4 Replies Latest reply on Jun 10, 2013 11:50 PM by mbauman8

    What is Threat Type: Test

    dans

           I have a host producing 50-100 threat type: test events daily. These are false positives, but the action taken ranges from "deleted" to "access denied" with threat name: Installation Check and severity "Critical". Anyone ever see these types of alerts? What are threat type: test? Does McAfee believe something in these files is malicious or just a test such as an EICAR file?

        • 1. Re: What is Threat Type: Test
          alexn

          dan

          Could you post screen shot please ?

          • 2. Re: What is Threat Type: Test
            eden_hsr

            Maybe it was a Anti-Malware Testfile which was deleted, from Eicar.org maybe? I also try sometimes in McAfee if it detects Malware, with this testfile.

            • 3. Re: What is Threat Type: Test
              dans

              I'll gather a screenshot tomorrow. After investigation the files created are from an OCR converter which takes a .TIF file and converts it to an editable XML file. I'm not sure what McAfee sees in this file that it doesn't like. I've since created an exception for the folder the application dumps these files into.

              • 4. Re: What is Threat Type: Test
                mbauman8

                There are sevral Test string to check protection:

                "https://kc.mcafee.com/corporate/index?page=content&id=KB57059"

                 

                ;;;;;;

                McAfee supports the use of the test strings below to verify that your product is working correctly.

                 

                Usage     String     Notes

                EICAR Test String

                (anti-virus)     X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE! $H+H*     When an anti-virus program scans this file, it reports that it finds the EICAR-STANDARD-AV-TEST-FILE virus.

                For further information, see: KB72766.

                GTUBE Test String

                (spam)     XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X      For further information, see: http://spamassassin.apache.org/gtube/.

                GTUBE stands for Generic Test for Unsolicited Bulk Email.

                Phishing Test String     XJS*C4JDBQADN1.NSBN3*2IDNEN*GTPHISH-STANDARD-ANTI-PHISH-TEST-EMAIL*C .34X     

                 

                 

                Testing Advice

                To test your software, copy the entire string into a new text file (using Notepad or plain text editor). This test file can then be scanned locally or can be sent to or through the email system and should be immediately detected by your security software.

                 

                NOTES:

                Only copy the actual string to ensure the string works correctly.

                McAfee recommends that you delete the test files when testing is complete.

                These strings have been developed specifically to test the functionality of security software from any vendor. There is no risk to your system when using these test strings.

                 

                ;;;;;;;;

                 

                 

                there is a other test install string as well ...