It ran through almost 10,000 files on my C: and came up clean with no baddies. I was worried it might come up with a lot of false alarms.
Can't believe the thing didn't. That's one of the reasons I left the paid-for AVs some years back.
Got it at Cnet.
On 11/1/2022 10:02 PM, corky@here.now.com wrote:
It ran through almost 10,000 files on my C: and came up clean with no
baddies. I was worried it might come up with a lot of false alarms.
Can't believe the thing didn't. That's one of the reasons I left the
paid-for AVs some years back.
Got it at Cnet.
You should salt at least one EICAR on the disk.
A text file with the EICAR character sequence in it.
You can open notepad, and copy in the string.
https://en.wikipedia.org/wiki/EICAR_test_file
Or better still, get the string from the following Malwarebytes article.
*******
"Why doesn’t Malwarebytes detect EICAR?"
https://forums.malwarebytes.com/topic/191650-malwarebytes-3-frequently-asked-questions/
There are some AV products, that "think they are working",
and don't detect EICAR or anything else. I happen to believe
it does have value to salt a disk, and mainly because there is no such
thing as rock bottom in the AV industry. I tested one utility, that >definitely did nothing (the disk light did not blink), and
it did not detect EICAR. There were some weird messages in its
console, like the poor thing was lost.
You could also put your EICAR file inside a ZIP file, and it
should still be detected inside there.
*******
If you want to test Windows Defender in Win10 or Win11, try
and download ProduKey and watch what happens :-) Microsoft
calls the executable "Hackerware", because it displays
the license key from the C: drive. Big deal. Defender will then offer
to quarantine the file.
https://www.nirsoft.net/utils/product_cd_key_viewer.html
Other AV products are unlikely to react at all to that one.
*******
Some utilities have a problem with scanning archive (ZIP-like) files.
There are programs that say right in the documentation "this
utility can only scan to a depth of 13 folders" or similar words.
There should always be a path length limit, but it's a surprise
when you experience a scanner crash, just because you had the
Firefox tarball in your Downloads folder.
http://releases.mozilla.org/pub/firefox/releases/106.0.3/source/
firefox-106.0.3.source.tar.xz 479MB 30-Oct-2022 19:18
You don't have to do that, unless you're bored :-) I was kinda
surprised when a well regarded AV crashed while scanning that.
It meant I had to move all my tarballs, out of the Downloads
folder and onto another partition. So that a scan of C: could
finish without crashing. The XZ in that example, is a compressor
(it has a higher compression ratio than ZIP does).
https://en.wikipedia.org/wiki/XZ_Utils
Paul
On Tue, 1 Nov 2022 22:29:34 -0400, Paul <nospam@needed.invalid> wrote:
On 11/1/2022 10:02 PM, corky@here.now.com wrote:
It ran through almost 10,000 files on my C: and came up clean with no
baddies. I was worried it might come up with a lot of false alarms.
Can't believe the thing didn't. That's one of the reasons I left the
paid-for AVs some years back.
Got it at Cnet.
You should salt at least one EICAR on the disk.
A text file with the EICAR character sequence in it.
You can open notepad, and copy in the string.
https://en.wikipedia.org/wiki/EICAR_test_file
Or better still, get the string from the following Malwarebytes article.
*******
"Why doesn’t Malwarebytes detect EICAR?"
https://forums.malwarebytes.com/topic/191650-malwarebytes-3-frequently-asked-questions/
There are some AV products, that "think they are working",
and don't detect EICAR or anything else. I happen to believe
it does have value to salt a disk, and mainly because there is no such >>thing as rock bottom in the AV industry. I tested one utility, that >>definitely did nothing (the disk light did not blink), and
it did not detect EICAR. There were some weird messages in its
console, like the poor thing was lost.
You could also put your EICAR file inside a ZIP file, and it
should still be detected inside there.
*******
If you want to test Windows Defender in Win10 or Win11, try
and download ProduKey and watch what happens :-) Microsoft
calls the executable "Hackerware", because it displays
the license key from the C: drive. Big deal. Defender will then offer
to quarantine the file.
https://www.nirsoft.net/utils/product_cd_key_viewer.html
Other AV products are unlikely to react at all to that one.
*******
Some utilities have a problem with scanning archive (ZIP-like) files.
There are programs that say right in the documentation "this
utility can only scan to a depth of 13 folders" or similar words.
There should always be a path length limit, but it's a surprise
when you experience a scanner crash, just because you had the
Firefox tarball in your Downloads folder.
http://releases.mozilla.org/pub/firefox/releases/106.0.3/source/
firefox-106.0.3.source.tar.xz 479MB 30-Oct-2022 19:18
You don't have to do that, unless you're bored :-) I was kinda
surprised when a well regarded AV crashed while scanning that.
It meant I had to move all my tarballs, out of the Downloads
folder and onto another partition. So that a scan of C: could
finish without crashing. The XZ in that example, is a compressor
(it has a higher compression ratio than ZIP does).
https://en.wikipedia.org/wiki/XZ_Utils
Paul
I placed an Eicar txt file in windows sys32 and Panda found it.
It says it deleted the original and sent a copy to quarantine.
It's been so long since I used an AV product I never considered the
dang things wouldn't find even an Eicar file.
I don't use AVs. I use a virtual type thingy to keep bad stuff off my
C: I just got bored and curious, and that's usually when we screw
something up. : o)
Panda is still running. It's over 90,000 files at the moment. I'm
gonna just let it go and do it's thing and see what happens.
Good Grief! It's jumped from my C: to my external E: hard drive!
I had to stop it. I have lots of Warez stuff from decades ago on that
drive. Stuff I really never used and has never been AV tested even
with VirusTotal. I don't want Panda screwing around in there. If I
decided I want to try one of those files, I'd run it through
VirusTotal first. Panda would have a ball scanning through all those
keygens and cracks. : o)
I ran it again after placing an Eicar zip into Program Files. It
found it.
So far, it seems to working pretty good for a freebie. Don't quite
know what I'm doing with it yet, though. As I said, I really didn't
need it, but it's a new toy. : o)
I placed an Eicar txt file in windows sys32 and Panda found it.
It says it deleted the original and sent a copy to quarantine.
It's been so long since I used an AV product I never considered the
dang things wouldn't find even an Eicar file.
I don't use AVs. I use a virtual type thingy to keep bad stuff off
my C: I just got bored and curious, and that's usually when we screw >>something up. : o)
Panda is still running. It's over 90,000 files at the moment. I'm
gonna just let it go and do it's thing and see what happens.
Good Grief! It's jumped from my C: to my external E: hard drive!
I had to stop it. I have lots of Warez stuff from decades ago on
that drive. Stuff I really never used and has never been AV tested
even with VirusTotal. I don't want Panda screwing around in there.
If I decided I want to try one of those files, I'd run it through >>VirusTotal first. Panda would have a ball scanning through all those >>keygens and cracks. : o)
I ran it again after placing an Eicar zip into Program Files. It
found it.
So far, it seems to working pretty good for a freebie. Don't quite
know what I'm doing with it yet, though. As I said, I really didn't
need it, but it's a new toy. : o)
gk post was from me, corky. Screwed up. Used the wrong news
reeader/poster. ; o(
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 507 |
Nodes: | 16 (2 / 14) |
Uptime: | 198:21:41 |
Calls: | 9,966 |
Calls today: | 8 |
Files: | 13,828 |
Messages: | 6,356,956 |