From 2492957c1987671760ecf66e9d7cde580f9f6ea9 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Wed, 25 Sep 2019 15:29:21 -0700 Subject: [PATCH] Cleanup bash snippets --- ...rosoft-defender-atp-mac-install-manually.md | 18 +++++++++--------- ...oft-defender-atp-mac-install-with-intune.md | 11 ++++++----- ...osoft-defender-atp-mac-install-with-jamf.md | 13 +++++++------ .../microsoft-defender-atp-mac-resources.md | 6 +++--- .../microsoft-defender-atp-mac.md | 2 +- 5 files changed, 26 insertions(+), 24 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md index e3142e03ef..ba4afb804d 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md @@ -48,11 +48,11 @@ Download the installation and onboarding packages from Windows Defender Security Extract the contents of the .zip files: ```bash - ls -l + $ ls -l total 721152 -rw-r--r-- 1 test staff 6185 Mar 15 10:45 WindowsDefenderATPOnboardingPackage.zip -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg - mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip + $ unzip WindowsDefenderATPOnboardingPackage.zip Archive: WindowsDefenderATPOnboardingPackage.zip inflating: WindowsDefenderATPOnboarding.py ``` @@ -92,7 +92,7 @@ If you did not enable Microsoft's driver during installation, then the applicati You can also run ```mdatp --health```. It reports if Real-Time Protection is enabled but not available: ```bash -mdatp --health +$ mdatp --health ... realTimeProtectionAvailable : false realTimeProtectionEnabled : true @@ -112,7 +112,7 @@ In this case, you need to perform the following steps to enable Real-Time Protec 1. In Terminal, attempt to install the driver. (The operation will fail) ```bash - sudo kextutil /Library/Extensions/wdavkext.kext + $ sudo kextutil /Library/Extensions/wdavkext.kext Kext rejected due to system policy: { URL = "file:///Library/StagedExtensions/Library/Extensions/wdavkext.kext/", ID = "com.microsoft.wdavkext" } Kext rejected due to system policy: { URL = "file:///Library/StagedExtensions/Library/Extensions/wdavkext.kext/", ID = "com.microsoft.wdavkext" } Diagnostics for /Library/Extensions/wdavkext.kext: @@ -125,13 +125,13 @@ In this case, you need to perform the following steps to enable Real-Time Protec 4. In Terminal, install the driver again. This time the operation will succeed: ```bash -sudo kextutil /Library/Extensions/wdavkext.kext +$ sudo kextutil /Library/Extensions/wdavkext.kext ``` The banner should disappear from the Defender application, and ```mdatp --health``` should now report that Real-Time Protection is both enabled and available: ```bash -mdatp --health +$ mdatp --health ... realTimeProtectionAvailable : true realTimeProtectionEnabled : true @@ -145,20 +145,20 @@ realTimeProtectionEnabled : true The client machine is not associated with orgId. Note that the *orgId* attribute is blank. ```bash - mdatp --health orgId + $ mdatp --health orgId ``` 2. Run the Python script to install the configuration file: ```bash - /usr/bin/python WindowsDefenderATPOnboarding.py + $ /usr/bin/python WindowsDefenderATPOnboarding.py Generating /Library/Application Support/Microsoft/Defender/com.microsoft.wdav.atp.plist ... (You may be required to enter sudos password) ``` 3. Verify that the machine is now associated with your organization and reports a valid *orgId*: ```bash - mdatp --health orgId + $ mdatp --health orgId E6875323-A6C0-4C60-87AD-114BBE7439B8 ``` diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md index 21be43c179..1abf3471f5 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md @@ -50,28 +50,29 @@ Download the installation and onboarding packages from Microsoft Defender Securi Extract the contents of the .zip files: ```bash - mavel-macmini:Downloads test$ ls -l + $ ls -l total 721688 -rw-r--r-- 1 test staff 269280 Mar 15 11:25 IntuneAppUtil -rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg - mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip + $ unzip WindowsDefenderATPOnboardingPackage.zip Archive: WindowsDefenderATPOnboardingPackage.zip warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators inflating: intune/kext.xml inflating: intune/WindowsDefenderATPOnboarding.xml inflating: jamf/WindowsDefenderATPOnboarding.plist - mavel-macmini:Downloads test$ ``` 7. Make IntuneAppUtil an executable: - ```mavel-macmini:Downloads test$ chmod +x IntuneAppUtil``` + ```bash + $ chmod +x IntuneAppUtil + ``` 8. Create the wdav.pkg.intunemac package from wdav.pkg: ```bash - mavel-macmini:Downloads test$ ./IntuneAppUtil -c wdav.pkg -o . -i "com.microsoft.wdav" -n "1.0.0" + $ ./IntuneAppUtil -c wdav.pkg -o . -i "com.microsoft.wdav" -n "1.0.0" Microsoft Intune Application Utility for Mac OS X Version: 1.0.0.0 Copyright 2018 Microsoft Corporation diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md index 9a52b56369..621dee60a6 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md @@ -51,17 +51,16 @@ Download the installation and onboarding packages from Windows Defender Security 5. From the command prompt, verify that you have the two files. Extract the contents of the .zip files like so: ```bash - mavel-macmini:Downloads test$ ls -l + $ ls -l total 721160 -rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg - mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip + $ unzip WindowsDefenderATPOnboardingPackage.zip Archive: WindowsDefenderATPOnboardingPackage.zip warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators inflating: intune/kext.xml inflating: intune/WindowsDefenderATPOnboarding.xml inflating: jamf/WindowsDefenderATPOnboarding.plist - mavel-macmini:Downloads test$ ``` ## Create JAMF policies @@ -166,7 +165,7 @@ Once the policy is applied, you'll see the Microsoft Defender ATP icon in the ma You can monitor policy installation on a device by following the JAMF log file: ```bash - mavel-mojave:~ testuser$ tail -f /var/log/jamf.log + $ tail -f /var/log/jamf.log Thu Feb 21 11:11:41 mavel-mojave jamf[7960]: No patch policies were found. Thu Feb 21 11:16:41 mavel-mojave jamf[8051]: Checking for policies triggered by "recurring check-in" for user "testuser"... Thu Feb 21 11:16:43 mavel-mojave jamf[8051]: Executing Policy WDAV @@ -179,7 +178,7 @@ You can monitor policy installation on a device by following the JAMF log file: You can also check the onboarding status: ```bash -mavel-mojave:~ testuser$ mdatp --health +$ mdatp --health ... licensed : true orgId : "4751b7d4-ea75-4e8f-a1f5-6d640c65bc45" @@ -195,7 +194,7 @@ orgId : "4751b7d4-ea75-4e8f-a1f5-6d640c65bc45" You can check that devices have been correctly onboarded by creating a script. For example, the following script checks enrolled devices for onboarding status: ```bash -mdatp --health healthy +$ mdatp --health healthy ``` The above command prints "1" if the product is onboarded and functioning as expected. @@ -219,6 +218,8 @@ Create a script in **Settings > Computer Management > Scripts**. This script removes Microsoft Defender ATP from the /Applications directory: ```bash + #!/bin/bash + echo "Is WDAV installed?" ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md index e8697f63a3..933282df5d 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md @@ -31,7 +31,7 @@ If you can reproduce a problem, please increase the logging level, run the syste 1. Increase logging level: ```bash - mdatp --log-level verbose + $ mdatp --log-level verbose Creating connection to daemon Connection established Operation succeeded @@ -42,7 +42,7 @@ If you can reproduce a problem, please increase the logging level, run the syste 3. Run `mdatp --diagnostic --create` to backup Microsoft Defender ATP's logs. The files will be stored inside of a .zip archive. This command will also print out the file path to the backup after the operation succeeds. ```bash - mdatp --diagnostic --create + $ mdatp --diagnostic --create Creating connection to daemon Connection established ``` @@ -50,7 +50,7 @@ If you can reproduce a problem, please increase the logging level, run the syste 4. Restore logging level: ```bash - mdatp --log-level info + $ mdatp --log-level info Creating connection to daemon Connection established Operation succeeded diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md index 7c18dc31d2..f87f5332c7 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md @@ -69,7 +69,7 @@ To test that a connection is not blocked, open [https://x.cp.wd.microsoft.com/ap If you prefer the command line, you can also check the connection by running the following command in Terminal: ```bash -curl -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'https://cdn.x.cp.wd.microsoft.com/ping' +$ curl -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'https://cdn.x.cp.wd.microsoft.com/ping' ``` The output from this command should be similar to the following: