MDEtester
MDEtester copied to clipboard
LearningKijo
MDE Tester is designed to help testing various features in Microsoft Defender for Endpoint.
MDE Tester
MDE Tester is designed to help testing various features in Microsoft Defender for Endpoint.
| PS script | Testing features |
|---|---|
MDEtesterTP.ps1 |
1. Microsoft Defender for Endpoint, Tamper Protection |
MDEtesterWP.ps1 |
1. Microsoft Defender SmartScreen 2. Microsoft Defender Exploit Guard, Network Protection 3. Microsoft Defender for Endpoint, URL Indicators 4. Microsoft Defender for Endpoint, Web Content Filtering |
MDEtesterTP.ps1
Prerequisites
MDEtesterTP.ps1helps confirm the status of Microsoft Defender for Endpoint, Tamper Protection. However, to test AV tampering inMDEtesterTP.ps1, enabling Tamper Protection is required.- Run
MDEtesterTP.ps1script as Administrator.
Usage
PS C:\> .\MDEtesterTP.ps1
How it looks like
MDEtesterWP.ps1
Prerequisites
MDEtesterWP.ps1 assumes that the following items are installed, enabled and onboared.
- Install Google Chrome & Microsoft Edge
- Enable Real-Time protection, Microsoft Defender Antivirus
- Enable Microsoft Defender SmartScreen
- Enable Microsoft Defender Exploit Guard, Network Protection
- Onboard Microsoft Defender for Endpoint
Usage
Test 1
PS C:\> .\MDEtesterWP.ps1
Test 2
PS C:\> .\MDEtesterWP.ps1 -Path <CSV File path>
Test 3
PS C:\> .\MDEtesterWP.ps1 -Category <category>
Test 4
PS C:\> .\MDEtesterWP.ps1 -Path <CSV File path> -Category <category>
| Features | Test 1 | Test 2 | Test 3 | Test 4 |
|---|---|---|---|---|
| Microsoft Defender SmartScreen | 〇 | 〇 | 〇 | 〇 |
| Network Protection | 〇 | 〇 | 〇 | 〇 |
| MDE URL Indicators | × | 〇 | × | 〇 |
| MDE Web Content Filtering | × | × | 〇 | 〇 |
[!Important] Signing
If your PowerShell execution policy is set to RemoteSigned, PowerShell will not run unsigned scripts downloaded from the internet. Therefore, please unblock the script using the cmdlet or through Properties.
Parameter
-Path <String> : This is an optional parameter. Please specify a CSV file path and it is used for testing MDE URL indicators.
[!Note] The CSV file column header must be 'IndicatorValue'. Here is an example.
-Category <String> : This is an optional parameter. Please select a category you want to test and it is used for testing MDE WCF.
Here are available categories :
PS C:\> .\MDEtesterWP.ps1 -Category AdultContent
PS C:\> .\MDEtesterWP.ps1 -Category HighBandwidth
PS C:\> .\MDEtesterWP.ps1 -Category LegalLiability
PS C:\> .\MDEtesterWP.ps1 -Category Leisure
[!Note] In this MDE Tester script, WEC will be tested against high-level categories such as 'AdultContent,' 'HighBandwidth,' 'LegalLiability,' and 'Leisure.' Please note that some specific categories might not be covered, and the 'Uncategorized' category is not included in this script.
LOG
After you run MDEtesterWP.ps1, all logs will be created by the script and available following the path - C:\MDE-tester.
How it looks like
Disclaimer
The views and opinions expressed herein are those of the author and do not necessarily reflect the views of company.
Metadata
Owner
LearningKijo
Metadata
MDE Tester is designed to help testing various features in Microsoft Defender for Endpoint.