Test Your System’s Malware Detection Capabilities Attackers can get past antivirus and other detection methods measures by hiding malware inside compressed files. Most network security solutions are regularly fooled because they can’t analyze a file compressed in any format other than ZIP. Palo Alto Networks provides a sample malware file that you can use to test a WildFire configuration. Take the following steps to download the malware sample file, verify that the file is forwarded for WildFire analysis, and view the analysis results.
Most of us have security software such as an antivirus, antimalware, firewall or Host Intrusion Prevention System (HIPS) installed to help protect our computer against known or unknown malware. Malicious software can be very sneaky, getting onto your computer when you least expect it and stay hidden until the security software finally detects it. By then, the damage has already been done since the virus has been active and you wouldn’t know what information has been stolen from your computer.
The question is, how do you know if the antivirus or antimalware installed is actually protecting your computer? The program would probably state that your computer is protected or the protection is enabled but how can you be sure that it is really working and confirm if the antivirus or its virus definition hasn’t been tampered with? Searching for a real virus from the Internet and downloading it to your computer just to test if your antivirus can detect it may not be the best option because you’re risking your computer being infected by it if you’re not careful.
Here we have 6 ways how you can safely test your antivirus to see if the real time protection is truly enabled and working to protect your computer against viruses.
1. EICARA few antivirus researchers have come up with a harmless file that is detected as if it were a virus and is distributed at EICAR. So in short, the EICAR antimalware test file does nothing and is absolutely harmless even if it is run on the computer. The EICAR test file can be easily created with a Notepad that starts with the 68 characters below and save it as COM or EXE extension.
X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
If your antivirus real time protection is working, it should automatically detect the EICAR as a threat and remove the file from your computer.
If the EICAR test file is not being detected, there is something wrong with the antivirus program and you should check the real time protection settings, try reinstalling, or maybe it is a rogue/fake antivirus program. At the time of writing, 49 out of 52 antivirus from VirusTotal is able to detect the EICAR antivirus test file.
Download EICAR
2. Comodo Leak Tests
The Comodo Leak Tests program is created by security company COMODO who are well known for their free antivirus which is also allowed to be used commercially on corporate and business environment.
The Comodo Leak Tests tool is actually meant to test for leaks in firewall and HIPS programs but most antivirus nowadays have behavioral analysis to detect if an unknown program is performing an action that can pose a security risk on a system. All you need to do is run the program and click on the Test button which will automatically run 34 different tests ranging from rootkit installation, invasion, injection, sending information, impersonation, and system hijacking.
As you can see in the screenshot above, Trend Micro Titanium Internet Security blocked the program because it detected suspicious behavior.
Download Comodo Leak Tests
3. Trojan Simulator
Trojan Simulator is a program that simulates a trojan being installed on a computer by adding a startup entry in the registry at HKEY_LOCAL_MACHINE and runs the harmless TSServ.exe file in memory. This is what a common and simple trojan would do but the more sophisticated ones would use advanced technique such as rootkit installation.
To test Trojan Simulator on newer Windows operating systems such as Vista, 7 and 8, you will need to right click on the TrojanSimulator.exe and select “Run as Administrator” or else you will receive an error message saying “Failed to set data for TrojanSimulator”. Quite a number of antivirus can already detect Trojan Simulator. So if you can’t download or run Trojan Simulator because your antivirus blocked it, it is a good sign that your antivirus is working.
Download Trojan Simulator
4. System Shutdown Simulator
System Shutdown Simulator has the ability to create the EICAR antimalware test file with the click of a button but it goes further by letting you test if the EICAR can be detected when an antivirus most likely would have been closed when a system shutdown is being initiated. Other than that, it can also create an auto start registry entry to test HIPS and also a silent download and automated execution of file for firewall testing.
The steps to use System Shutdown Simulator are pretty self explanatory. Run the program as administrator, click on Intercept System Shutdown Call button first. Then, click on the Shutdown Computer button where your computer will attempt to shut down but will notify you that an app is prevent you from signing out. Click the Cancel button to call off the shutdown and once you’re back in desktop, you will probably notice that the antivirus program icon at the notification area is no longer there. Now try clicking on “Create Eicar Test File” button and see if your antivirus is able to warn you that it detected Eicar test file.
Download System Shutdown Simulator
5. Zemana Simulation Test Programs
Zemana is the maker of AntiLogger which is very effective against zero-day malware that is yet to be detected by antivirus software. They’ve created and released 3 test programs that simulate the functionality of a keylogger, webcam logger, and a clipboard logger that are normally present in a trojan.
