This article lists the different methods you can use to test if your Sophos Endpoint detection features are working correctly. You can test these items from any endpoint computer on your network.
The following sections are covered:
NOTE: All the files and links in this article are completely harmless. They are designed to trigger the anti-virus software into recognizing it as if they were a virus, and if successful, will indicate a detection.
What to do
On-demand and on-access scanning
NOTE:The EICAR test string is not a virus, it is an industry standard detection test. Sophos Anti-Virus will report its presence as
- Download the eicar string from http://www.eicar.org/
- Copy the string into a notepad and save it as
- To test the on-access scanner capabilities, rename the file to
eicar.com and run it.
If the on-access scanner is enabled and functioning correctly, you should see a detection.
Web protection/web control
Use the Sophos Web Security and Control Test Site by SophosLabs to test the Sophos web protection and web control functionality.
- Select the Malware option to test if web protection is operating correctly. This will display a blocked page and a balloon alert on the system tray.
- To confirm whether web control is functioning, click the other options on the page to test the different category classifications.
Use the Sophos Web Security and Control Test Site - Reputation webpage by SophosLab to test the download reputation functionality.
Host intrusion prevention system (HIPS)
To test the HIPS feature, do the following:
- Copy the following text and paste it into a text document:
Set t = WScript.CreateObject( "WScript.Shell" )
t.RegWrite "HKCU\SOFTWARE\Sophos\HIPSTest\", ""
Set t = Nothing
- Name the file HIPSTest.vbs
- Open a command line window
- Call the the HIPSTest.vbs using
wscript with the full path
on 64 bit Systems:
on 32 bit Systems:
After running the script, the quarantine should show
wscript, as well as the suspicious behavior setting in the Sophos Anti-Virus GUI.
Malicious traffic detection (MTD)
To test the MTD feature, do the following:
- Copy the following text and paste it into a text document
set o = createobject("MSXML2.XMLHTTP")
o.open "GET", "http://sophostest.com/mtdtest/2/" & rnd, FALSE
- Name the file
- Double-click the file to trigger the detection.
If the MTD feature is active, you will receive a
C2/generic-B detection on the endpoint.
The Sophos Network Threat Protection feature must be installed for MTD to function. This is only available in Sophos Cloud and Sophos Enterprise Console 5.3.0 with managed 10.6.0 and above.
NOTE: All of the files contained in this article should be used for testing purposes only.
Feedback and contact
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.
This is invaluable to us to ensure that we continually strive to give our customers the best information possible.