How to test that Sophos Endpoint detection features are working

  • Article ID: 10027
  • Rating:
  • 13 customers rated this article 3.9 out of 6
  • Updated: 04 Feb 2016

This article lists different methods you can use to test that your Sophos Endpoint detection features are working correctly. You can test these items from any endpoint computer on your network.

Note: all of the files and links in this article are completely harmless. They are designed to trigger the anti-virus software into recognizing it as if it were a virus, and if successful will indicate a detection.

Applies to the following Sophos product(s) and version(s)
UTM Managed Endpoint (Windows 2000+)
Sophos Endpoint Security and Control
Sophos Cloud Managed Endpoint

What To Do

On-Demand and On-access scanning

Important:The EICAR test string is not a virus, it is an industry standard detection test. Sophos Anti-Virus will report its presence as 'EICAR-AV-Test' virus.

  • Download the eicar string from 
  • Copy the string into a notepad and save it as eicar.txt
  • To test the On-access scanner capabilities rename the file to and run it.

If the on-access scanner is enabled and functioning correctly you should see a detection.

Web protection/Web Control

SophosLabs have provided the webpage which you can use to test the functionality of Sophos Web protection and Web control. Click on the relevant section title to see the Sophos response/description.

  • Click the 'Malware' option on the above page will test whether web protection is operating correctly. This should should display a blocked page and a balloon alert on the system tray.
  • To confirm whether Web control is functioning, click the other options on the page to test the category classification.

Download reputation

SophosLabs have provided this website to test the functionality of Download reputation. 

Malicious traffic detection (MTD)

To test the MTD feature do the following:

  1. Copy the following text and paste it into a text document

    set o = createobject("MSXML2.XMLHTTP") "GET", "" & rnd, FALSE

  2. Name the file mtd.vbs
  3. Double-click the file to trigger the detection.

If the MTD feature is active you should receive a 'C2/generic-B' detection on the endpoint.
The Sophos Network Threat Protection feature must be installed for MTD to function. This is only available in Sophos Cloud and Sophos Enterprise Console 5.3.0 with managed 10.6.0 and above.

Note: All of the files contained in this article should be used for testing purposes only.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent