diff --git a/tools/aegis4j/src/test/java/net/gredler/aegis4j/AegisAgentMonitoringTest.java b/tools/aegis4j/src/test/java/net/gredler/aegis4j/AegisAgentMonitoringTest.java
index 333b82ff40..4e28e71d93 100644
--- a/tools/aegis4j/src/test/java/net/gredler/aegis4j/AegisAgentMonitoringTest.java
+++ b/tools/aegis4j/src/test/java/net/gredler/aegis4j/AegisAgentMonitoringTest.java
@@ -2,21 +2,25 @@
 
 package net.gredler.aegis4j;
 
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.Test;
+
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
 
-import org.junit.jupiter.api.Test;
-
 /**
  * Tests {@link AegisAgent} monitoring via system properties.
  */
 public class AegisAgentMonitoringTest {
-/*
+    @AfterAll
+    public static void uninstallAgent() throws Exception {
+        TestUtils.installAgent("unblock=unsafe,serialization");
+    }
+
     @Test
     public void testSystemProperty() throws Exception {
         assertNull(System.getProperty("aegis4j.blocked.features"));
         TestUtils.installAgent("unblock=jndi,rmi,unsafe,scripting");
-        assertEquals("serialization,jshell,process,httpserver", System.getProperty("aegis4j.blocked.features"));
+        assertEquals("serialization,process,httpserver", System.getProperty("aegis4j.blocked.features"));
     }
-*/
 }
diff --git a/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2015_7501.java b/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2015_7501.java
index 37fd726436..ee99f2bf57 100644
--- a/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2015_7501.java
+++ b/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2015_7501.java
@@ -2,11 +2,14 @@
 
 package net.gredler.aegis4j;
 
-import static net.gredler.aegis4j.TestUtils.OWNED;
-import static net.gredler.aegis4j.TestUtils.installAgent;
-import static net.gredler.aegis4j.TestUtils.toBytes;
-import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.fail;
+import org.apache.commons.collections4.FunctorException;
+import org.apache.commons.collections4.Transformer;
+import org.apache.commons.collections4.comparators.TransformingComparator;
+import org.apache.commons.collections4.functors.ChainedTransformer;
+import org.apache.commons.collections4.functors.ConstantTransformer;
+import org.apache.commons.collections4.functors.InvokerTransformer;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.Test;
 
 import java.io.ByteArrayInputStream;
 import java.io.ObjectInputStream;
@@ -15,14 +18,11 @@ import java.nio.file.Path;
 import java.util.Comparator;
 import java.util.PriorityQueue;
 
-import jdk.nashorn.internal.ir.annotations.Ignore;
-import org.apache.commons.collections4.FunctorException;
-import org.apache.commons.collections4.Transformer;
-import org.apache.commons.collections4.comparators.TransformingComparator;
-import org.apache.commons.collections4.functors.ChainedTransformer;
-import org.apache.commons.collections4.functors.ConstantTransformer;
-import org.apache.commons.collections4.functors.InvokerTransformer;
-import org.junit.jupiter.api.Test;
+import static net.gredler.aegis4j.TestUtils.OWNED;
+import static net.gredler.aegis4j.TestUtils.installAgent;
+import static net.gredler.aegis4j.TestUtils.toBytes;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.fail;
 
 /**
  * Tests mitigation of CVE-2015-7501, both at the process execution level and at the serialization level.
@@ -35,10 +35,13 @@ import org.junit.jupiter.api.Test;
  * @see <a href="https://github.com/frohoff/ysoserial/blob/master/src/main/java/ysoserial/payloads/CommonsCollections6.java">Exploit POC</a>
  */
 public class CVE_2015_7501 {
+    @AfterAll
+    public static void uninstallAgent() throws Exception {
+        TestUtils.installAgent("unblock=unsafe,serialization");
+    }
 
-    /*
     @Test
-    @SuppressWarnings({ "rawtypes", "unchecked" })
+    @SuppressWarnings({"rawtypes", "unchecked"})
     public void test() throws Exception {
 
         Path temp = Files.createTempFile("aegis4j-", ".tmp");
@@ -79,7 +82,7 @@ public class CVE_2015_7501 {
         assertEquals("", TestUtils.fileReadString(temp), path);
 
         // install aegis4j agent
-        installAgent(null);
+        installAgent("unblock=unsafe");
 
         // trigger again directly, verify not owned
         try {
@@ -103,5 +106,4 @@ public class CVE_2015_7501 {
             assertEquals("Java deserialization blocked by aegis4j", e.getMessage());
         }
     }
-    */
 }
diff --git a/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2019_17531.java b/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2019_17531.java
index b70de122de..631940fbd7 100644
--- a/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2019_17531.java
+++ b/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2019_17531.java
@@ -2,13 +2,12 @@
 
 package net.gredler.aegis4j;
 
