Eicar Test File bypasses Shields

Hey anyone else experiencing issues with the shields not being able to detect the Eicar test file? A manual scan with Avast detects it afterwards. I’m using the latest version of Avast Premier included in the Ultimate bundle.

How do you test?

https://support.avast.com/en-ww/article/Test-Antivirus-protection

Well I haven’t disabled the web shield for this, everything is on. It doesn’t matter if it’s http or https, it always goes through.

Is it working properly for you?

Is it working properly for you?
Oh yes, but I don't use avast ;)

Ok I just tried it again and the File System Shield picks up on it now. Not sure why, I haven’t done anything.

Hi superhumanbean,

Was struck by what you’ve reported, so I’ve done a little testing on my system here.

I was running Avast Secure Browser in Private Mode and got:

  • No block from Url:Mal website test provided by Avast. See 1st attached png below. As one can see, it is a 404 error page.
  • Http EICAR tests did eventually result in Avast WebShield Block. File had to move from download browser to Download Folder in user account.
  • Https EICAR test did eventually result in Avast WebShield Block. Same behavior as above.

All other browsers did cause avast to alert/block as expected in all areas: Firefox, Vivaldi, Pale Moon, Microsoft Edge.

Of note: One extension, Windows Defender Browser extension, did cause Chromium browsers to block access to the EICAR website and posting through the warning would result in a block by Avast.

Possibility exists that your no block could be due to settings on the browser you were using at the time.

1st round of tests in Avast Secure Browser resulted in no blocks but closing, clearing history, and restarting ASB gave results posted above.

Note: [dot]com file extensions are depreciated in Windows 10 and cannot run in the latest Windows version. So, in a way, testing for antivirus blocks using a [.]com file is now obsolete and is really valid only for older Windows operating systems.

mchain forgive me but can you elaborate what you mean by this? I don’t quite understand. I’m using the Avast Secure Browser as well; when I click on the links they go straight to download and will be detected by the File System Shield. On my older PC, with the Avast SafeZone Browser, clicking the links will trigger the Web Shield. As for the settings, the only settings I changed were enabling anti fingerprinting and Avast Passwords.

Avast will detect eicar test file (.com) by web shield

however, if you disable or let the test file (.com) pass through web shield, it will be able to bypass avast’s file shield

why? because by default, avast’s file shield doesn’t support .com file extension so it won’t detect it
the webshield and the right-click scan are able to detect the test file because by default they scan all extensions

not sure about the situation now