When I had Avast on my system, I tried the EICAR test but nothing was detected until I tried to open one of the downloaded files. Was that the correct behaviour (my current anti virus program won’t even let me download the files at all).
It is totally dependant on you avast settings on high they will get detected on download but that has a performance overhead, probably like you are seeing with BitDefender.
You would have to check what you BitDefender settings are doing.
There are 2 different things:
- Which files will be scanned
- How the files will be scanned, specifically - if they will be considered archive files and will be tried to decompress (and additionally scan the decompressed files).
If the ZIP extension is added to the additional extensions box, the files with .zip extension will be scanned. But if the archive scanning is not turned on for the Standard Shield, the files will not be scanned as ZIP archives (they will not be unpacked) - only the binary file will be scanned… so, eicar file packed inside will not be detected. If you rename eicar.com to ZIP, it will be detected. But if you compress eicar.com into a ZIP file, it will not (if the archive scanning is not selected). So, the zip file is scanned with all files setting (an *) - but only as a simple binary file - without trying to read it as a ZIP archive and look inside (unpack it). So, the packed eicar inside is not detected.
Sometimes, the files will be detected even when they are packed to ZIP and the archive scanning is not selected - because they are stored - it means that the file has a ZIP header, but the actual data are not compressed. It is a special form of ZIP file - and it’s the case for a number of worms. However, the detecion of eicar is different (eicar must be at the very beginning of the file to be detected - that’s how it should be) - so, eicar will not be detected even in this case.
In the Home version, you may try to tweak the deftasks.xml file somehow to achieve the same (there was a number of posts about it on the board) - but it suffers from some problems I think (the deftasks.xml file is occasionally reverted to the original version).
If you start the Enhanced User Interface, you can edit the resident protection task and on the Packers page, select the ZIP (or any other) archive formats that should be unpacked); then, zipped eicar would be detected. Then, the content of the ZIP file (for example, the packed eicar) will be scanned by the Standard Shield provider.