Threat Protection Tests — Complete Guide
How to safely verify your endpoint and gateway threat protection with industry-standard test signatures.
How It Works
- Navigate to Threat Protection from the sidebar.
- Choose an EICAR file format: .COM, .TXT, or .ZIP.
- The file is generated on-demand and delivered over HTTPS.
- If your AV blocks the download → Protection is working ✅
- If the file downloads successfully → Your AV may need tuning ⚠️
EICAR Standard Test File
The European Institute for Computer Antivirus Research (EICAR)test file is an industry-standard string recognized by every major AV engine worldwide. It's a 68-byte ASCII string — not a real virus — that all AV vendors have agreed to detect.
Available Formats
- .COM — Native EICAR executable format. Tests endpoint AV detection of executables.
- .TXT — Plain text format. Tests content inspection of text downloads and email attachments.
- .ZIP — Compressed archive. Tests archive scanning depth and gateway AV unpack capability.
Gateway vs. Endpoint Detection
The EICAR file is delivered over HTTPS. To verify gateway-side detection (NGFW / web proxy / secure gateway), your firewall must have SSL/TLS inspection (DPI-SSL) enabled on this domain — otherwise the content is encrypted in transit and the gateway sees only opaque TLS traffic.
Endpoint detection (AV / EPP / EDR) does not require SSL inspection — the file is decrypted at the endpoint before scanning. So if your gateway misses it but the endpoint quarantines it, your defence-in-depth is still working at the host layer.