Generating Test Alerts

Question

Hi All,

I am trying to generate a couple of Sophos alerts for testing purposes and having real trouble making them happen!

We are monitoring the Windows event log (in this case Windows XP) and setting alerts for certain items in our system monitoring tool. Generating virus alerts is easy using the supplied tool but does anyone know how to generate a "Suspicious Behavior" alert or a "Corrupt file found" warning?

For the corrupt file I have tried various ways of corrupting a file - changing the extension, modifying bits in the middle of the file and so on, Windows / Word / whatever report it is corrupt but Sophos always manages to successfully scan it.

A lot of searching and asking around has yet to find anything that works - any ideas or is the only thing people test the AV alert?

Thanks

sTv

This thread was automatically locked due to age.

jak · Accepted Answer

HI Steve, I found a way of creating a Sus-B alert. 1. download an instal AutoIt:    http://www.autoitscript.com/site/autoit/downloads/ 2. Create a new script file (test.au3 for example) and paste the following in Local $key = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile"
Local $val = "DisableNotifications"
Local $var = RegRead($key, $val)
MsgBox(4096, "Sus-B Test", $key & ": " & $var)
RegWrite($key, $val, "REG_DWORD" , $var) 3. Build an exe "Tools - Build" and run it. 4. SAV should alert to it as: HIPS/RegMod--008. The script just reads the reg value and writes back the same value so it doesn't change anything. Regards, Jak :35483