Reputation: 3
How to intentionally trigger a false positive from a virus scan?
I want to test a virus scanner, but I don't want to have actual malware stored on my machine. In the past, I've seen innocuous software marked as a virus by vague "heuristics" from anti-malware programs. I want to write a program that is not in any way malware, but is likely to be viewed as malware by typical, reasonable antivirus software. How would I begin? Any common programming language is fine.
Upvotes: 0
Views: 1552
Answers (2)
Reputation: 33
If you are testing if the AV works correctly or not, then Eicar test file should do the work, because these are the files that must be flagged as malicious by every AV, this works for static detection.
But to check the heuristic detection, which is important in every AV engines, you can write a simple code and run it as executable to do any one of the below given things.
- Paste something in "shell:startup" folder.
- Replicate itself or paste an exe to "C:\windows" folder.
- Add registry entry to "run" or "run once". These are very basic heuristic detentions which much be blocked or at least show notification to users that these are done.
You can think creatively like executing FORK bomb, write an "Autorun.ini" file to "pendrive" and plug it to PC.
Upvotes: 1
Reputation: 53320
The usual answer is to use Eicar from https://www.eicar.org/?page_id=3950
Upvotes: 2
Related Questions
- Accidentally created a virus?
- How does an Antivirus knows not to detect non malicious code?
- How do the Antivirus programs detect the EICAR Test Virus?
- Anti-Virus Detection on a legitimate program
- How is heuristic-based virus detection possible?
- How to programmatically turn on virus scanner?
- does a code signing certificate help with false positive from a virus scanner
- Please help me with a program for virus detection using detection of malicious behavior
- On-demand virus scanning Windows
- Emulating virus-like behaviour?