Knowledge Center

EICAR test file is not removed from the client and appears to go undetected
Technical Articles ID:   KB89205
Last Modified:  5/2/2017


McAfee MOVE Antivirus Agentless (MOVE AV Agentless) 4.5.x


Testing with an EICAR test file to trigger a detection results in the file not being removed, and it appears to go undetected. On the Security Virtual Appliance (SVA),  the mvsvc.log shows the following entries:

WARN [a8fc1700] MOVE - Detected malware  "EICAR test file", file has been DENIED ACCESS
WARN [ae7cc700] MOVE - Detected malware  "EICAR test file", quarantine failed hence file is not deleted


In an agentless setup, the default action to take on a malware detection is Delete files automatically and Quarantine. To quarantine a file, the SVA needs to have a network folder share configured and have the proper credentials to access the share. This setting is located in the MOVE Options policy and is blank by default. If this is not configured, the SVA will see the malware, but will be unable to perform the quarantine action, resulting in the file not being removed.  


To resolve the issue, do one of the following, and then sync the policy:
  • Configure the Agentless only section of the Quarantine Manager field.
  • Change the Threat Detection first response to Delete files Automatically (if a network share cannot be used).
To sync the policy:
  1. Open MOVE Antivirus Deployment.
  2. Under the General section, select Server Settings.
  3. Click Run.
  4. Apply the policy within NSX:
    1. Log on to the VMware vSphere Web Client as a root user.
    2. Click Home, Networking & Security, Service Composer.
    3. On the Security Policies tab, select the new security policy you have created, and then click the Apply Security Policy icon.
    4. In the Apply Policy to Security Groups window, select the security group that contains the VMs that you want to protect, and then click OK.

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.