EICAR Test file not always detected

[Domm]

Hello. Let me start from the beginning. I've installed Kaspersky Internet Security on my PC. I've had few other AntiVirus software before but I used removal tools just to make sure everything is completely removed. Then I noticed that Kaspersky only sometimes was detecting EICAR test file. Quite often it didn't. In fact sometimes it let me to edit and copy/paste this file many times.  It was never detected while extracting archive using 7zip. However from context menu scan always detected threat.

Because of that I decided to format my hard drive and clean install Windows 10. After installation it was detecting way better, however yesterday it let me edit EICAR File, without detection, once or two times.I was really concerned so today I installed KIS on other computer. I couldn't reproduce this issue. Then I tried again on my main computer where I noticed the issue first. Surprisingly, I couldn't reproduce issue there too. I've pasted EICAR Text to about 60 or more files in total on my main pc, where the issue was present, and every if them was detected on save or in worst case while trying to open/edit. Also it detects EICAR while extracting zip archive using 7zip.

 

I was mostly creating EICAR File by myself, pasting charset into simple text file and saving. However I downloaded it few times from eicar.com(every type: . zip, .com, txt)

 

Why something like this happened? Does this means that my Kaspersky software was or is corrupted? May it mean that Kaspersky is not compatible with one of software I have on my PC? Am I completely safe and can I keep calm about working fine AntiVirus?

 

Btw after I created all these 60 test files in row, I noticed that my PC hugely slowed down. I restarted it and it works way better now. Is there any explanation for that? As far as I know EICAR is not real malware and is harmless, even these .com or .zip files from eicar.com are perfectly safe.

 

My hardware:

Ryzen 7 3700x

Rx 5600 xt

512gb nvme drive

[Berny]

@Domm Welcome. Please submit a detailed detection  report after accessing  Eicar.

[Domm]

@Domm Welcome. Please submit a detailed detection  report.

There’s report with few newest detections (I’ve cleaned reports some time before). I’m afraid you won’t understand much because it’s in Polish :/ I can’t see any setting to change language. 

Hey besides issues with detection, I think the PC slowed down since I was testing these EICAR files like 60 times. Especially while scanning My pc works like cpu was used in100%, however it’s used only in about 15-20%. My PC was never slowed down by simple scanning that much. Usually I couldn’t even tell that AntiVirus is scanning the drive. What do you think about it? Can I do anything with this? Also EICAR files are harmless right? Opening them shouldn’t affect my system in any way? I creating them by myself pasting this 

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* 
into the text file  BUT I was also downloading from eicar.org .zip, .txt and .com files.

[Domm]

Can something like fake and actually malicious EICAR file exist? I mean PC slowed down, maybe I downloaded something like this? I haven’t checked URL of site I was downloading it from like every time.  I’m talking especially about .com eicar file, as txt should be harmless always. Am I right? 

[Schulte]

Hello @Domm,
at first:
You can change the language to English, that makes it a little easier for us.
Open the KIS main window and press <shift><F12>.
With <shift><F5> (or a reboot) you get back to Polish.

It looks like the EICAR test string has been recognized multiple times. You have also opened the file 'tekstowy.txt' with Notepad, this was also recognized.
Some times EICAR was supposedly deleted, some times the file could not be processed.

Please restart the computer and then post the english report.

[Domm]

Hello @Domm,
at first:
You can change the language to English, that makes it a little easier for us.
Open the KIS main window and press <shift><F12>.
With <shift><F5> (or a reboot) you get back to Polish.

It looks like the EICAR test string has been recognized multiple times. You have also opened the file 'tekstowy.txt' with Notepad, this was also recognized.
Some times EICAR was supposedly deleted, some times the file could not be processed.

Please restart the computer and then post the english report.

 

I cleaned logs as usually, so there’s only one detection.  BTW yesterday, while I was performing full scan and I was away from computer for a while, scan stopped and all security modules were switched off for less than a minute. You can see that in provided report. How can I find more details about this event?

[Domm]

Hello @Domm,
at first:
You can change the language to English, that makes it a little easier for us.
Open the KIS main window and press <shift><F12>.
With <shift><F5> (or a reboot) you get back to Polish.

It looks like the EICAR test string has been recognized multiple times. You have also opened the file 'tekstowy.txt' with Notepad, this was also recognized.
Some times EICAR was supposedly deleted, some times the file could not be processed.

Please restart the computer and then post the english report.

Yeah it was detected almost always. My only concern is the almost part. Like I said I did reinstall my windows 10 because EICAR was detected very rare on edit or open. However it was detected always by context scan. After windows reinstall it has been NOT detected one maybe two times on edit/open. Only thing I want to know if this is normal Kaspersky Internet Security behavior and I'm safe and fine. The files that weren't detected were mostly created by myself by pasting charset into empty text file. 

 

I know that Smart Scan Mode could decide not to scan text fine because 1. It's text file and 2. It was created by user, and then edited, not downloaded from web. However I've tried switching between different scan modes before I reinstalled Windows and it didn't change anything. Same story with "File types" setting. Switching them didn't make any difference. EICAR was simply not detected anyway in most cases.

[Domm]

Uhhh I just tried to run full scan again. Stopped it because system was very very laggy, and after I stopped scan it still was working terrible until I rebooted system. Enough to say that this pc has 8 core 16 thread 3rd gen ryzen CPU and now works worse than my 7 years old laptop with 4th gen low voltage intel cpu under full load. Could it be Kaspersky reaction for many many detections of eicar test file? Like maybe it tries to track down all potential threats related to detected test files? Cpu usage is quite low. Never higher than 20% even during scan. I guess I'll reinstall windows again because this is just unbearable.

[Guest]

@Domm hello!

 

I have tried to access eicar site and download all  eicar files: 

 

All files were blocked by Web-AV:

 

Plus creation of the file was also blocked:

 

 

Export current product settings(General - Manage settings), then reset product settings (General - Manage settings).  

Then retest the issue.

The bahavior on you PC must be the same as I showed above.

If not: Create a request to Tech Support