I have Windows Vista Home Premium with Windows Defender included.

It has been running for 3 weeks.

When I check Tools, Quarantined Items, there has never been a listing of any
items as having been quarantined.

Is that normal?

That depends on your internet habits... Are you a Safe Surfer?
http://pcpitstop.com/spycheck/safesurfing.asp

If you want to see if Windows Defender is protecting your system, try EICAR
the test file...

From Joe Faulhaber [MSFT]:
"We've had EICAR in our definitions for about two months now, which also
means we're not communicating the content of the definitions very well, but
that's another issue.

For those of you who want to know what we're talking about, the EICAR group
came up with a harmless file detected by antivirus products so you can
safely verify the product's working. If you haven't seen Windows Defender
detect something, visit http://eicar.org, download the 68 byte file
eicar.com.txt, and copy it to your startup folder. Your AV solution (that
you should be running in addition to Windows Defender) will also pick it
up."

--

Regards, Dave


Roadrunner38 wrote:
> I have Windows Vista Home Premium with Windows Defender included.
>
> It has been running for 3 weeks.
>
> When I check Tools, Quarantined Items, there has never been a listing of
> any
> items as having been quarantined.
>
> Is that normal?

Hi Dave

Sorry to butt in but have you tried to visit that site recently?

I tried downloading the file and sure enough my AV prog (NAV 2005) picked it
up before anything else. So I disabled auto protect and tried again. This
time IE7 warned me the site certificate was from an untrustworthy source and
I should not continue. As for WD? Never did get far enough along the line to
test its integrity <smile> Still, its nice to know I`m protected one way or
another.

Regards

Stu

"Dave M" wrote:

> That depends on your internet habits... Are you a Safe Surfer?
> http://pcpitstop.com/spycheck/safesurfing.asp
>
> If you want to see if Windows Defender is protecting your system, try EICAR
> the test file...
>
> From Joe Faulhaber [MSFT]:
> "We've had EICAR in our definitions for about two months now, which also
> means we're not communicating the content of the definitions very well, but
> that's another issue.
>
> For those of you who want to know what we're talking about, the EICAR group
> came up with a harmless file detected by antivirus products so you can
> safely verify the product's working. If you haven't seen Windows Defender
> detect something, visit http://eicar.org, download the 68 byte file
> eicar.com.txt, and copy it to your startup folder. Your AV solution (that
> you should be running in addition to Windows Defender) will also pick it
> up."
>
> --
>
> Regards, Dave
>
>
> Roadrunner38 wrote:
> > I have Windows Vista Home Premium with Windows Defender included.
> >
> > It has been running for 3 weeks.
> >
> > When I check Tools, Quarantined Items, there has never been a listing of
> > any
> > items as having been quarantined.
> >
> > Is that normal?
>
>
>

Stu,

Very true.
It is almost impossible to download the test file unless you deactivate all
of your protections. Any Malware checker worth its salt will detect and
block or clean or quarantine it. That is its purpose. I had to download it
to test something once and it was a barrel of laughs trying to get the file.
Alarms were going off all over the place.

Turn off EVERYTHING before trying to download this file.
Then turn On the product you want to test first.
Of course you would only do this in a Very Specific Circumstance such as this.
Turn Everything back on after the test.

?:-)
Tim

"Stu" wrote:

> Hi Dave
>
> Sorry to butt in but have you tried to visit that site recently?
>
> I tried downloading the file and sure enough my AV prog (NAV 2005) picked it
> up before anything else. So I disabled auto protect and tried again. This
> time IE7 warned me the site certificate was from an untrustworthy source and
> I should not continue. As for WD? Never did get far enough along the line to
> test its integrity <smile> Still, its nice to know I`m protected one way or
> another.
>
> Regards
>
> Stu
>
> "Dave M" wrote:
>
> > That depends on your internet habits... Are you a Safe Surfer?
> > http://pcpitstop.com/spycheck/safesurfing.asp
> >
> > If you want to see if Windows Defender is protecting your system, try EICAR
> > the test file...
> >
> > From Joe Faulhaber [MSFT]:
> > "We've had EICAR in our definitions for about two months now, which also
> > means we're not communicating the content of the definitions very well, but
> > that's another issue.
> >
> > For those of you who want to know what we're talking about, the EICAR group
> > came up with a harmless file detected by antivirus products so you can
> > safely verify the product's working. If you haven't seen Windows Defender
> > detect something, visit http://eicar.org, download the 68 byte file
> > eicar.com.txt, and copy it to your startup folder. Your AV solution (that
> > you should be running in addition to Windows Defender) will also pick it
> > up."

