Releases: LearningKijo/MDEtester
MDE-Tester Tamper Protection v1.0.0 - Preview
MDE Tester
MDE Tester is designed to help testing various features in Microsoft Defender for Endpoint.
| PS script | Testing features |
|---|---|
MDEtesterTP.ps1 |
1. Microsoft Defender for Endpoint, Tamper Protection |
MDEtesterTP.ps1
Prerequisites
MDEtesterTP.ps1helps confirm the status of Microsoft Defender for Endpoint, Tamper Protection.
However, to test AV tampering inMDEtesterTP.ps1, enabling Tamper Protection is required.- Run
MDEtesterTP.ps1script as Administrator.
Usage
PS C:\> .\MDEtesterTP.ps1
How it looks like
MDE-Tester Web Protection v2.0.1 - Preview
MDE-Tester Web Protection v2.0.1 - Preview
MDE Tester is now included in MDE Web Content Filtering(WCF) !! As this is a preview, the content might be subject to change.
Note
In this MDE Tester script, WEC will be tested against high-level categories such as 'AdultContent,' 'HighBandwidth,' 'LegalLiability,' and 'Leisure.' Please note that some specific categories might not be covered, and the 'Uncategorized' category is not included in this script.
- You need "a CSV file" that lists URLs to test URL Indicators in Microsoft Defender for Endpoint.
Important
The CSV file column header must be 'IndicatorValue'. Here is an example.
Usage
Here are available categories :
PS C:\> .\MDEtesterWP.ps1 -Category AdultContent
PS C:\> .\MDEtesterWP.ps1 -Category HighBandwidth
PS C:\> .\MDEtesterWP.ps1 -Category LegalLiability
PS C:\> .\MDEtesterWP.ps1 -Category Leisure
Test 1
PS C:\> .\MDEtesterWP.ps1
Test 2
PS C:\> .\MDEtesterWP.ps1 -Path <CSV File path>
Test 3
PS C:\> .\MDEtesterWP.ps1 -Category <category>
Test 4
PS C:\> .\MDEtesterWP.ps1 -Path <CSV File path> -Category <category>
| Features | Test 1 | Test 2 | Test 3 | Test 4 |
|---|---|---|---|---|
| Microsoft Defender SmartScreen | 〇 | 〇 | 〇 | 〇 |
| Network Protection | 〇 | 〇 | 〇 | 〇 |
| MDE URL Indicators | × | 〇 | × | 〇 |
| MDE Web Content Filtering | × | × | 〇 | 〇 |
Always happy to hear your feedback. :) by Kijo Ninja
MDE-TesterIoC.ps1 v1.0.2
Usage
PS C:\> .\MDEtesterIoC.ps1 -Path <CSV File path>
What's Changed
- Added Microsoft Defender Antivirus version & status check
- Added a logic to stop the scrpt if Microsoft Defender Antivirus, Real Time Protection was not enabled
Important
MDE Tester will not function on your device if it falls into any of the following categories...
- Microsoft Defender for Endpoint was not deployed yet (Not onboard).
- Microsoft SmartScreen & Network Protection both were disabled.
- Microsoft Defender Antivirus, Real-time protection was disabled.
This is how it looks like - v1.0.2
MDE-TesterIoC-Preview.ps1 v1.0.1 - Preview
MDE-TesterIoC-Preview.ps1 initial public release v1.0.1
Usage
PS C:\> .\MDEtesterIoC-Preview.ps1 -Path <CSV File path>
What's Changed
- Added Microsoft Defender Antivirus version & status check
- Added a logic to stop the scrpt if Microsoft Defender Antivirus, Real Time Protection was not enabled
MDE-TesterIoC.ps1 v1.0.0
MDE-TesterIoC.ps1 initial public release v1.0.0