Class 1 Lab 2 ‐ Btpassing an Antivirus Application - Justin-Boyd/CIT-Class GitHub Wiki

Task 1: Windows Installation

Step 1

1 Use the Windows 10 Installation Guide to install a new Windows 10 VM with guest additions.

Step 2

Press the Windows key + R, enter gpedit.msc, and click OK to open the local group policy editor.

Step 3

Navigate to Computer Configuration → Administrative Templates → Windows Components → Windows Update.

Step 4

Double-click Configure Automatic Updates.

Step 5

Set the Disabled option, click Apply, and then click OK.

Step 6

Close the remaining windows

Task 2: File Identification

Step 1

Click the Windows icon, search for Windows Security, and open it.

Step 2

Click on Virus & threat protection, and then go to Manage settings.

Step 3

Turn off Real-time protection and Cloud-delivered protection.

Step 4

Click the back arrow and verify that Windows Security is turned off

Step 5

Copy the file ChromeSetup.exe to your Windows 10 VM, and double-click it to start Chrome browser installation

Step 6

Click Yes to allow the installation to begin.

Step 7

When the browser window opens, go to https://www.eicar.org/download-anti-malware-testfile/

Step 8

Scroll down and download the eicar_com.zip file by clicking it

Step 9

Browse to https://www.virustotal.com/gui/home and click Choose file.

Step 10

Navigate to Downloads, select eicar_com.zip, and click Open.

Step 11

Note that almost all the engines flag the file as malicious.

Task 3: Detection Evasion

Step 1

Copy to your Windows 10 VM the provided winrar installation file (winrar-x64-591.exe) and double-click it.

Step 2

Click Yes to allow the installation to begin.

Step 3

Use the default path for installation and click Install.

Step 4

Leave the selected options as is, and click OK.

Step 5

Click Done to finish the installation, and close the folder that appears

Step 6

Open the Downloads directory, right-click eicar_com, and select Extract Here to extract it.

Step 7

Right-click the eicar file and select Add to archive.

Step 8

Click Set password.

Step 9

Use your name as the password, click OK, and then click OK again in the previous window to complete the compression.

Step 10

Browse again to https://www.virustotal.com/gui/ and upload the file you compressed.

Step 11

Click Confirm upload and note that none of the engines marked the file as malicious.