How to test if your anti-virus is working on Windows [Guide]

computer_securityIf your system were to somehow get infected with malware, one of the first things that malicious code does is to try and disable the anti-virus scanner. It may also attempt to modify the HOSTS file, so as to tamper with the anti-virus definition update process. Most popular modern-day anti-virus programs offer real-time protection against potentially malicious software and will throw up a prompt warning you of detection and recommended actions if you download an infected file.

But what if the system is already infected and your anti-virus rendered ineffective — and you don’t know about it? In that case, you would never know what’s getting into your system or the fact that you are already infected, would you? Here’s a quick tip that will help you check whether your anti-virus is working or not.

Please take note, this is a simple test that does not evaluate the effectiveness of your anti-virus — it evaluates if your anti-virus is working and is not disabled. In other words, this test won’t tell you how well your anti-virus blocks malicious files; it tells you if your anti-virus has not been disabled.

How To Test If Your Anti-Virus Is Working on Windows XP, Vista, 7, 8, and 8.1

To test if your anti-virus is working, do the following:

  • Launch Notepad on your computer
  • Copy and paste the following line into the Notepad file:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

  • Save the file with a .com extension, e.g. TestAvira.com. You will need to select All Files from Types at the bottom of the save dialog in Notepad in order to save the file as a .com file instead of a .txt file.
  • If the real-time protection mode of your anti-virus program is working properly, it should automatically trigger an alert, like the following:

Test anti virus

  • You can also manually scan the file with your anti-virus on-demand scanning feature, to see if that is working.
  • If you are not prompted by either live-protection or on-demand scanning, that means your anti-virus is probably not working; it may have been disabled and is something you need to look into further.

For those that are curious, the file that you created earlier is called an EICAR test file, where EICAR stands for European Institute for Computer Antivirus Research. EICAR is a non-malicious string of code that most antivirus programs include in their signature definitions, thus by creating it we can test if anti-virus is enabled or disabled.

CONCLUSION

If you don’t see the anti-virus alert, it could mean that your anti-virus has either been turned off or is compromised somehow. Either way, you should play it safe, update your virus definitions and run a full system scan to locate potential threats, if any. You may need to take other measures, too, like using an anti-virus boot disc to clean out your computer.

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

18 comments

  1. AT

    [@Greg] If you anti-virus software is working, it should catch the file before it runs and/or prevent it from running. Close notepad before you try running the file. If you can’t find the file, it’s already been deleted or quarantined.

  2. Greg

    “The version of this file is not compatible with the version of Windows you’re running. Check your computer’s system information to see whether you need an x86 (32bit) or x64 (64bit) version of the program…….

    Won’t run due to incompatibility with 64-bit version of Windows

    What to do?

  3. AT

    I forgot to turn off Avast’s silent gaming mode. The com file was quarantined the moment it was created and without notification. With notifications turned on, Avast has confirmed it was a test file.

    [@Tom] If you don’t trust the post, you can reverse engineer the com file to determine if it is a virus or not. Your computer system already has the tools if you know how to use them. A knowledge of assembly language (human form of machine code) is required.

  4. Mike S.

    Both Microsoft Defender and Norton Internet Security detected and quarantined the file immediately upon the saving of the file. Good job there, Microsoft and Symantec!

    And, thanks for the article!

  5. BearPup

    From earlier comments it seems that the antivirus warning popped up almost immediately; well my AVG Internet Security took its sweet time to notify me. Should I be concerned by this? Do a few seconds mean that much? Thanks to those who reply.

    Regards,
    BearPup