App Control: How to Create a Malicious Test File (EICAR)
search cancel

App Control: How to Create a Malicious Test File (EICAR)

book

Article ID: 285988

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection) Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter) Carbon Black EDR (formerly Cb Response) Carbon Black Hosted EDR (formerly Cb Response Cloud)

Issue/Introduction

Explain how to create a malicious test file (EICAR) for testing purposes in a lab environment

Environment

  • App Control: All Supported Versions

Resolution

  • Open a text editor, such as notepad.
  • Copy/paste the string below. Do not add any other characters, spaces, or return marks in the text file. Additional values will generate a different hash and your test file will not be effective
  • X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
  • Save the document as eicar.com. File extension will have to be .com for App Control to analyze the file

Additional Information

Hashes of eicar.com:

SHA-256: 275A021BBFB6489E54D471899F7DB9D1663FC695EC2FE2A2C4538AABF651FD0F  

MD5: 44D88612FEA8A8F36DE82E1278ABB02F 

SHA-1: 3395856CE81F2B7382DEE72602F798B642F14140