Malware detection testing using the EICAR test file
The EICAR (European Institute for Computer Anti-Virus Research) test file can be used to test Kandji EDR to ensure it has been deployed correctly and working properly. The EICAR test file is a non-malicious file that can be safely downloaded on any Mac. For more information on the Anti-Malware Test File, please visit EICAR’s Anti-Malware Test File web page.
Before You Begin
Ensure that the Avert Library Item has been successfully applied to the device by confirming that a green dot is visible next to the Avert Library Item located within the Status tab of a Device Record.
Option 1: Download and EICAR test file using Terminal
Open Terminal.
Run the following command to download the EICAR test file directly from EICAR onto your Desktop:
Option 2: Manually build the EICAR test file
Create a new empty text file using a text editor such as VS Code or Sublime Text.
Copy and paste the following two lines to the text file:
Save the text file to the Desktop on your Mac and name the file eicar_test
The 68-character string in step #2 is the string that is in EICAR's test file.
Expected Result
Malware posture mode in the Avert Library Item set to Detect mode
Kandji EDR will detect the EICAR test file and report it with a status of ‘Not quarantined’ in the Threats module located in the left-hand navigation bar and the Threats tab of a Device Record.
Malware posture mode in the Avert Library Item set to Protect mode
Kandji EDR will detect and automatically quarantine the EICAR test file within seconds of adding the executable bit to the file and will be reported with a status of ‘Quarantined’ in the Threats module located in the left-hand navigation bar and in the Threats tab of a Device Record.