Engel said:Hi Jack,
Here is the link:
Copied ?esponse from Dave M
If you want to test to see if Windows Defender is protecting your system
from spyware in real-time, try EICAR the harmless test file...
This is from Joe Faulhaber [MSFT]:
"We've had EICAR in our definitions for about two months now, which also
means we're not communicating the content of the definitions very well,
but
that's another issue.
For those of you who want to know what we're talking about, the EICAR
group
came up with a harmless file detected by antivirus products so you can
safely verify the product's working. If you haven't seen Windows Defender
detect something, visit <http://eicar.org> , download the 68 byte file
eicar.com.txt, and copy it to your startup folder. Your AV solution (that
you should be running *IN ADDITION* to Windows Defender) will also pick it
up."
--
jack said:I set up Defender to run everyday at 10:00 AM, when I bring up defender,
status: last scan today at 10:00 AM (quick scan)
How do I know if a scan was ran. It always says the above.
It would be better if it showed a date.
Thanks for any help
jack said:I downloaded the file and hid it in two places on my hard drive. Tomorrow at
10:00am if defender runs as
scheduled, it should find it. I will let you know tomorrow.
Tim Clark said:Are you going to disable your Anitivirus for this test, if not, again, the
Anitvirus may catch it first. Just a thought.
Tim
--
If you set a Vista disk in the CD tray upside down,
you can hear SATANIC VOICES!
But that isn''t the worst of it,
if you set it the right way IT INSTALLS VISTA!
jack said:Engel, thank you for the info
Tried to download the file and defenders flagged it, but I had to turn off
my anti virus first.(it had flagged it first).
I downloaded the file and hid it in two places on my hard drive. Tomorrow
at 10:00am if defender runs as
scheduled, it should find it. I will let you know tomorrow.
Engel said:Hi Jack,
Here is the link:
Copied ?esponse from Dave M
If you want to test to see if Windows Defender is protecting your system
from spyware in real-time, try EICAR the harmless test file...
This is from Joe Faulhaber [MSFT]:
"We've had EICAR in our definitions for about two months now, which also
means we're not communicating the content of the definitions very well,
but
that's another issue.
For those of you who want to know what we're talking about, the EICAR
group
came up with a harmless file detected by antivirus products so you can
safely verify the product's working. If you haven't seen Windows
Defender
detect something, visit <http://eicar.org> , download the 68 byte file
eicar.com.txt, and copy it to your startup folder. Your AV solution
(that
you should be running *IN ADDITION* to Windows Defender) will also pick
it
up."
--
jack said:I set up Defender to run everyday at 10:00 AM, when I bring up defender,
status: last scan today at 10:00 AM (quick scan)
How do I know if a scan was ran. It always says the above.
It would be better if it showed a date.
Thanks for any help
Bill Sanderson said:I'm not at all sure it will catch it, unless you've somehow linked a
startup item to it or something like that.
The quickscan is designed to catch active in-place malware--so it looks at
what is in memory, and where that came from, and things in registry entrys
that start automatically--a whole range of things that I don't know enough
to enumerate accurately.
The chances are that it won't find a passive EICAR file sitting in some
random place. A full scan should.
I'd stick with exactly what you are doing though--run quickscans
routinely, and perhaps run a full scan if something is found, or you are
suspicious, or just have the free time. Full scans may find stuff that
wasn't caught in the quick scan, but it won't be active infections--more
like stuff in attachments in the deleted messages folder and the like.
--
jack said:Engel, thank you for the info
Tried to download the file and defenders flagged it, but I had to turn
off my anti virus first.(it had flagged it first).
I downloaded the file and hid it in two places on my hard drive. Tomorrow
at 10:00am if defender runs as
scheduled, it should find it. I will let you know tomorrow.
Engel said:Hi Jack,
Here is the link:
Copied ?esponse from Dave M
If you want to test to see if Windows Defender is protecting your system
from spyware in real-time, try EICAR the harmless test file...
This is from Joe Faulhaber [MSFT]:
"We've had EICAR in our definitions for about two months now, which also
means we're not communicating the content of the definitions very well,
but
that's another issue.
For those of you who want to know what we're talking about, the EICAR
group
came up with a harmless file detected by antivirus products so you can
safely verify the product's working. If you haven't seen Windows
Defender
detect something, visit <http://eicar.org> , download the 68 byte file
eicar.com.txt, and copy it to your startup folder. Your AV solution
(that
you should be running *IN ADDITION* to Windows Defender) will also pick
it
up."
--
:
I set up Defender to run everyday at 10:00 AM, when I bring up
defender,
status: last scan today at 10:00 AM (quick scan)
How do I know if a scan was ran. It always says the above.
It would be better if it showed a date.
Thanks for any help
jack said:Thanks everyone for your help. Everything is working
As far as testing, I did a sekective scan and windows defender
found both occurences of eicar.com.
Bill Sanderson said:I'm not at all sure it will catch it, unless you've somehow linked a
startup item to it or something like that.
