You seek to understand how Advanced Threat Protection (ATP) 2.0 detects and reports instances of the EICAR test string.
In the events, ATP reports the presence of the eicar.com file as "Malicious traffic: 24461".
If a web server serves an instance of eicar.com via Hyper Text Transfer Protocol (HTTP), the HTTP URL appears in the "External" column, whether that server is eicar.org, testatp.coe.org.uk, or some other site.
If a web server serves an instance of eicar.com via File Transfer Protocol (FTP), no URL appears in the "External" column.
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.