July 9, 2021

Endpoint protection testing for MacOS

I’m going through testing a endpoint protection software to use at my company and most information that I find regarding testing is focused around Windows. Well we’re an all Mac shop so a lot of the things I’m seeing doesn’t apply to me. I did find [this post with a great comment by someone from CrowdStrike](https://www.reddit.com/r/msp/comments/ci3wm1/how_do_you_test_endpoint_protection_products/?utm_source=share&utm_medium=ios_app&utm_name=iossmf).

So for anyone who’s tested endpoint protection on MacOS, what have been your guidelines that you’ve followed?





If you’re looking for efficacy testing it’s best done if you have a red team in shop. Out of the box a lot of the carbon black, sentinel one, MDE perform just as good as the next. What you would want to test is package deployment, uninstalling with their “cleaner” and maybe grab a couple of sample malware files to validate some efficacy if you don’t have a red team in house to offload this. Also take a look at performance impact (time of click protections/sand boxing for analysis) and the various impact of those configurations so you have a baseline when communicating issues from end user

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.