Forum Discussion
Solved
EICAR file is not blocked by Defender for Endpoint
I have enrolled some Mac Devices and deployed Defender for Endpoint via Intune Defender for Endpoint is properly configured, but when i download the EICAR file it doesn't automatically get blocked ...
Hi ramal,
In MEM (Intune) I'm assuming that you followed these instructions:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-preferences?view=o365-worldwide#intune-full-profile
There is a section, that showcases, how to allow a treat, in case if it's a False Positive (FP).
<key>allowedThreats</key>
<array>
<string>EICAR-Test-File (not a virus)</string>
</array>
Needs to be changed to:
<key>allowedThreats</key>
<array>
<string></string>
</array>
Thanks,
Yong Rhee - MSFT
yongrheemsft
Microsoft
MicrosoftHi ramal,
In MEM (Intune) I'm assuming that you followed these instructions:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-preferences?view=o365-worldwide#intune-full-profile
There is a section, that showcases, how to allow a treat, in case if it's a False Positive (FP).
<key>allowedThreats</key>
<array>
<string>EICAR-Test-File (not a virus)</string>
</array>
Needs to be changed to:
<key>allowedThreats</key>
<array>
<string></string>
</array>
Thanks,
Yong Rhee - MSFT
Hi yongrheemsft
As advised i have modified the xml file as profile deployed, but it still isn't getting blocked / detected
Please refer below screenshot