-import static net.gredler.aegis4j.TestUtils.testLdap;
-
+import com.fasterxml.jackson.databind.ObjectMapper;
 import org.apache.log4j.receivers.db.JNDIConnectionSource;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.function.Executable;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
+import static net.gredler.aegis4j.TestUtils.testLdap;
 
 /**
  * Tests mitigation of CVE-2019-17531. No setup is required besides starting the LDAP server that
@@ -23,7 +22,6 @@ import com.fasterxml.jackson.databind.ObjectMapper;
  * @see <a href="https://swapneildash.medium.com/understanding-insecure-implementation-of-jackson-deserialization-7b3d409d2038">Understanding Jackson deserialization</a>
  */
 public class CVE_2019_17531 {
-/*
     @Test
     public void test() throws Throwable {
 
@@ -40,5 +38,4 @@ public class CVE_2019_17531 {
 
         testLdap(setup, trigger, SerializableDataSource.class, true);
     }
-*/
 }
diff --git a/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2021_44228.java b/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2021_44228.java
index 4fd16526c2..495d6faf6f 100644
--- a/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2021_44228.java
+++ b/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2021_44228.java
@@ -2,9 +2,6 @@
 
 package net.gredler.aegis4j;
 
-import static net.gredler.aegis4j.TestUtils.testLdap;
-
-import jdk.nashorn.internal.ir.annotations.Ignore;
 import org.apache.logging.log4j.Level;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
@@ -18,6 +15,8 @@ import org.apache.logging.log4j.core.config.builder.impl.BuiltConfiguration;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.function.Executable;
 
+import static net.gredler.aegis4j.TestUtils.testLdap;
+
 /**
  * Tests mitigation of CVE-2021-44228 (a.k.a. Log4Shell). During setup we simply configure log4j to
  * perform basic logging, and set up our LDAP server to serve serialized {@link SerializablePojo}
@@ -28,8 +27,6 @@ import org.junit.jupiter.api.function.Executable;
  * @see <a href="https://research.nccgroup.com/2021/12/12/log4j-jndi-be-gone-a-simple-mitigation-for-cve-2021-44228/">log4j-jndi-be-gone</a>
  */
 public class CVE_2021_44228 {
-
-    /*
     @Test
     public void test() throws Throwable {
 
@@ -64,5 +61,4 @@ public class CVE_2021_44228 {
 
         Configurator.initialize(builder.build());
     }
-    */
 }
diff --git a/tools/aegis4j/src/test/java/net/gredler/aegis4j/TestUtils.java b/tools/aegis4j/src/test/java/net/gredler/aegis4j/TestUtils.java
index 5858700914..61d2223afd 100644
--- a/tools/aegis4j/src/test/java/net/gredler/aegis4j/TestUtils.java
+++ b/tools/aegis4j/src/test/java/net/gredler/aegis4j/TestUtils.java
@@ -2,9 +2,15 @@
 
 package net.gredler.aegis4j;
 
-import static org.junit.jupiter.api.Assertions.assertFalse;
-import static org.junit.jupiter.api.Assertions.assertNull;
-import static org.junit.jupiter.api.Assertions.assertTrue;
+import com.google.common.base.Charsets;
+import com.google.common.io.ByteStreams;
+import com.unboundid.ldap.listener.InMemoryDirectoryServer;
+import com.unboundid.ldap.listener.InMemoryDirectoryServerConfig;
+import com.unboundid.ldap.listener.InMemoryListenerConfig;
+import com.unboundid.ldap.sdk.DN;
+import com.unboundid.ldap.sdk.Entry;
+import com.unboundid.ldap.sdk.LDAPException;
+import org.junit.jupiter.api.function.Executable;
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -20,16 +26,9 @@ import java.util.jar.JarEntry;
 import java.util.jar.JarOutputStream;
 import java.util.jar.Manifest;
 
-import com.google.common.base.Charsets;
-import com.google.common.io.ByteStreams;
-import org.junit.jupiter.api.function.Executable;
-
-import com.unboundid.ldap.listener.InMemoryDirectoryServer;
-import com.unboundid.ldap.listener.InMemoryDirectoryServerConfig;
-import com.unboundid.ldap.listener.InMemoryListenerConfig;
-import com.unboundid.ldap.sdk.DN;
-import com.unboundid.ldap.sdk.Entry;
-import com.unboundid.ldap.sdk.LDAPException;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
 
 /**
  * Base test class which makes it easy to set up an embedded LDAP server, trigger an LDAP-related
@@ -53,7 +52,7 @@ public final class TestUtils {
         System.clearProperty(OWNED);
         assertNull(System.getProperty(OWNED));
 
-        installAgent(null);
+        installAgent("unblock=unsafe");
 
         try {
             trigger.execute();
@@ -66,6 +65,7 @@ public final class TestUtils {
         }
 
         ldapServer.shutDown(true);
+        TestUtils.installAgent("unblock=unsafe,serialization");
     }
 
     // https://docs.oracle.com/javase/jndi/tutorial/objects/representation/ldap.html