Posted on 05-04-2020 08:12 AM
Hello!
We are currently deploying Microsoft ATP on our test Macs, but I have no way of knowing that it is working properly. Is there a test file that you all download to see if the antivirus is working?
Solved! Go to Solution.
Posted on 05-04-2020 10:57 AM
Correct website for the EICAR virus test file should be "https://www.eicar.org/".
Posted on 05-04-2020 09:51 AM
Some of my coworkers ran the Eicar antivirus test file and triggered Defender ATP alerts on their Macs. I'm assuming they got it from (edit) https://www.eicar.org.
Posted on 05-04-2020 10:57 AM
Correct website for the EICAR virus test file should be "https://www.eicar.org/".
Posted on 05-04-2020 01:07 PM
To be even more specific, here's a link to the page to download the test file.
Posted on 05-05-2020 10:38 AM
So we just went through this "testing" and I have went through it a few times before. I kinda thought about it differently this time. I am qualified to test? Who is qualified to test? Is a test file really a test? Are we just checking a box? Some modern vendors don't even bother to check for the EICAR text.
I think the new minimum testing has been changed
https://docs.jamf.com/jamf-protect/evaluation-guide/Testing_Threat_Detections.html
I think that leads to a test machine with a VM to test on a non secured network and that test machine might never be allowed on your secured network ever again. I used a machine that we are going to destroy and yes I am not qualified to test. : ) I just tested for my own personal knowledge. And to see if where the products in "our" bake off were and if they did what they said they would.
C
C
Posted on 12-22-2020 05:04 AM
Hi,
What I do for testing is the following:
I create a policy in Self Service within files and processes:
curl -o ~/Desktop/eicar.com.txt https://www.eicar.org/download/eicar.com.txt