escape character.         · cmd.exe creates the target file content with one caret.         · This effectively 'reconstitutes' the true, detectable EICAR string within the target file content. ┌─────────────────────────────────────── │ Credits Any external referenced material in this document is hyperlinked. Authors responsible for referenced work should be sought through the reference(s) listed. I am Christopher Etter, a Professional Services consultant. Because you are using this, I welcome you as my customer. These documents are free for you to use. I work diligently to serve you with material such as this. I would appreciate it if PSPRO (professionalservices.pro), my name, and this 'Credits' section remain attached to this work so that I accrue name recognition via your success and peer recommendation. Thank you very much, and I hope this document helps you solve your current information technology issue!