Edit

Share via

Test agentless malware scanning alerts

  • Article

In addition to the next-generation antimalware protection provided by agent-based Defender for Endpoint integration with Defender for Cloud, Defender for Servers Plan 2 provides agentless malware scanning as part of its agentless scanning capabilities.

This article describes how to create a test alert to make sure that agentless malware scanning is working as expected.

Prerequisites

  • Defender for Servers Plan 2 is turned on.
  • Agentless scanning is enabled in the plan.

Create a test file for Linux

  1. Open a terminal window on the VM.

  2. Run the following command:

    # test string  
TEST_STRING='$$89-barbados-dublin-damascus-notice-pulled-natural-31$$'  

# File to be created  
FILE_PATH="/tmp/virus_test_file.txt"  

# Write the test string to the file  
echo -n $TEST_STRING > $FILE_PATH  

# Check if the file was created and contains the correct string  
if [ -f "$FILE_PATH" ]; then  
    if grep -Fq "$TEST_STRING" "$FILE_PATH"; then  
        echo "Virus test file created and validated successfully."  
    else  
        echo "Virus test file does not contain the correct string."  
    fi  
else  
    echo "Failed to create virus test file."  
fi

The alert MDC_Test_File malware was detected (Agentless) will appear within 24 hours in the Defender for Cloud Alerts page and in the Defender XDR portal.

Screenshot of the test alert that appears in Defender for Cloud for Linux.

Create a test file for Windows with a text document

  1. Create a text file on your VM.

  2. Paste the text $$89-barbados-dublin-damascus-notice-pulled-natural-31$$ into the text file.

    Important

    Ensure that there are no extra spaces or lines in the text file.

  3. Save the file.

  4. Open the file to validate that it contains the content from stage 2.

The alert MDC_Test_File malware was detected (Agentless) will appear within 24 hours in the Defender for Cloud Alerts page and in the Defender XDR portal.

Screenshot of the test alert that appears in Defender for Cloud for Windows because of the text file that was created.

Create a test file for Windows with PowerShell

  1. Open PowerShell on your VM.

  2. Execute the following script.

# Virus test string
$TEST_STRING = '$$89-barbados-dublin-damascus-notice-pulled-natural-31$$'

# File to be created
$FILE_PATH = "C:\temp\virus_test_file.txt"

# Create "temp" directory if it does not exist
$DIR_PATH = "C:\temp"
if (!(Test-Path -Path $DIR_PATH)) {
   New-Item -ItemType Directory -Path $DIR_PATH
}

# Write the test string to the file without a trailing newline
[IO.File]::WriteAllText($FILE_PATH, $TEST_STRING)

# Check if the file was created and contains the correct string
if (Test-Path -Path $FILE_PATH) {
    $content = [IO.File]::ReadAllText($FILE_PATH)
    if ($content -eq $TEST_STRING) {
      Write-Host "Test file created and validated successfully."
    } else {
       Write-Host "Test file does not contain the correct string."
    }
} else {
    Write-Host "Failed to create test file."
}

The alert MDC_Test_File malware was detected (Agentless) will appear within 24 hours in the Defender for Cloud Alerts page and in the Defender XDR portal.

Screenshot of the test alert that appears in Defender for Cloud for Windows with because of the PowerShell script.