EICAR?

This topic contains 3 replies, has 3 voices, and was last updated by  UKSecurityGuy 6 years, 3 months ago.

  • Author
    Posts
  • #8448
     SephStorm 
    Participant

    So all of this afternoon i’ve been getting alerts from MSE and Bitdefender that it is detecting the EICAR test virus on my PC (In C:WindowsTEMP). Now, I am familiar with EICAR, but there is no reason it would be on this PC.Is anyone aware of any attacks or malware that masquerades as EICAR? I ask because it is continuously detected, with no action from me, i.e now browsers opened or any such thing. I may disconnect from the internet to see if it is still being affected…

  • #52988
     Triban 
    Participant

    Nothing I am aware of, at most it would be a distraction to confuse IR folks.  Do you have a sample of the file?  Maybe a some file just happens to have the string in it that makes AV recognize EICAR.

  • #52989
     SephStorm 
    Participant

    not yet, if I get another alert, i’ll see if I can nab a copy.

    Looks unlikely i’ll be able to do so. I set MSE to alert and restored the file, but its not there when i look. This is absolutely crazy, i’m considering wiping the box.

  • #52990
     UKSecurityGuy 
    Participant

    I don’t suppose the machine in question is joined to a corporate network?

    Occationally I.T depts will use domain credentials to put EICAR on all domain connected machine to test the A/V.

    So for example – group policy pushes out the EICAR – A/V detects it, and the I.T dept corrolate the A/V results against the Domain Computers list to determine which machines either don’t have A/V on them, or it isn’t working well enough.

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?