Some of my coworkers ran the Eicar antivirus test file and triggered Defender ATP alerts on their Macs. I'm assuming they got it from (edit) https://www.eicar.org.

Correct website for the EICAR virus test file should be "https://www.eicar.org/".

To be even more specific, here's a link to the page to download the test file.

So we just went through this "testing" and I have went through it a few times before. I kinda thought about it differently this time. I am qualified to test? Who is qualified to test? Is a test file really a test? Are we just checking a box? Some modern vendors don't even bother to check for the EICAR text.

I think the new minimum testing has been changed

https://docs.jamf.com/jamf-protect/evaluation-guide/Testing_Threat_Detections.html

I think that leads to a test machine with a VM to test on a non secured network and that test machine might never be allowed on your secured network ever again. I used a machine that we are going to destroy and yes I am not qualified to test. : ) I just tested for my own personal knowledge. And to see if where the products in "our" bake off were and if they did what they said they would.

C

C

Hi,
What I do for testing is the following:
I create a policy in Self Service within files and processes:

curl -o ~/Desktop/eicar.com.txt https://www.eicar.org/download/eicar.com.txt