In this article, I will use a PowerShell one-liner script to generate a test file to test if the Anti-Virus runtime solution installed is working as expected.
What is the EICAR file?
If you are not familiar with the EICAR
(European Institute for Computer Anti-Virus Research) test file, don’t worry it’s safe to use, the only purpose of this file is to trigger the AV.
It is safe to pass around, because it is not a virus, and does not include any fragments of viral code. Most products react to it as if it were a virus (though they typically report it with an obvious name, such as „EICAR-AV-Test“).
The Oneliner script
I’ve chosen a PowerShell script for various reasons:|
- Powershell is included in all Windows OS.
- It doesn’t require high-privileges to run.
- It’s simple to read.
#Paolo Frigo, https://scriptinglibrary.com
# This script creates a COM file containing a Virus for testing AV soultions
set-content "X5O!P%@AP[4`\PZX54(P^)7CC)7}`$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!`$H+H*" -path "eicar.com"
What will happen after running this script?
When you run the Powershell script Microsoft Defender (or your third party AV solution) will prompt that has found a threat:
And the details will display the “EICAR_TEST_FILE” and quarantine the file.
Testing an AV with a safe oneliner has multiple benefits, and it’s more than a QA exercise, in fact, you will immediately learn what to expect when a threat is found and you can get familiar and if it’s required document steps for end-users. I personally think that is a very fun way of training and educating users with simple and effective examples.
As usual, this script is available on my GitHub repository.