CIS can't remove an EICAR test file

Take a look at this :

CIS cannot remove an EICAR test string that is simply zipped, nor quarantine it ! 88) Why ?

[attachment deleted by admin]

Very Strange,

Working perfectly from every which way in XP.
Is it possible you have eicar in exclusions perhaps?
Or maybe its a Vista access control thing?
Can’t test that, wouldn’t use Vista if they paid me.

No, EICAR test file is not in the exclusion list.

UAC shoudn’t get in the way, because it is set to elavate without prompting. And in any case the antivirus of CIS should get around UAC and delete the file ! :slight_smile:

Have you had the file for a while?
Could it be damaged.
Try a freshly downloaded one.

No. I installed CIS and right away I downloaded the EICAR test files. :slight_smile: Damaged or not, CIS detected it, but coudn’t remove it 88)

It’s deffo a vista issue, I tried to reproduce it on my XP machine… worked fine.

Cheers,
Josh

[attachment deleted by admin]

scratches head and sighs

Messed up Defense+ settings silently blocking access?
Will it let you extract it from the double zip or delete it in windows?

With that I be out of ideas.
C’mon Vista people, check it out for the man.

If it’s a bug it’s a sick one, not confidence inspiring to say the least.
Sorry man that’s all I got right now.

Later

So strange and funny. After a reboot CIS deletes the file with no problems. From any location. Weird 88) I didn’t touched any rules (and I’m not a newbie with this thing).

If CIS AV can not delete(move to quarantine) file for some reason(file is locked by other application or protected from deletion somehow) it schedules the file deletion for next reboot. If such situation occurs during real-time or scheduled scan - you’ll be prompted for reboot. After manual scan you’ll have not all files deleted message.