Threat Generation — Complete Guide
How to safely test your endpoint and gateway antivirus with benign threat simulators.
🛡️ Safety Notice: All test files are completely harmless. They contain detection signatures that trigger security alerts but perform no actual malicious actions. They are used by security professionals worldwide.
How It Works
- Navigate to Threat Gen from the sidebar.
- Choose a threat category: EICAR, Heuristic Malware, or Ransomware.
- Click a file format button (.COM, .TXT, .ZIP, .EXE, .PDF, .DOC, or .VBS).
- The file is generated on-demand and delivered over HTTPS.
- If your AV blocks the download → Protection is working ✅
- If the file downloads successfully → Your AV may need tuning ⚠️
EICAR Standard Test File
The European Institute for Computer Antivirus Research (EICAR) test file is an industry-standard string recognized by every major AV engine worldwide. It's a 68-byte ASCII string — not a real virus — that all AV vendors have agreed to detect.
Available Formats
- .COM — Native EICAR executable format.
- .TXT — Plain text format for testing content inspection.
- .ZIP — Compressed archive to test archive scanning depth.
Heuristic Malware Samples
Simulates polymorphic malware signatures to test behavioral analysis engines beyond simple hash-based matching. These test whether your AV can detect malware-like patterns even without a known signature.
Available Formats
- .EXE — Windows executable with Trojan-like behavior patterns.
- .PDF — PDF with embedded suspicious content markers.
- .DOC — Document with macro-like detection triggers.
Ransomware Simulator
A .VBS script that emulates file encryption behavior to test your ransomware protection policies and behavioral detection capabilities. The script does not encrypt any actual files.
What It Tests
- Behavioral detection of mass file encryption patterns
- Script execution blocking policies
- Ransomware protection features in your EPP/EDR