How am I supposed to check Defender’s capability when it trusts me blindly after I mark a test malware file as “allowed”?


With enormous amounts of fighting with Windows/Microsoft Defender, I finally managed to download the "test virus" file from https://www.ikarussecurity.com/en/private-customers/download-test-viruses/ onto my desktop.

However, Defender (on the command line) still just says:

Scanning C:\Users\John Doe\Desktop\eicar_com.zip found no threats. 

No threats? You just had me work for 30 minutes straight to make you not remove the file before it ever even landed on my desktop, and now you consider it to not contain any threats? Is this just because I have "allowed" it?

My entire point of downloading this file was to check if Windows/Microsoft Defender returns a "1" code instead of "0" when it detects a virus (and what it says as text output), but now I can’t even test that because it thinks that the file is not "harmful" just because I allowed it to exist temporarily on my system for the purpose of testing this?

Bottom line: I can’t see any way to test Defender’s output/return code for an actual malware-detected file because it doesn’t even allow me to have the file on my desktop without "allowing" it, which apparently makes it believe me blindly as an authority.