Often times we deploy SEP 12.1 to clients and assume the components are functioning correctly. While the majority of the time this is true, it never hurts to spot check clients to ensure they're working as expected. Below are tests you can run for each component to verify functionality.
Test Virus and Spyware Protection
The quickest way to test this functionality is to download the EICAR file located here. Download the eicar.com.txt file. Upon checking your Risk Log, you should see a similar entry:
This ensures that Auto-Protect is functioning correctly.
Test Proactive Threat Protection
In order to test SONAR, Symantec created a test file called Socar.exe which can be downloaded here. Once downloaded and executed, you should see a similar entry in your PTP Threat Log:
This ensures SONAR is functioning correctly.
Test Network Threat Protection (IPS)
In order to test the Intrusion Prevention System, download the EICAR.com file located here. Once the download is attempted (and blocked), you will see a similar entry in your Security Log:
This ensures the IPS is functioning correctly.
Test Download Insight
In order to test Download Insight, download the CloudCar testfile here. Once the download is attempted, you will see a similar entry in your Threat Log:
This ensures Download Insight is functioning correctly.
Test Application and Device Control
In order test Application and Device Control, enable the rule to block access to autorun.inf. Create an autorun.inf file and try to copy to a removable drive. You should see the following notification:
This ensures Application and Device Control is functioning correctly.
Overall, these are very simple steps to take to test the functionality of SEP 12.1 components. I hope these are helpful for you and welcome any feedback or questions you may have.