MDE Tester is designed to help testing various features in Microsoft Defender for Endpoint.
| PS script | Testing features |
|---|---|
MDEtesterTP.ps1 |
1. Microsoft Defender for Endpoint, Tamper Protection |
MDEtesterWP.ps1 |
1. Microsoft Defender SmartScreen 2. Microsoft Defender Exploit Guard, Network Protection 3. Microsoft Defender for Endpoint, URL Indicators 4. Microsoft Defender for Endpoint, Web Content Filtering |
MDEtesterTP.ps1helps confirm the status of Microsoft Defender for Endpoint, Tamper Protection. However, to test AV tampering inMDEtesterTP.ps1, enabling Tamper Protection is required.- Run
MDEtesterTP.ps1script as Administrator.
PS C:\> .\MDEtesterTP.ps1
MDEtesterWP.ps1 assumes that the following items are installed, enabled and onboared.
- Install Google Chrome & Microsoft Edge
- Enable Real-Time protection, Microsoft Defender Antivirus
- Enable Microsoft Defender SmartScreen
- Enable Microsoft Defender Exploit Guard, Network Protection
- Onboard Microsoft Defender for Endpoint
Test 1
PS C:\> .\MDEtesterWP.ps1
Test 2
PS C:\> .\MDEtesterWP.ps1 -Path <CSV File path>
Test 3
PS C:\> .\MDEtesterWP.ps1 -Category <category>
Test 4
PS C:\> .\MDEtesterWP.ps1 -Path <CSV File path> -Category <category>
| Features | Test 1 | Test 2 | Test 3 | Test 4 |
|---|---|---|---|---|
| Microsoft Defender SmartScreen | 〇 | 〇 | 〇 | 〇 |
| Network Protection | 〇 | 〇 | 〇 | 〇 |
| MDE URL Indicators | × | 〇 | × | 〇 |
| MDE Web Content Filtering | × | × | 〇 | 〇 |
Important
Signing
If your PowerShell execution policy is set to RemoteSigned, PowerShell will not run unsigned scripts downloaded from the internet. Therefore, please unblock the script using the cmdlet or through Properties.
-Path <String> : This is an optional parameter. Please specify a CSV file path and it is used for testing MDE URL indicators.
Note
The CSV file column header must be 'IndicatorValue'. Here is an example.
-Category <String> : This is an optional parameter. Please select a category you want to test and it is used for testing MDE WCF.
Here are available categories :
PS C:\> .\MDEtesterWP.ps1 -Category AdultContent
PS C:\> .\MDEtesterWP.ps1 -Category HighBandwidth
PS C:\> .\MDEtesterWP.ps1 -Category LegalLiability
PS C:\> .\MDEtesterWP.ps1 -Category Leisure
Note
In this MDE Tester script, WEC will be tested against high-level categories such as 'AdultContent,' 'HighBandwidth,' 'LegalLiability,' and 'Leisure.' Please note that some specific categories might not be covered, and the 'Uncategorized' category is not included in this script.
After you run MDEtesterWP.ps1, all logs will be created by the script and available following the path - C:\MDE-tester.
The views and opinions expressed herein are those of the author and do not necessarily reflect the views of company.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent