File system shield not picking up eicar test file.

[REDACTED]

Hello,

I have been using Avast for a few years on all my computers, when I first install any AV I check to make sure it is working with the eicar test file. I copy the string to a text file and save it as a .com to my desktop, and it stops me from saving the file. However I just did the test again last night and it let me save the file, the file system shield is not picking it up as a threat. If I try to download the file online the Web shield picks it up and the on-demand scanner picks it up. I tried this on more than 1 computer and get the same results on each of them.

So my question is, is this a glitch with Avast or are my file shield system not working?

I am using windows 8.1 with the most up to date Avast free anti-virus.

Thanks

[Eddy]

There is no need to copy the string to a txt file.
It is already provided as a txt file:
http://www.eicar.org/85-0-Download.html

[Pondus]

it is just a text string, not a executable file

[Eddy]

Besides what Pondus said, if you change things it is NOT a eicar test file anymore.

[REDACTED]

There is no need to copy the string to a txt file.
It is already provided as a txt file:
http://www.eicar.org/85-0-Download.html

I know that I can download the file, I just like to copy the string and save it my self to the desktop to make sure the AV is working. However doing it either way the file shield on Avast is not picking it up.

it is just a text string, not a executable file

But in the past I have saved it as a .com file and as soon as I try to save the file avast detects the file and blocks it from saving, but now it is not picking the file up.

I did what the following page said to do to test the file shield, and it did not pick op the file.

https://www.avast.com/en-ca/faq.php?article=AVKB32

[Eddy]

The real problem is that you are not testing things in the way you should.
If you follow the instructions you will see the file shield definitely is detecting it.

[REDACTED]

The real problem is that you are not testing things in the way you should.
If you follow the instructions you will see the file shield definitely is detecting it.

No, I am following the instructions on that page word for word and I am not getting that pop up for the file shield.

If I do the web shield as that page says, I will get the pop up that Avast blocked it, but it is doing nothing for the file shield.

[REDACTED]

I have found the problem, I uninstalled avast and reinstalled it and it was doing the same thing, would not pick it up with the file shield. So I started to change settings in File System shield and found out under "Scan when opening" if I check the "Scan all files" than it will stop me from saving the file again.

Was this option off by default (I do not think I have ever changed those settings) and should I turn it on?

[DavidR]

Scan all files is off by default when opening or writing.

Avast maintains a listing of file types that are scanned by default (typically those that represent a risk).
Even though you might have changed/set a text file to .com avast could/should know that it is a text file.

[Eddy]

Well, avast (as well as all other av's that I've tested with) doesn't know.
I have attached two files to this post.
Both have the eicar test string in them.

Since this webboard doesn't allow .com files, I've named it .png
Download it and rename it to Noname1.com.
That is the original file name.

Noname1.txt is only has the eicar test string in it.
Noname1.com has the exact same string in it, but I've added 7 characters in front of it making it look like a real .com file.

If you try to "run" the .com file it will just "run" and no alert is given by any of the av's I've tested it with.
If you open the .txt file no av I've tested it with wil give a alert.

If you right click the .com file and choose scan, no av will give a alert.
You can even double click the .com file and it will "run" without a alert.

If you right click the .txt file and choose scan, all will detect the eicar string and give a alert.