diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md index cb813cf147..3df93c4de6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md @@ -14,9 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: -- m365-security-compliance -- m365initiative-defender-endpoint +ms.collection: +- m365-security-compliance +- m365initiative-defender-endpoint ms.topic: conceptual --- @@ -144,10 +144,10 @@ In order to preview new features and provide early feedback, it is recommended t sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-[channel].list ``` For example, if you chose *insiders-fast* channel: - + ```bash sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-insiders-fast.list - ``` + ``` - Install the `gpg` package if not already installed: @@ -328,6 +328,8 @@ Download the onboarding package from Microsoft Defender Security Center: mdatp threat list ``` + If the the test file isn't detected and quarantined it might be labeled as a allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md). + ## Log installation issues See [Log installation issues](linux-resources.md#log-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md index 35fe0795ab..6643175264 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md @@ -14,9 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: -- m365-security-compliance -- m365initiative-defender-endpoint +ms.collection: +- m365-security-compliance +- m365initiative-defender-endpoint ms.topic: conceptual --- @@ -248,6 +248,30 @@ Now run the tasks files under `/etc/ansible/playbooks/` or relevant directory. ansible-playbook /etc/ansible/playbooks/uninstall_mdatp.yml -i /etc/ansible/hosts ``` +## Testing + +Run a detection test to verify that the device is properly onboarded and reporting to the service. Perform the following steps on a newly onboarded device: + +- Ensure that real-time protection is enabled (denoted by a result of `1` from running the following command): + + ```bash + mdatp health --field real_time_protection_enabled + ``` + +- Open a Terminal window. Copy and execute the following command: + + ``` bash + curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt + ``` + +- The file should have been quarantined by Defender for Endpoint for Linux. Use the following command to list all the detected threats: + + ```bash + mdatp threat list + ``` + +If the the test file isn't detected and quarantined it might be labeled as a allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md). + ## Log installation issues See [Log installation issues](linux-resources.md#log-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md index 46100ac983..b2358ccaea 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md @@ -14,9 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: -- m365-security-compliance -- m365initiative-defender-endpoint +ms.collection: +- m365-security-compliance +- m365initiative-defender-endpoint ms.topic: conceptual --- @@ -52,7 +52,7 @@ Download the onboarding package from Microsoft Defender Security Center: ![Microsoft Defender Security Center screenshot](images/atp-portal-onboarding-linux-2.png) -4. From a command prompt, verify that you have the file. +4. From a command prompt, verify that you have the file. ```bash ls -l @@ -225,9 +225,33 @@ If the product is not healthy, the exit code (which can be checked through `echo - 1 if the device isn't onboarded yet. - 3 if the connection to the daemon cannot be established. +## Testing + +Run a detection test to verify that the device is properly onboarded and reporting to the service. Perform the following steps on a newly onboarded device: + +- Ensure that real-time protection is enabled (denoted by a result of `1` from running the following command): + + ```bash + mdatp health --field real_time_protection_enabled + ``` + +- Open a Terminal window. Copy and execute the following command: + + ``` bash + curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt + ``` + +- The file should have been quarantined by Defender for Endpoint for Linux. Use the following command to list all the detected threats: + + ```bash + mdatp threat list + ``` + +If the the test file isn't detected and quarantined it might be labeled as a allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md). + ## Log installation issues - For more information on how to find the automatically generated log that is created by the installer when an error occurs, see [Log installation issues](linux-resources.md#log-installation-issues). +For more information on how to find the automatically generated log that is created by the installer when an error occurs, see [Log installation issues](linux-resources.md#log-installation-issues). ## Operating system upgrades