Yeap, that's been my experience too... your AV needs to be disabled because
it will probably catch EICAR first, so I copied it into memory,
disconnected from the net, disabled my AV, then created the EICAR file in
the startup folder and BAM... Defender wakes up.

It's a good exercise to both see and understand the process, one that I'd
recommend for every WD user. But as Bill Sanderson would remind us...
having Defender installed does not negate the need for having a Real-Time
Anti-Virus on your system, even though both catch the EICAR file, that
won't always be the case with other nastiness so you do need both an AV and
AS.

You think alarms were going off over EICAR... try installing Adobe
Shockwave... geeesh, I just did... two reboots 'ta boot.

--

Regards, Dave


Tim Clark wrote:
> Stu,
>
> Very true.
> It is almost impossible to download the test file unless you deactivate
> all
> of your protections. Any Malware checker worth its salt will detect and
> block or clean or quarantine it. That is its purpose. I had to download
> it
> to test something once and it was a barrel of laughs trying to get the
> file.
> Alarms were going off all over the place.
>
> Turn off EVERYTHING before trying to download this file.
> Then turn On the product you want to test first.
> Of course you would only do this in a Very Specific Circumstance such as
> this.
> Turn Everything back on after the test.
>
> ?:-)
> Tim
>
> "Stu" wrote:
>
>> Hi Dave
>>
>> Sorry to butt in but have you tried to visit that site recently?
>>
>> I tried downloading the file and sure enough my AV prog (NAV 2005)
>> picked it
>> up before anything else. So I disabled auto protect and tried again.
>> This
>> time IE7 warned me the site certificate was from an untrustworthy source
>> and
>> I should not continue. As for WD? Never did get far enough along the
>> line to
>> test its integrity <smile> Still, its nice to know I`m protected one way
>> or
>> another.
>>
>> Regards
>>
>> Stu
>>
>> "Dave M" wrote:
>>
>>> That depends on your internet habits... Are you a Safe Surfer?
>>> http://pcpitstop.com/spycheck/safesurfing.asp
>>>
>>> If you want to see if Windows Defender is protecting your system, try
>>> EICAR
>>> the test file...
>>>
>>> From Joe Faulhaber [MSFT]:
>>> "We've had EICAR in our definitions for about two months now, which
>>> also
>>> means we're not communicating the content of the definitions very well,
>>> but
>>> that's another issue.
>>>
>>> For those of you who want to know what we're talking about, the EICAR
>>> group
>>> came up with a harmless file detected by antivirus products so you can
>>> safely verify the product's working. If you haven't seen Windows
>>> Defender
>>> detect something, visit http://eicar.org, download the 68 byte file
>>> eicar.com.txt, and copy it to your startup folder. Your AV solution
>>> (that
>>> you should be running in addition to Windows Defender) will also pick
>>> it
>>> up."

Just to chime in--indeed, you have to turn off antimalware apps to put eicar
into place. Just trying to work with it is a good way to see what
operations are being screened by your protective mechanisms and what are
not.

And it is absolutely safe.

