Testing Antivirus scanning exceptions for SmartEdge Agent

Testing antivirus scanning exceptions for SmartEdge Agent using EICAR method.

Important: Performing this test may trigger an antivirus notification or incident alert.
Note: Antivirus software is capable of corrupting the configuration or properties files used by Forcepoint which may affect performance. Forcepoint recommends to exclude the required directories and files from antivirus scanning prior to installation.

Forcepoint recommends to exclude installation folders from Antivirus scanning. In the event where antivirus is suspected to still be affecting SmartEdge agent functionality, is there a way to verify that the antivirus exceptions are working as expected?

To confirm antivirus exceptions are working, use the EICAR test:

Note: The files are not required to be named test, however for troubleshooting purposes, naming it test will make it easier to locate.

Steps

  1. Navigate to SmartEdge agent folder.

    For example, SmartEdge Agent for Windows: C:\Program Files\Bitglass

  2. Open Notepad as administrator.
  3. Paste the below antivirus test script into Notepad:
    X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
    Note: The third character (X5O is a capital letter 'O', not a zero.)
  4. Save this file at test.txt in the respective product folder.
  5. Wait for a minute and see whether test.txt disappears or an antivirus notification happens.
  6. If test.txt file does not disappear and no notification happens, rename test.txt to test.com.
  7. Wait for a minute and see whether test.com disappears or an antivirus notification happens.
    If the test.txt or test.com file disappears or an antivirus notification happens, the antivirus is still scanning the folder and the exceptions needs to be properly configured by the antivirus administrator.

Next steps

Not all antivirus solutions work with the EICAR test, though most of the popular antivirus solutions do. For a list, see the red results at Virus Total EICAR test.