Your antivirus software might not detect any suspicious activity from the Zemana simulation test programs because they simply only activate one of the actions which is not enough to trigger the alert. An antivirus software is meant to be smart and not to nag you on every action it detects on your computer. Skype is an example of a legitimate program that may enable your Webcam for web conferencing and it doesn’t make sense for your antivirus to block it or to ask you for further actions.
Download Zemana Simulation Test Programs
6. SpyShelter Security TestTool
SpyShelter is a competitor of Zemana and their security test tool contains a lot more actions such as sound recording, system protection, screenshot & webcam capture, keylogging and clipboard monitoring. The screenshot test itself contains 11 different methods that can be used by a malware to capture screenshots on your computer.
Similarly to Zemana Simulation Test Programs, your antivirus software may not complain when you activate any of the monitoring functions from SpyShelter Security TestTool. Weirdly Trend Micro Titanium Security actually detected and blocked the program when we tried the “Registry access test1” from System protection. That detection only happened once but not again when we retested it.
Download SpyShelter Security TestTool
Final Note: We would like to stress that all of the mentioned programs above to test if your antivirus real time protection is working or not are harmless even if they are detected as a threat. If your antivirus detects any of the simulation test programs above, then rest assured that your antivirus is working. If not, you should double check the antivirus software installed on your computer.
You might also like:
5 Free Software to Scan your Computer with Multiple Antivirus EnginesMemory Usage Test to See Which is the Lightest Antivirus SoftwareTest Sleep and Hibernation Feature in Windows 73 Cloud Based Antivirus Software Review6 Ways to Kill and Remove Fake Antivirus Rogue Software 7 Comments - Write a Comment
zemana antimalware is best is block fraction of second.
Replylinks outdated
ReplyTestMyAV.com contains real fresh malware, updated twice per day and available to download for testing.
ReplyMay I propose LHFC (low hanging fruit collector)? It has everything covered from local host to network to advanced tunneling techniques: phishing-server.com/PS/doc/dokuwiki/doku.php?id=create_a_purely_technical_test_with_the_malware_testing_suite
ReplyI tried out the EICAR test three times, and then i tried the comodo test.
Panda couldn’t detect the Comodo test.
Reply
There is also wicar.org to test anti malware filtering software.
ReplyThanks Raymond
ReplyLeave a Reply
Now playing:Watch this: How to check if a Web site is safe
Have you been phished? Whether you use a Mac, Windows, or Linux, iOS or Android, there's a real strong chance that somebody has sent you an e-mail or text message in an attempt to get at your personal information. Data means money, and you're a big ol' dollar sign to the bad guys.
The best recommendation I can offer is to browse smart. That means you ought to always double-check the URL of your banking site, social networking site, and e-mail site before you log in. Most browsers, including Firefox, Chrome, and Internet Explorer, now include a color-change on the left side of the location bar to indicate that the site has been verified as legitimate. It's always a good idea to type in the URL by hand, and to never follow links from an e-mail. Also, checking for HTTPS instead of the less-secure HTTP is a good idea, although HTTPS isn't foolproof.
But what about that link to some ostensibly hilarious video your best friend just posted to Twitter? There are several services you can use to verify a link. Google Safe Browsing is a good place to start. Type in this URL http://google.com/safebrowsing/diagnostic?site= followed by the site you want to check, such as google.com or an IP address. It will let you know if it has hosted malware in the past 90 days.
Another similar service is hpHosts. Enter a site into the search box and its database will tell you if the site has been used to distribute malware or phishing attacks. HpHosts gives you more-detailed information than Google Safe Browsing, if you're into that kind of thing. Two other excellent services are Norton Safe Web, from Symantec, and Unmasked Parasites. Pop in the URL, and you're good to go. Or if the site comes back as unsafe, don't go.
Many security suites come with browser add-ons to check links you click on the fly, and those work fairly well at scanning your search results and adding icons to indicate if a link is safe or not. If you don't have a suite, AVG LinkScanner (download for Windows | Mac)is a free add-on that works with both Windows and Mac, and AVG's free Mobilation Android app (download) or Lookout Mobile Security (download) will block malicious links on your Android device.
Sadly, iPhone and iPad users are out of luck. Even though phishing over social networking has been proven to work on iOS devices that haven't been jailbroken, Apple doesn't allow such link-checking apps. Feel free to recommend your favorite in the comments below.
UPDATED: The Google Safe Browsing instructions and URL have been fixed.
Uber versus Lyft: Which one really saves you money?: We compare solo rides, shared rides and subscriptions.
6 steps to secure your Facebook account now: Are you really as safe as you could be?