--

"Dave M" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Yeap, that's been my experience too... your AV needs to be disabled
> because it will probably catch EICAR first, so I copied it into memory,
> disconnected from the net, disabled my AV, then created the EICAR file in
> the startup folder and BAM... Defender wakes up.
>
> It's a good exercise to both see and understand the process, one that I'd
> recommend for every WD user. But as Bill Sanderson would remind us...
> having Defender installed does not negate the need for having a Real-Time
> Anti-Virus on your system, even though both catch the EICAR file, that
> won't always be the case with other nastiness so you do need both an AV
> and AS.
>
> You think alarms were going off over EICAR... try installing Adobe
> Shockwave... geeesh, I just did... two reboots 'ta boot.
>
> --
>
> Regards, Dave
>
>
> Tim Clark wrote:
>> Stu,
>>
>> Very true.
>> It is almost impossible to download the test file unless you deactivate
>> all
>> of your protections. Any Malware checker worth its salt will detect and
>> block or clean or quarantine it. That is its purpose. I had to download
>> it
>> to test something once and it was a barrel of laughs trying to get the
>> file.
>> Alarms were going off all over the place.
>>
>> Turn off EVERYTHING before trying to download this file.
>> Then turn On the product you want to test first.
>> Of course you would only do this in a Very Specific Circumstance such as
>> this.
>> Turn Everything back on after the test.
>>
>> ?:-)
>> Tim
>>
>> "Stu" wrote:
>>
>>> Hi Dave
>>>
>>> Sorry to butt in but have you tried to visit that site recently?
>>>
>>> I tried downloading the file and sure enough my AV prog (NAV 2005)
>>> picked it
>>> up before anything else. So I disabled auto protect and tried again.
>>> This
>>> time IE7 warned me the site certificate was from an untrustworthy source
>>> and
>>> I should not continue. As for WD? Never did get far enough along the
>>> line to
>>> test its integrity <smile> Still, its nice to know I`m protected one way
>>> or
>>> another.
>>>
>>> Regards
>>>
>>> Stu
>>>
>>> "Dave M" wrote:
>>>
>>>> That depends on your internet habits... Are you a Safe Surfer?
>>>> http://pcpitstop.com/spycheck/safesurfing.asp
>>>>
>>>> If you want to see if Windows Defender is protecting your system, try
>>>> EICAR
>>>> the test file...
>>>>
>>>> From Joe Faulhaber [MSFT]:
>>>> "We've had EICAR in our definitions for about two months now, which
>>>> also
>>>> means we're not communicating the content of the definitions very well,
>>>> but
>>>> that's another issue.
>>>>
>>>> For those of you who want to know what we're talking about, the EICAR
>>>> group
>>>> came up with a harmless file detected by antivirus products so you can
>>>> safely verify the product's working. If you haven't seen Windows
>>>> Defender
>>>> detect something, visit http://eicar.org, download the 68 byte file
>>>> eicar.com.txt, and copy it to your startup folder. Your AV solution
>>>> (that
>>>> you should be running in addition to Windows Defender) will also pick
>>>> it
>>>> up."
>
>

Agreed to all you guys. I must learn to persevere with my exploits. If only
to see what Defender looks like when it finds something terminal.

Stu

"Bill Sanderson MVP" wrote:

