I have a C# program that runs the powershell script Get-MpThreatDetection (which returns a list of malware found on the machine by Windows Defender) and then logs that information.
I just wanted to figure out a way to test this functionality. The only issue is obviously that it requires malware to be on the machine in order to return any results. I found some fake malware for testing from Microsoft and EICAR but the issue is that any attempt to download or run this malware is blocked by my antivirus (which I'm not allowed to disable).
I believe Get-MpThreatDetection is pulling from a database MSFT_MpThreatDetection which I can see when I open the class in the Windows Management Instrumentation Tester tool but I can't figure out how to insert any data in this database. I have tried running inserts from the WMI Tester tool query option but they all fail:
insert into MSFT_MpThreatDetection (DetectionID, ThreatID, ProcessName, DomainUser, DetectionSourceTypeID,Resources,InitialDetectionTime,LastThreatStatusChangeTime,RemediationTime,CurrentThreatExecutionStatusID,ThreatStatusID,ThreatStatusErrorCode,CleaningActionID,AMProductVersion,ActionSuccess,AdditionalActionsBitMask)
values ('','','test','',1,'','20120618 10:34:09 AM', '20120618 10:34:09 AM', '20120618 10:34:09 AM', 1,1,1,1,'',1,1)
