Before You Begin
Ensure that the Avert Library Item has behavioral detections enabled and has been successfully applied to the device by confirming that a green dot is visible next to the Avert Library Item located within the Status tab of a Device Record.
Testing Behavioral Detections
Open Terminal.
Run the following command to trigger a behavioral event.
cp 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*'
Results in Detect Mode
When the Behavior Posture Mode in the Avert Library Item is set to Detect mode:
EDR will identify the test as malicious behavioral activity. This will be reported with a status of Detected in both the Threats module (accessible via the left-hand navigation bar) and the Threats tab within a Device Record.
Results in Protect Mode
When the Behavior Posture Mode in the Avert Library Item is set to Protect mode:
EDR will recognize the test as malicious activity and block it. This will be reflected with a status of Blocked in both the Threats module (accessible via the left-hand navigation bar) and the Threats tab within a Device Record.
