05 Sep 2008 
Support Center » Knowledgebase » When I try to use an antivirus plugin, I get the message "Antivirus eicar test failed."
 When I try to use an antivirus plugin, I get the message "Antivirus eicar test failed."
Solution

Problem

When you select an Antivirus plugin in WinRoute Firewall, you receive the message "Antivirus engine cannot be started: Antivirus eicar test failed."

Discussion

When you select an Antivirus plugin in WinRoute Firewall, this is what happens:

  1. WinRoute Firewall makes sure that the Antivirus program is installed.
  2. WinRoute Firewall sends the Antivirus program a harmless test virus, called EICAR.
    • If the Antivirus plugin detects the EICAR virus, then WinRoute Firewall knows that the Antivirus is working. WinRoute Firewall says, "Antivirus started."
    • If the Antivirus fails to detect the EICAR virus, then WinRoute Firewall knows that the Antivirus is not working. WinRoute Firewall says, "Antivirus engine cannot be started: Antivirus eicar test failed."

Cause

Most Antivirus programs come with a Realtime Scanner -- a program that prevents the computer from getting viruses. However, this program interferes with the Antivirus plugin in WinRoute Firewall. When WinRoute Firewall attempts to open the EICAR virus file, this program stops.

Solution

There are two solutions to the problem:

  • Disable Realtime Scanning of the WinRoute Firewall directory.
  • Disable Realtime Scanning of the entire computer.

Disabling Realtime Scanning of the WinRoute Firewall Directory

This is the safest option. The rest of your computer is still protected, and WinRoute Firewall is allow to operate properly.

For supported Antivirus plugins, if you follow the installation instructions you will be safe from the Realtime Scanner:

For other Antivirus programs, you must exclude the WinRoute Firewall installation directory, normally C:\Program Files\Kerio\WinRoute Firewall\. You must make sure to also exclude all subdirectories if that is not done automatically. For information on how to exclude a directory from Realtime Scanning, please see the manual for your antivirus product.

Disabling Realtime Scanning for the Entire Computer.

This is the easier option, but it is less secure. See your Antivirus manual for instructions on how to do this. Usually it is an option on an icon in the system tray.

If you still have problems

If you still have trouble after following the above instructions, make sure that you have followed all the installation instructions for your Antivirus plugin:

If, after following the installation instructions, you continue to have problems with your antivirus plugin, please contact support.



Article Details
Article ID: 72
Created On: 17 Feb 2004 06:26 PM
Author:
Last Edit:

 This answer was helpful  This answer was not helpful

 User Comments Add a Comment
Posted By: R. Brongers On: 25 Mar 2004 02:43 AM
During test I found out that exclusion of the cache directory and the temp directory found in the Firewall homedirectory is sufficient.
 Back
 Login [Lost Password] 
Email:
Password:
Remember Me:
 
 Search
 Article Options
 Add Comment
 Print Article
 PDF Version
 Email Article
 Add to Favorites
Home | Register | Submit a Ticket | Knowledgebase | Troubleshooter | User Forum | Downloads
Language:

Help Desk Software By Kayako SupportSuite v3.20.02