AntiVirus Filter Driver and Icar RRS feed

  • Question

  • We have a behavior based antivirus solution. There is zero signature scanning in our product. We couldn't pass the Antivirus filter driver series of tests because we couldn't detect the Icar file. This was under WLK 1.6 and we had to submit as unclassified. 

    For Windows 8 there is a requirement published that references exhibiting basic antivirus functionality through detection of Icar. 

    Will it be possible to submit as unclassified for windows 8? Where can I get more details on what the actual Icar test will look like? (Is it the same as in WLK 1.6?)

    Thursday, January 19, 2012 4:25 PM

All replies

  • I've also seen it as EICAR. 

    Is there a better place to ask this?   

    Wednesday, January 25, 2012 3:08 PM
  • Just wait sometimes people are slow at answering in these forums.
    Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth. - "Sherlock holmes" "speak softly and carry a big stick" - theodore roosevelt. Fear leads to anger, anger leads to hate, hate leads to suffering - Yoda
    Wednesday, January 25, 2012 6:30 PM
  • Outside of any WLK requirements, the idea is that any product that labels itself as an, "anti-virus" should be able to detect the EICAR test virus. You can read more about it here:


    OSR Online
    Wednesday, January 25, 2012 9:51 PM