@@ -74,24 +74,24 @@ jobs:
7474 shell : pwsh
7575 run : |
7676 $scan = (Resolve-Path 'scan').Path
77- $target = Join-Path $scan 'eicar.txt '
77+ $target = Join-Path $scan 'eicar.com '
7878 $p1 = 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STAND'
7979 $p2 = 'ARD-ANTIVIRUS-TEST-FILE!$H+H*'
8080 Set-Content -LiteralPath $target -Value ($p1+$p2) -NoNewline -Encoding Ascii
8181
8282name : Provoke RTP (force read)
8383 shell : pwsh
8484 run : |
85- cmd /c type scan\eicar.txt >NUL
86- Start-Sleep -Seconds 3 # give logs a moment
85+ cmd /c type scan\eicar.com >NUL
86+ Start-Sleep -Seconds 10 # give logs time to surface
8787
8888name : On-demand scan EICAR file
8989 shell : pwsh
9090 run : |
9191 $scan = (Resolve-Path 'scan').Path
92- $target = Join-Path $scan 'eicar.txt '
92+ $target = Join-Path $scan 'eicar.com '
9393 & "$env:MPCMDRUN" -Scan -ScanType 3 -File $target
94- Start-Sleep -Seconds 3 # allow detection telemetry to flush
94+ Start-Sleep -Seconds 10 # allow detection telemetry to flush
9595
9696# assert detection, but do NOT fail here; report via step output
9797 - name : Collect detections and set outputs
@@ -100,7 +100,7 @@ jobs:
100100 run : |
101101 $since = [datetime]$env:DEFENDER_SINCE
102102 $scanPath = (Resolve-Path 'scan').Path
103- $eicarPath = Join-Path $scanPath 'eicar.txt' # <-- whichever name you used
103+ $eicarPath = Join-Path $scanPath 'eicar.com'
104104
105105 function Get-Detections {
106106 param(
@@ -131,8 +131,8 @@ jobs:
131131 return [pscustomobject]@{ Eicar = $eicarHits; Real = $realHits }
132132 }
133133
134- # poll (up to 90s ) because Defender threat history entries can be delayed
135- $deadline = (Get-Date).AddSeconds(90 )
134+ # poll (up to 120s ) because Defender threat history entries can be delayed
135+ $deadline = (Get-Date).AddSeconds(120 )
136136 $interval = 5
137137 $detections = $null
138138
0 commit comments