Hello Shaun, detects the file as a virus could you give the name of the detection? As you say virus , the message contained Virus/Spyware , right? can be moved around, copy + pasted this sounds like On-Access not scanning at all. I'd suggest you use the little vintage savtst32.exe utility. You'll find it in the SEC installer directory ( ...\SEC_vrr\tools\ ). Simple as it is it would take you some time to make reasonable use of it so I'll give you a crash course Run savtst32.exe as administrator - you'll get a tiny Window with File , Drive and Help menu items and a read-only pane saying SavTest: Select action Help - just offers About , forget it :) Drive - offers Select which in turn opens an Explorer window where you can choose drive, folder, name and extension for the EICAR test file File - this is where the fun starts. On-Access Test is what you want. The pane flickers what it's doing, On-Access scan should immediately detect the file, the Sophos icon pop up its balloon and finally SavTest32 inform you with a pop-up that scanning is functioning correctly. By configuring different folders with Drive you can verify that On-Access is working as it should (i.e. a detection is triggered). BTW - you can also verify that certain extension are scanned and that True File Type detection works as advertised by, for example, saving (note: it is only saved when you choose a Test from File ) it as some.pdf . If you want to use the On-Demand Test you'd have to disable On-Access or set an appropriate exclusion. Cleanup should remove a leftover test file but it works as one would expect only if On-Access doesn't scan the file and intercept the access (savtst32 doesn't do a straight delete ) Exit - is obvious HTH and gives some insight Christian
↧
