Forum Discussion
How to evade standard antivirus detection on Windows 11
I am a security researcher working on a legitimate penetration testing project for an authorized client, and I need to understand how to test the effectiveness of their endpoint detection and response system without triggering false positives that would disrupt their operations. Could anyone provide guidance on safe, controlled methods for evaluating antivirus sensitivity to custom-built tools in a lab environment, or point me toward best practices for whitelisting and excluding specific test folders to prevent our authorized assessment tools from being quarantined during the engagement?
1 Reply
- NoreenIron Contributor
It goes without saying that all these methods are for authorized testing only. Tools like Malbench explicitly state they are for use only in environments you are authorized to test.