Anti-malware validation
This package runs tests that validate if anti-malware software can effectively prevent known malware on an endpoint.
- Updated: Aug, 2024
- Category: Control Validation
Package Description
This package tests basic anti-malware capabilities on an endpoint, confirming if the software can properly block malicious files on disk, in memory or when downloaded over the internet.
What components are included:
- Deploys a non-malicious file called EICAR and tests if anti-malware software correctly blocks it
- Downloads an EICAR test file from the internet over http and detects if it is blocked
- Downloads an EICAR test file from the internet over https and detects if it is blocked
- Checks if malicious behavior is detected in a powershell interactive session
Additional details
The EICAR Anti-virus test file is a non-malicious computer file that was developed by the European Institute for Computer Antivirus Research (EICAR) and Computer Antivirus Research Organization (CARO), to test the response of computer antivirus. All anti-malware software should detect the benign file and trigger an alert.
Frequently Asked Questions
Yes, you should expect a couple anti-malware alerts as the package tests various scenarios where anti-malware software should trigger an alert.
Package
Recommended system configuration:
- Anti-malware:Enabled
- Endpoint Detection & Response:Enabled
- Firewall/Proxy Anti-malware:Enabled
Details
- Operating System Windows
- Languages Rust
- Package type Free