deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 23:37:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

clean linter warnings

Browse Source
This commit is contained in:
MatiG 2021-01-04 19:00:20 +02:00
parent 9b2fccc262
commit 180cad0aa3
1 changed files with 24 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md
View File

@ -24,7 +24,6 @@ ms.topic: conceptual
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md)
@ -36,9 +35,11 @@ An error in installation may or may not result in a meaningful error message by
```bash
sudo journalctl | grep 'microsoft-mdatp' > installation.log
```
```bash
grep 'postinstall end' installation.log
```
```Output
microsoft-mdatp-installer[102243]: postinstall end [2020-03-26 07:04:43OURCE +0000] 102216
```
@ -54,6 +55,7 @@ Check if the mdatp service is running:
```bash
systemctl status mdatp
```
```Output
● mdatp.service - Microsoft Defender for Endpoint
Loaded: loaded (/lib/systemd/system/mdatp.service; enabled; vendor preset: enabled)
@ -69,26 +71,33 @@ systemctl status mdatp
## Steps to troubleshoot if mdatp service isn't running
1. Check if "mdatp" user exists:
```bash
id "mdatp"
```
If theres no output, run
```bash
sudo useradd --system --no-create-home --user-group --shell /usr/sbin/nologin mdatp
```
2. Try enabling and restarting the service using:
```bash
sudo systemctl enable mdatp
```
```bash
sudo systemctl restart mdatp
```
3. If mdatp.service isn't found upon running the previous command, run:
```bash
sudo cp /opt/microsoft/mdatp/conf/mdatp.service <systemd_path>
```
where ```<systemd_path>``` is
```/lib/systemd/system``` for Ubuntu and Debian distributions and
```/usr/lib/systemd/system``` for Rhel, CentOS, Oracle and SLES.
@ -100,16 +109,21 @@ Now try restarting the mdatp service using step 2. Revert the configuration chan
5. If `/opt` directory is a symbolic link, create a bind mount for `/opt/microsoft`.
6. Ensure that the daemon has executable permission.
```bash
ls -l /opt/microsoft/mdatp/sbin/wdavdaemon
```
```Output
-rwxr-xr-x 2 root root 15502160 Mar 3 04:47 /opt/microsoft/mdatp/sbin/wdavdaemon
```
If the daemon doesn't have executable permissions, make it executable using:
```bash
sudo chmod 0755 /opt/microsoft/mdatp/sbin/wdavdaemon
```
and retry running step 2.
7. Ensure that the file system containing wdavdaemon isn't mounted with "noexec".
@ -117,24 +131,31 @@ Now try restarting the mdatp service using step 2. Revert the configuration chan
## If mdatp service is running, but EICAR text file detection doesn't work
1. Check the file system type using:
```bash
findmnt -T <path_of_EICAR_file>
```
Currently supported file systems for on-access activity are listed [here](microsoft-defender-atp-linux.md#system-requirements). Any files outside these file systems won't be scanned.
## Command-line tool “mdatp” isn't working
1. If running the command-line tool `mdatp` gives an error `command not found`, run the following command:
```bash
sudo ln -sf /opt/microsoft/mdatp/sbin/wdavdaemonclient /usr/bin/mdatp
```
and try again.
If none of the above steps help, collect the diagnostic logs:
```bash
sudo mdatp diagnostic create
```
```Output
Diagnostic file created: <path to file>
```
Path to a zip file that contains the logs will be displayed as an output. Reach out to our customer support with these logs.