Introduction
This article provides practical testing workflows for customers that have dataJAR Defend and Defend Enhanced. These tests serve to give reassurance that the relevant products are working correctly and providing the levels of security needed.
Test dataJAR Defend malware detection on Mac
This applies to customers of dataJAR Defend for Business (Mac) and Education (Mac).
dataJAR Defend uses Jamf Protect's macOS-native threat database to monitor process execution and block known malicious software in real time. The following test uses a shell script based on the industry-standard EICAR anti-malware test method to simulate a threat detection event.
Requirements
A Mac with dataJAR Defend installed and active
Steps
Open Terminal on the test device
Copy and paste the following script and press Return:
#!/bin/bash EICAR_STRING='X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' TEST_FILE=$(mktemp /tmp/eicar_test_XXXXXX) echo "$EICAR_STRING" > "$TEST_FILE" chmod +x "$TEST_FILE" "$TEST_FILE"
-
dataJAR Defend should immediately block the process. You will see:
A macOS notification: Malware Blocked and Moved to Bin
A Jamf Protect banner notification confirming the file has been blocked, moved to quarantine, and reported
The test file is harmless it is a standard industry test string and contains no actual malicious code
Within 2 hours the computer will show as Quarantined in the dataJAR Defend section of the dataJAR Portal Insights
Test dataJAR Defend USB device restriction on Mac
This applies to customers of dataJAR Defend Enhanced for Business (Mac) and dataJAR Defend for Education (Mac).
- Plug a USB storage device into the computer.
- A dialog should appear stating that the device is blocked and the device should not be accessible.
Test dataJAR Defend secure DNS on Mac and Mobile
This applies to customers of dataJAR Defend for Education (Mobile) and Defend Enhanced for Business (Mac/Mobile).
- In a supported browser, go to http://dns-test.wandera.com/. If the webpage reads Secure DNS traffic is active, DNS filtering is working correctly.
- Try the following test URLs:
- https://spam.threatops.co.uk/ to test spam prevention.
- https://malware.threatops.co.uk/ to test network-level malware.
- https://phishing.threatops.co.uk/ to test phishing threats.
- Visiting any of these three sites should direct users to https://block.jamf.com/.
Test dataJAR Defend content filtering on Mac and Mobile
This applies to customers of dataJAR Defend Enhanced for Business (Mac/Mobile).
- In a supported browser, go to a website that is in a category that should be blocked by your Content Filtering policy. This will vary depending on the policy you have in place, per your organisation's requirements. A full list of available categories is available from: https://learn.jamf.com/en-US/bundle/jamf-protect-documentation/page/Block_Policy_Available_Site_Categories.html
- Visiting this site should direct users to https://block.jamf.com/.
Need further support?
Automate. Simplify. Succeed. If you still require assistance with us or have any further questions, please raise a ticket with our support team.
Alternatively, please see our frequently updated knowledge base articles for reference.