Threat Generation

Download test files to verify your gateway antivirus (AV) and endpoint protection (EPP) are detecting threats.

EICAR Standard Anti-Virus Test File — an industry-standard, completely harmless 68-byte string that every compliant AV engine is required to detect and block. Use these downloads to confirm your NGFW's gateway AV engine is active and scanning the selected file type.

Your NGFW must have SSL Inspection (DPI-SSL) enabled on this domain to inspect downloads over HTTPS.

Advanced Threat Samples

Test beyond EICAR — validate heuristic engines, exploit detection, and ransomware behavior analysis.

Heuristic Malware Sample

Contains known malicious command strings (credential dumping, download cradles) that trigger behavioral analysis and AMSI-based engines — beyond simple signature matching.

Type: Win32/Trojan • Detection: Heuristic + AMSI

OLE ActiveX Exploit Document

OLE Compound File embedding MSCOMCTL.ListView ActiveX CLSID with oversized cbSize — triggers CVE-2012-0158 buffer overflow detection in file-inspection engines.

Type: Exploit-CVE-2012-0158 • Detection: File-OLE Inspection

Ransomware Simulator

Scripts emulating file encryption behavior, shadow copy deletion, and ransom note generation — tests your endpoint and gateway ransomware protection policies.

Behavior: Mass Encryption • Detection: Behavioral + Signature
Learn more about this tool

Free Malware Test Files & Threat Protection Validator

Verify that your antivirus, Endpoint Protection Platform (EPP), Endpoint Detection & Response (EDR), or gateway antivirus (AV) solutions are actively scanning and blocking threats. ITSecTools provides safe, benign test files that trigger security detection signatures without performing any real malicious actions.

Available Test Files

  • EICAR Standard Test File — The industry-standard antivirus detection string, available in .com, .txt, and .zip formats. Recognized by every major AV engine worldwide.
  • Heuristic Malware Simulators — Polymorphic signature patterns in .exe, .pdf, and .doc formats that test behavioral analysis engines beyond simple signature matching.
  • Ransomware Behavior Script — A .vbs script simulating file encryption behavior to verify your ransomware protection policies and behavioral detection capabilities.

All test files are generated on-demand and delivered over HTTPS. If your security solution blocks the download, it confirms your protection is working correctly. No real malicious code is involved — these are detection-only test payloads designed for security validation.