Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EDR, WatchGuard EPP, WatchGuard EDR Core
From PSInfo, you can use the AD Sample Test File tool to run a test file of an unknown type. The test helps you to confirm that your endpoint software works as you expect.
The endpoint security product interprets the test file as suspicious. This enables you to safely test what the product does when a suspicious file runs on the endpoint.
To make sure that your endpoint security product tests, blocks, and reports a suspicious file, the tool generates a random portable executable (PE) file with a random MD5 hash. If there are no issues, the endpoint security product identifies the file as unknown, and then blocks the file.
Make sure that Advanced Protection is in Lock mode. In Lock mode, your endpoint security product does not run any software that is in the process of classification or is already classified as malware. Software can only run after Advanced Protection verifies it as goodware. For more information, go to Advanced Protection – Operating Modes (Windows Computers).
To test your endpoint security product with a sample file:
- Run PSInfo.exe.
The PSInfo dialog box opens. - Select the Tools tab.
- Double-click AD Sample Test File.
The Run Test File dialog box opens.
- Click OK. The AD Sample Test File tool runs as a background process and executes an unknown test file.
- After the AD Sample Test File tool runs the test file, click OK.
The Run Test File dialog box opens when the tool completes the test file runs.
After some time, the endpoint security product on your computer finds and reports the sample file.
