I have an Endpoint system extension that, in theory, receives XProtect alerts.
I regularly see XProtectPluginService starting programs like XProtecteRemediatorSheepSwap on my Mac.
I would love to be able to put one or more files/bundles on my Mac that triggers the detectors, so I can see the alerts go from the Endpoint system extension through to the UI.
Does Apple have or recommend a way (short of being infected) for triggering the XProtect detectors for testing?