> Just to chime in--indeed, you have to turn off antimalware apps to put eicar
> into place. Just trying to work with it is a good way to see what
> operations are being screened by your protective mechanisms and what are
> not.
>
> And it is absolutely safe.
>
> --
>
> "Dave M" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
> > Yeap, that's been my experience too... your AV needs to be disabled
> > because it will probably catch EICAR first, so I copied it into memory,
> > disconnected from the net, disabled my AV, then created the EICAR file in
> > the startup folder and BAM... Defender wakes up.
> >
> > It's a good exercise to both see and understand the process, one that I'd
> > recommend for every WD user. But as Bill Sanderson would remind us...
> > having Defender installed does not negate the need for having a Real-Time
> > Anti-Virus on your system, even though both catch the EICAR file, that
> > won't always be the case with other nastiness so you do need both an AV
> > and AS.
> >
> > You think alarms were going off over EICAR... try installing Adobe
> > Shockwave... geeesh, I just did... two reboots 'ta boot.
> >
> > --
> >
> > Regards, Dave
> >
> >
> > Tim Clark wrote:
> >> Stu,
> >>
> >> Very true.
> >> It is almost impossible to download the test file unless you deactivate
> >> all
> >> of your protections. Any Malware checker worth its salt will detect and
> >> block or clean or quarantine it. That is its purpose. I had to download
> >> it
> >> to test something once and it was a barrel of laughs trying to get the
> >> file.
> >> Alarms were going off all over the place.
> >>
> >> Turn off EVERYTHING before trying to download this file.
> >> Then turn On the product you want to test first.
> >> Of course you would only do this in a Very Specific Circumstance such as
> >> this.
> >> Turn Everything back on after the test.
> >>
> >> ?:-)
> >> Tim
> >>
> >> "Stu" wrote:
> >>
> >>> Hi Dave
> >>>
> >>> Sorry to butt in but have you tried to visit that site recently?
> >>>
> >>> I tried downloading the file and sure enough my AV prog (NAV 2005)
> >>> picked it
> >>> up before anything else. So I disabled auto protect and tried again.
> >>> This
> >>> time IE7 warned me the site certificate was from an untrustworthy source
> >>> and
> >>> I should not continue. As for WD? Never did get far enough along the
> >>> line to
> >>> test its integrity <smile> Still, its nice to know I`m protected one way
> >>> or
> >>> another.
> >>>
> >>> Regards
> >>>
> >>> Stu
> >>>
> >>> "Dave M" wrote:
> >>>
> >>>> That depends on your internet habits... Are you a Safe Surfer?
> >>>> http://pcpitstop.com/spycheck/safesurfing.asp
> >>>>
> >>>> If you want to see if Windows Defender is protecting your system, try
> >>>> EICAR
> >>>> the test file...
> >>>>
> >>>> From Joe Faulhaber [MSFT]:
> >>>> "We've had EICAR in our definitions for about two months now, which
> >>>> also
> >>>> means we're not communicating the content of the definitions very well,
> >>>> but
> >>>> that's another issue.
> >>>>
> >>>> For those of you who want to know what we're talking about, the EICAR
> >>>> group
> >>>> came up with a harmless file detected by antivirus products so you can
> >>>> safely verify the product's working. If you haven't seen Windows
> >>>> Defender
> >>>> detect something, visit http://eicar.org, download the 68 byte file
> >>>> eicar.com.txt, and copy it to your startup folder. Your AV solution
> >>>> (that
> >>>> you should be running in addition to Windows Defender) will also pick
> >>>> it
> >>>> up."
> >
> >
>
>
>

Hi Tim

If my memory recalls you predominantly use Firefox - right? If so, does that
mean you do not have IE7 installed preferring to leave IE6 as your base
browser? If this is the case. Does IE6 detect the EICAR file? Was just
wondering.

Stu

"Tim Clark" wrote:

> Stu,
>
> Very true.
> It is almost impossible to download the test file unless you deactivate all
> of your protections. Any Malware checker worth its salt will detect and
> block or clean or quarantine it. That is its purpose. I had to download it
> to test something once and it was a barrel of laughs trying to get the file.
> Alarms were going off all over the place.
>
> Turn off EVERYTHING before trying to download this file.
> Then turn On the product you want to test first.
> Of course you would only do this in a Very Specific Circumstance such as this.
> Turn Everything back on after the test.
>
> ?:-)
> Tim
>
> "Stu" wrote:
>
> > Hi Dave
> >
> > Sorry to butt in but have you tried to visit that site recently?
> >
> > I tried downloading the file and sure enough my AV prog (NAV 2005) picked it
> > up before anything else. So I disabled auto protect and tried again. This
> > time IE7 warned me the site certificate was from an untrustworthy source and
> > I should not continue. As for WD? Never did get far enough along the line to
> > test its integrity <smile> Still, its nice to know I`m protected one way or
> > another.
> >
> > Regards
> >
> > Stu
> >
> > "Dave M" wrote:
> >
> > > That depends on your internet habits... Are you a Safe Surfer?
> > > http://pcpitstop.com/spycheck/safesurfing.asp
> > >
> > > If you want to see if Windows Defender is protecting your system, try EICAR
> > > the test file...
> > >
> > > From Joe Faulhaber [MSFT]:
> > > "We've had EICAR in our definitions for about two months now, which also
> > > means we're not communicating the content of the definitions very well, but
> > > that's another issue.
> > >
> > > For those of you who want to know what we're talking about, the EICAR group
> > > came up with a harmless file detected by antivirus products so you can
> > > safely verify the product's working. If you haven't seen Windows Defender
> > > detect something, visit http://eicar.org, download the 68 byte file
> > > eicar.com.txt, and copy it to your startup folder. Your AV solution (that
> > > you should be running in addition to Windows Defender) will also pick it
> > > up."