The quickscan is designed to catch active in-place malware--so it looks at
what is in memory, and where that came from, and things in registry entrys
that start automatically--a whole range of things that I don't know enough
to enumerate accurately.
The chances are that it won't find a passive EICAR file sitting in some
random place. A full scan should.
I'd stick with exactly what you are doing though--run quickscans
routinely, and perhaps run a full scan if something is found, or you are
suspicious, or just have the free time. Full scans may find stuff that
wasn't caught in the quick scan, but it won't be active infections--more
like stuff in attachments in the deleted messages folder and the like.
--
jack said:Engel, thank you for the info
Tried to download the file and defenders flagged it, but I had to turn
off my anti virus first.(it had flagged it first).
I downloaded the file and hid it in two places on my hard drive. Tomorrow
at 10:00am if defender runs as
scheduled, it should find it. I will let you know tomorrow.
Hi Jack,
Here is the link:
Copied ?esponse from Dave M
If you want to test to see if Windows Defender is protecting your system
from spyware in real-time, try EICAR the harmless test file...
This is from Joe Faulhaber [MSFT]:
"We've had EICAR in our definitions for about two months now, which also
means we're not communicating the content of the definitions very well,
but
that's another issue.
For those of you who want to know what we're talking about, the EICAR
group
came up with a harmless file detected by antivirus products so you can
safely verify the product's working. If you haven't seen Windows
Defender
detect something, visit <http://eicar.org> , download the 68 byte file
eicar.com.txt, and copy it to your startup folder. Your AV solution
(that
you should be running *IN ADDITION* to Windows Defender) will also pick
it
up."
--
:
I set up Defender to run everyday at 10:00 AM, when I bring up
defender,
status: last scan today at 10:00 AM (quick scan)
How do I know if a scan was ran. It always says the above.
It would be better if it showed a date.
Thanks for any help
jack said:Thanks everyone for your help. Everything is working
As far as testing, I did a sekective scan and windows defender
found both occurences of eicar.com.
Bill Sanderson said:I'm not at all sure it will catch it, unless you've somehow linked a
startup item to it or something like that.
The quickscan is designed to catch active in-place malware--so it looks
at what is in memory, and where that came from, and things in registry
entrys that start automatically--a whole range of things that I don't
know enough to enumerate accurately.
The chances are that it won't find a passive EICAR file sitting in some
random place. A full scan should.
I'd stick with exactly what you are doing though--run quickscans
routinely, and perhaps run a full scan if something is found, or you are
suspicious, or just have the free time. Full scans may find stuff that
wasn't caught in the quick scan, but it won't be active infections--more
like stuff in attachments in the deleted messages folder and the like.
--
jack said:Engel, thank you for the info
Tried to download the file and defenders flagged it, but I had to turn
off my anti virus first.(it had flagged it first).
I downloaded the file and hid it in two places on my hard drive.
Tomorrow at 10:00am if defender runs as
scheduled, it should find it. I will let you know tomorrow.
Hi Jack,
Here is the link:
Copied ?esponse from Dave M
If you want to test to see if Windows Defender is protecting your
system
from spyware in real-time, try EICAR the harmless test file...
This is from Joe Faulhaber [MSFT]:
"We've had EICAR in our definitions for about two months now, which
also
means we're not communicating the content of the definitions very well,
but
that's another issue.
For those of you who want to know what we're talking about, the EICAR
group
came up with a harmless file detected by antivirus products so you can
safely verify the product's working. If you haven't seen Windows
Defender
detect something, visit <http://eicar.org> , download the 68 byte file
eicar.com.txt, and copy it to your startup folder. Your AV solution
(that
you should be running *IN ADDITION* to Windows Defender) will also pick
it
up."
--
:
I set up Defender to run everyday at 10:00 AM, when I bring up
defender,
status: last scan today at 10:00 AM (quick scan)
How do I know if a scan was ran. It always says the above.
It would be better if it showed a date.
Thanks for any help
I think these are reasonable critiques, and hope the developers arealainr345 said:EICAR or no EICAR, there are other issues to this question, I think...
1- Like Jack says, there is that stoupid Status line with 'Today' (only a
programmer to come up with that idea...)
2- Stu is suggesting the Event Log... I would say only an administrator
to come up with THAT idea!
3- But also and more to the point, how do you know that Defender had a
SUCCESFULL scan (went through the WHOLE scan, be it Quick or Full) ???
a) what happens if Defender is interrupted in the scan by a Shutdown, like
a Windows Update for instance? (I can tell you it aborts on reboot...)
b) what happens if Defender is in an automatic definition update mode and
stumbles because of a rootkit like TDSS or Alurion (and therefore CAN'T
update)? Does it proceed with the scan anyway (if I recall it does not)?
The truth is that there is nothing at this time in the Status Area (or the
event log for that matter) that will tell you that. I think at the very
LEAST, the Documentation on the product is too skimpy on that area!
alainr345
(Programmer)