Best way to test antivirus.

GiveEmHelms
New Contributor III

Hello!

We are currently deploying Microsoft ATP on our test Macs, but I have no way of knowing that it is working properly. Is there a test file that you all download to see if the antivirus is working?

1 ACCEPTED SOLUTION

wcheung
New Contributor

Correct website for the EICAR virus test file should be "https://www.eicar.org/".

View solution in original post

5 REPLIES 5

jefff
Contributor II

Some of my coworkers ran the Eicar antivirus test file and triggered Defender ATP alerts on their Macs. I'm assuming they got it from (edit) https://www.eicar.org.

wcheung
New Contributor

Correct website for the EICAR virus test file should be "https://www.eicar.org/".

jefff
Contributor II

To be even more specific, here's a link to the page to download the test file.

gachowski
Valued Contributor II

So we just went through this "testing" and I have went through it a few times before. I kinda thought about it differently this time. I am qualified to test? Who is qualified to test? Is a test file really a test? Are we just checking a box? Some modern vendors don't even bother to check for the EICAR text.

I think the new minimum testing has been changed

https://docs.jamf.com/jamf-protect/evaluation-guide/Testing_Threat_Detections.html

I think that leads to a test machine with a VM to test on a non secured network and that test machine might never be allowed on your secured network ever again. I used a machine that we are going to destroy and yes I am not qualified to test. : ) I just tested for my own personal knowledge. And to see if where the products in "our" bake off were and if they did what they said they would.

C

C

dolfhoegaerts
New Contributor III

Hi,
What I do for testing is the following:
I create a policy in Self Service within files and processes:
51884fad5bbc4beb93228dcb3d5ebdc3

curl -o ~/Desktop/eicar.com.txt https://www.eicar.org/download/eicar.com.txt