You're on the right track, because the best way to check if files are being scanned is to use the eicar test pattern. There must be something misconfigured, and it might take some searching to find the correct setting. First, is this a workstation or server? Is it managed by ePO or not?
I did my test on Workstation xp prof. which is managed by epo4.5, VirusScan8.7.
My "On-Access Default Processes Policiy" is set to scan compressed files (e.g. ZIP), but yet no success - the scanner did not pick the file. i tried that on 2 test workstations
Thanks for your help
Ok, since the workstation is managed by ePO, you need to change the policy on the ePO server and then also verify that the workstation gets the policy from the ePO server.
First, find the policy on the ePO server that applies to that workstation. Do you have configured "Configure different scanning policies for high-risk, low-risk, and default processes "?
yes, I have these 3 policies configured. in all of them I enabled "scan all files" and scan compressed files (e.g. ZIP)
Ok, if the policies are correct on the ePO server, then bring up the VirusScan Enterprise console on the client machine where you're testing. Check that the policy on the workstation exactly matches what you expect to see. If it doesn't, then you need to figure out why the policy is not getting from ePO to the client.
If it does, make sure you're not copying the .zip file to a location that is excluded from scanning. (try the root of the c: drive). Make sure the .zip file is not encrypted or password-protected.
Please let me know if you copied a file from one location on your hard drive to another location on the same drive.
If this is the case, please copy the file to a different drive and let me know if that does trigger a detection.