EICAR virus

[fittan]

Hi, I just converter from ES to EP. I was able to download and run EICAR test virus. Why doesn't EP detect it? 

And if it doesn't, how can I be assured that the real time scanning engine works? Thanks.

[dcollins]

You can check our response to why we don't detect EICAR here. It also includes some instructions on how to properly test Malwarebytes

 

 

[AndrewPP]

In addition to the above and elaboration for Endpoint Protection capabilities.

1. Run 'Windows script to display Malwarebytes Endpoint Protection Agent Health and Service Status'  to show all services and inner detector services are running. https://support.malwarebytes.com/docs/DOC-2617

2. Download  a relatively harmless potentially unwanted program (PUM) such as Ask Toolbar which is annoying but not damaging and double-click to start installation. https://en.softonic.com/download/ask-com-toolbar/windows

The Real Time Protection (RTP) Payload Analysis detector will quarantine it. 

This will assure to you that protection is operational and detects an EXE program executable (PE) launch.  Note,  a PUP is detected by our same anti-malware 'rules' engine which detects viruses/malware. One of our many vectors.of protection.

3. Consider also, the Malwarebytes Excel Addin, for detailed checking of endpoint versioning and freshness.  https://support.malwarebytes.com/docs/DOC-2672

4. Succinctly, technically, EICAR is an archaic/obsolete16-bit COM program which will not even execute in modern Windows workstation to display its message  'EICAR-STANDARD-ANTIVIRUS-TEST-FILE'.   EICAR need to update this to a modern and relevant test. 

Using a PUP is a much more relevant test that Malwarebytes is operational. Otherwise more details on testing have been provided by DCollins.

 

Edited October 28, 2018 by AndrewPP