I don't think there is code in either IE version which detects EICAR. It
would only be detected by an antimalware app--all of which are add-ons,
whether from Microsoft or others.

I would strongly recommend that even if you use Firefox as your browser,
you update to IE7 and keep that updated. The browser IS part of the
operating system, and other programs call portions of it--so having IE7 in
place makes you less vulnerable even if you believe you are never using it
except perhaps in going to Windows Update?

--

"Stu" <(E-Mail Removed)> wrote in message
news:31D01F8B-DB2B-45AD-8AEA-(E-Mail Removed)...
> Hi Tim
>
> If my memory recalls you predominantly use Firefox - right? If so, does
> that
> mean you do not have IE7 installed preferring to leave IE6 as your base
> browser? If this is the case. Does IE6 detect the EICAR file? Was just
> wondering.
>
> Stu
>
> "Tim Clark" wrote:
>
>> Stu,
>>
>> Very true.
>> It is almost impossible to download the test file unless you deactivate
>> all
>> of your protections. Any Malware checker worth its salt will detect and
>> block or clean or quarantine it. That is its purpose. I had to download
>> it
>> to test something once and it was a barrel of laughs trying to get the
>> file.
>> Alarms were going off all over the place.
>>
>> Turn off EVERYTHING before trying to download this file.
>> Then turn On the product you want to test first.
>> Of course you would only do this in a Very Specific Circumstance such as
>> this.
>> Turn Everything back on after the test.
>>
>> ?:-)
>> Tim
>>
>> "Stu" wrote:
>>
>> > Hi Dave
>> >
>> > Sorry to butt in but have you tried to visit that site recently?
>> >
>> > I tried downloading the file and sure enough my AV prog (NAV 2005)
>> > picked it
>> > up before anything else. So I disabled auto protect and tried again.
>> > This
>> > time IE7 warned me the site certificate was from an untrustworthy
>> > source and
>> > I should not continue. As for WD? Never did get far enough along the
>> > line to
>> > test its integrity <smile> Still, its nice to know I`m protected one
>> > way or
>> > another.
>> >
>> > Regards
>> >
>> > Stu
>> >
>> > "Dave M" wrote:
>> >
>> > > That depends on your internet habits... Are you a Safe Surfer?
>> > > http://pcpitstop.com/spycheck/safesurfing.asp
>> > >
>> > > If you want to see if Windows Defender is protecting your system, try
>> > > EICAR
>> > > the test file...
>> > >
>> > > From Joe Faulhaber [MSFT]:
>> > > "We've had EICAR in our definitions for about two months now, which
>> > > also
>> > > means we're not communicating the content of the definitions very
>> > > well, but
>> > > that's another issue.
>> > >
>> > > For those of you who want to know what we're talking about, the EICAR
>> > > group
>> > > came up with a harmless file detected by antivirus products so you
>> > > can
>> > > safely verify the product's working. If you haven't seen Windows
>> > > Defender
>> > > detect something, visit http://eicar.org, download the 68 byte file
>> > > eicar.com.txt, and copy it to your startup folder. Your AV solution
>> > > (that
>> > > you should be running in addition to Windows Defender) will also pick
>> > > it
>> > > up."

