DamagedDingo/Defender_Test_Case.zsh

## Defender_Test_Case.zsh
#!/bin/zsh
#https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-install-manually?view=o365-worldwide

clear

# Check if real-time protection is enabled
if mdatp health --field real_time_protection_enabled > /dev/null; then
    echo "Real-time protection is Enabled"
    printf "Press Enter to continue..."
    read -r
    clear
else
    echo "Real-time protection is not Enabled"
    exit 1
fi

# Download a file that will trigger if real-time protection is enabled
echo "Downloading a test file that will trigger MDATP Real-time Protection"
curl -o ~/Downloads/eicar.com.txt https://secure.eicar.org/eicar.com.txt > /dev/null

# Check if the file was detected
if mdatp threat list | grep -q "Virus:DOS/EICAR_Test_File" && mdatp threat list | grep -q "Status: \"not_found\""; then
    echo "Test file was detected by MDATP Real-time Protection"
    printf "Press Enter to continue..."
    read -r
    clear
else
    echo "Error: Test file not detected or an error occurred."
    exit 1
fi

# Download, unzip, and execute a file
open https://aka.ms/mdatpmacosdiy

# Wait until the file is available
while [ ! -e ~/Downloads/"MDATP MacOS DIY.app" ]; do
    sleep 1
done

# unzip ~/Downloads/mdatpmacosdiy.zip
chmod -R +x ~/Downloads/"MDATP MacOS DIY.app"
~/Downloads/"MDATP MacOS DIY.app"

# Check Defender portal for alerts
echo "Security Alert: Please be aware that a security event was generated. Security administrators should check for detections at https://security.microsoft.com/alerts."
	#!/bin/zsh
	#https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-install-manually?view=o365-worldwide

	clear

	# Check if real-time protection is enabled
	if mdatp health --field real_time_protection_enabled > /dev/null; then
	echo "Real-time protection is Enabled"
	printf "Press Enter to continue..."
	read -r
	clear
	else
	echo "Real-time protection is not Enabled"
	exit 1
	fi

	# Download a file that will trigger if real-time protection is enabled
	echo "Downloading a test file that will trigger MDATP Real-time Protection"
	curl -o ~/Downloads/eicar.com.txt https://secure.eicar.org/eicar.com.txt > /dev/null

	# Check if the file was detected
	if mdatp threat list \| grep -q "Virus:DOS/EICAR_Test_File" && mdatp threat list \| grep -q "Status: \"not_found\""; then
	echo "Test file was detected by MDATP Real-time Protection"
	printf "Press Enter to continue..."
	read -r
	clear
	else
	echo "Error: Test file not detected or an error occurred."
	exit 1
	fi

	# Download, unzip, and execute a file
	open https://aka.ms/mdatpmacosdiy

	# Wait until the file is available
	while [ ! -e ~/Downloads/"MDATP MacOS DIY.app" ]; do
	sleep 1
	done

	# unzip ~/Downloads/mdatpmacosdiy.zip
	chmod -R +x ~/Downloads/"MDATP MacOS DIY.app"
	~/Downloads/"MDATP MacOS DIY.app"

	# Check Defender portal for alerts
	echo "Security Alert: Please be aware that a security event was generated. Security administrators should check for detections at https://security.microsoft.com/alerts."