How do I use IPS to block the download of a file that includes the EICAR string?

Zyxel_Jeff
Zyxel_Jeff Posts: 1,230  Zyxel Employee
100 Answers 500 Comments Friend Collector Fourth Anniversary
edited November 2023 in Security Service

Scenario :

The Zyxel firewall supports detecting EICAR-related strings by IPS service, this article will guide you on how to deploy it.

Answer :

Please go to Security Services, enable the IPS feature, and make sure that the signature 'Eicar Test String' is activated

Try to download a file containing an EICAR string via HTTP, for example, using http://eicar.eu/eicar.com You will be blocked by the IPS service.

What's wrong?

Sometimes, you may encounter a situation where the IPS cannot detect the 'Eicar Test String' in the Monitor log. The possible reason is related to the browser's cache. Please thoroughly clear the browser's cache before attempting to use IPS to detect the 'Eicar Test String'.


Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community