OK Bill, many thanks for the explanation. Now I understand - not that I`m a
user of Firefox anyway. I have it installed but my default browser is IE7
which, I might add, has given me a niggling problem for some time now. In
spite of this, I still prefer to use it and, of course, keep it updated.
Strangley enough, part of the niggling problem prevents me from using it for
visiting the WU site. Anyway, that is for the IE7 newsgroup. Trouble is, I`ve
never found anything that remotely fits or provides a solution to my problem
with it. Guess its time for a format and startover.

Stu

"Bill Sanderson MVP" wrote:

> I don't think there is code in either IE version which detects EICAR. It
> would only be detected by an antimalware app--all of which are add-ons,
> whether from Microsoft or others.
>
> I would strongly recommend that even if you use Firefox as your browser,
> you update to IE7 and keep that updated. The browser IS part of the
> operating system, and other programs call portions of it--so having IE7 in
> place makes you less vulnerable even if you believe you are never using it
> except perhaps in going to Windows Update?
>
> --
>
> "Stu" <(E-Mail Removed)> wrote in message
> news:31D01F8B-DB2B-45AD-8AEA-(E-Mail Removed)...
> > Hi Tim
> >
> > If my memory recalls you predominantly use Firefox - right? If so, does
> > that
> > mean you do not have IE7 installed preferring to leave IE6 as your base
> > browser? If this is the case. Does IE6 detect the EICAR file? Was just
> > wondering.
> >
> > Stu
> >
> > "Tim Clark" wrote:
> >
> >> Stu,
> >>
> >> Very true.
> >> It is almost impossible to download the test file unless you deactivate
> >> all
> >> of your protections. Any Malware checker worth its salt will detect and
> >> block or clean or quarantine it. That is its purpose. I had to download
> >> it
> >> to test something once and it was a barrel of laughs trying to get the
> >> file.
> >> Alarms were going off all over the place.
> >>
> >> Turn off EVERYTHING before trying to download this file.
> >> Then turn On the product you want to test first.
> >> Of course you would only do this in a Very Specific Circumstance such as
> >> this.
> >> Turn Everything back on after the test.
> >>
> >> ?:-)
> >> Tim
> >>
> >> "Stu" wrote:
> >>
> >> > Hi Dave
> >> >
> >> > Sorry to butt in but have you tried to visit that site recently?
> >> >
> >> > I tried downloading the file and sure enough my AV prog (NAV 2005)
> >> > picked it
> >> > up before anything else. So I disabled auto protect and tried again.
> >> > This
> >> > time IE7 warned me the site certificate was from an untrustworthy
> >> > source and
> >> > I should not continue. As for WD? Never did get far enough along the
> >> > line to
> >> > test its integrity <smile> Still, its nice to know I`m protected one
> >> > way or
> >> > another.
> >> >
> >> > Regards
> >> >
> >> > Stu
> >> >
> >> > "Dave M" wrote:
> >> >
> >> > > That depends on your internet habits... Are you a Safe Surfer?
> >> > > http://pcpitstop.com/spycheck/safesurfing.asp
> >> > >
> >> > > If you want to see if Windows Defender is protecting your system, try
> >> > > EICAR
> >> > > the test file...
> >> > >
> >> > > From Joe Faulhaber [MSFT]:
> >> > > "We've had EICAR in our definitions for about two months now, which
> >> > > also
> >> > > means we're not communicating the content of the definitions very
> >> > > well, but
> >> > > that's another issue.
> >> > >
> >> > > For those of you who want to know what we're talking about, the EICAR
> >> > > group
> >> > > came up with a harmless file detected by antivirus products so you
> >> > > can
> >> > > safely verify the product's working. If you haven't seen Windows
> >> > > Defender
> >> > > detect something, visit http://eicar.org, download the 68 byte file
> >> > > eicar.com.txt, and copy it to your startup folder. Your AV solution
> >> > > (that
> >> > > you should be running in addition to Windows Defender) will also pick
> >> > > it
> >> > > up."
>
>
>