Anti-malware validation

This package runs tests that validate if anti-malware software can effectively prevent known malware on an endpoint.

  • Updated: Aug, 2024
  • Category: Control Validation
Package Description
This package tests basic anti-malware capabilities on an endpoint, confirming if the software can properly block malicious files on disk, in memory or when downloaded over the internet.
What components are included:
  • Deploys a non-malicious file called EICAR and tests if anti-malware software correctly blocks it
  • Downloads an EICAR test file from the internet over http and detects if it is blocked
  • Downloads an EICAR test file from the internet over https and detects if it is blocked
  • Checks if malicious behavior is detected in a powershell interactive session

Additional details

The EICAR Anti-virus test file is a non-malicious computer file that was developed by the European Institute for Computer Antivirus Research (EICAR) and Computer Antivirus Research Organization (CARO), to test the response of computer antivirus. All anti-malware software should detect the benign file and trigger an alert.

Frequently Asked Questions

Yes, you should expect a couple anti-malware alerts as the package tests various scenarios where anti-malware software should trigger an alert.

Package

Recommended system configuration:

  • Anti-malware:Enabled
  • Endpoint Detection & Response:Enabled
  • Firewall/Proxy Anti-malware:Enabled

Details

  • Operating System Windows
  • Languages Rust
  • Package type Free