Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies to:
- Microsoft Defender for Endpoint Plan 1 or Plan 2
- Microsoft Defender for Business
- Microsoft Defender Antivirus
- Microsoft Defender for Individuals
Scenario requirements and setup
- Windows 11, Windows 10, Windows 8.1, Windows 7 SP1
- Windows Server 2025, Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012, and Windows Server 2008 R2
- Linux
- macOS
- Real-time protection is enabled
EICAR test file to simulate malware
After you enable Defender for Endpoint, Microsoft Defender for Business, or Microsoft Defender Antivirus, you can test the service by using an EICAR test file. Running a proof of concept like this can help you get familiar with the features, and validate the advanced security capabilities that protect your device by generating real security alerts.
You can run an antivirus detection test to verify that the device is properly onboarded and reporting to the service.
Windows
Prepare for the EICAR test file. Use an EICAR test file instead of real malware to avoid causing damage. Microsoft Defender Antivirus treats EICAR test files as malware.
Create the EICAR test file by following these steps:
Copy the following string:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*.Paste the string into a
.TXTfile and save it asEICAR.txt.
Linux/macOS
Ensure that real-time protection is enabled. Run the following command and confirm the output is
"true":mdatp health --field real_time_protection_enabledDownload the EICAR test file. Open a Terminal window and execute the appropriate command for your operating system:
Linux:
curl -o eicar.com.txt https://secure.eicar.org/eicar.com.txtmacOS:
curl -o ~/Downloads/eicar.com.txt https://secure.eicar.org/eicar.com.txtVerify that the file is quarantined. Run the following command to list all detected threats:
mdatp threat list