Using EICAR test files allows users to evaluate the performance and reliability of their antivirus software without the risk of infecting their systems with actual malware. These files provide a standardized method for testing antivirus software across different platforms and vendors.
Cato can effectively detect and block the download of these files. Below shows the Cato block page when an EICAR file is downloaded through Cato.
In the event that customer is able to download these files successfully through Cato, this article will walk you through on how to further isolate and narrow down on the cause of the issue.
To investigate why the EICAR files are being downloaded successfully even when going through Cato, perform the following steps:
Validation of Configuration
Since the EICAR website is running on HTTPS, TLS inspection needs to be enabled so that Cato can examine the payload for malicious content. This examination is done by our malware engine, hence Anti-Malware needs to be enabled too.
To verify that TLS Inspection is enabled, go to Security > TLS Inspection
To verify if Anti-Malware is enabled, go to Security > Anti-Malware. If the option is greyed-out, it means that you don't have the license for it.
Browser Isolation and Cache Issue
After verifying the configuration, users can attempt to download the EICAR files once more. If Cato still doesn't block the download, additional troubleshooting steps can be taken. These include trying a different browser or using incognito mode to perform the download. If the download is successfully blocked using these methods, one potential reason could be related to the browser cache. In such cases, clearing the browser cache and retrying the download is recommended.
If the download starts getting blocked after clearing the cache, it indicates that the files were previously downloaded and saved in the browser's cache. Consequently, when attempting to download them again, the browser retrieves the files from the cache rather than accessing them on the Internet.
If the issue persist (aka the download of EICAR files remain successful through Cato) despite clearing the browser cache, please provide/collect the below information and contact Cato Support: