Contents

Test Methodology for Windows

TDR and Security Software

This document describes the test methodology to test integration of the TDR Windows Host Sensor and third-party security software (Security Software) on the same host computer.

Test Topology

For this test we install both the TDR Host Sensor and the Security Software on the same host. All traffic from the host passes through a Firebox that has TDR enabled.

Network diagram of the test methodology

Test Methodology

For this set of tests, we start with the default settings for both the Host Sensor and Security Software.

  1. Download and install the TDR Host Sensor while the Security Software real-time protection is running.
    Result: TDR Host Sensor downloads and installs successfully, and runs without issues.
  2. Download and install the Security Software while TDR Host Sensor real-time protection is running.
    Result: Security Software downloads and installs successfully and run without issues.
  3. Restart a Security Software while TDR Host Sensor is running.
    Result: Security Software restarts successfully.
  4. Restart TDR Host Sensor while the Security Software real-time protection is running.
    Result: TDR Host Sensor restarts successfully.
  5. Restart host with both TDR Host Sensor and Security Software real-time protection are running.
    Result: Both the TDR Host Sensor and Security Software start automatically and run without issues.
  6. TDR Host Sensor and Security Software detect diverse types of malware at the same time. Detected threats could include files, registry values, and processes. We test to determine whether there would be a conflict when both applications detect malware.
  7. Scripted rapid creation, move, and deletion of 1000 small files (1kb each). Note: It may be necessary to whitelist the creation script/macro within TDR and AV software to ensure execution.
    Result: Files will be created, moved, and deleted without conflict or performance degradation by AV or TDR.
  8. Run Windows updating while TDR Host Sensor and a Security Software real-time protection are running.
    Result: Windows update completes successfully.
  9. Uninstall the Security Software while TDR Host Sensor is running.
    Result: The uninstall completes successfully.
  10. Uninstall the TDR Host Sensor while the Security Software is running.
    Result: The uninstall completes successfully.

To stop and start the Host Sensor, in the Windows Services app stop and restart the Threat Detection and Response Service.

Screen shot of Threat Detection and Response in the Windows Services list

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search