deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 07:17:24 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Add info on allowing threats; update disk usage

Browse Source
This commit is contained in:
Tudor Dobrila 2020-08-14 14:27:28 -07:00
parent 9ca3ef3f34
commit 6625ba4565
6 changed files with 56 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md
View File

@ -43,7 +43,7 @@ Exclusion | Definition | Examples
---|---|---
File extension | All files with the extension, anywhere on the device | `.test`
File | A specific file identified by the full path | `/var/log/test.log`<br/>`/var/log/*.log`<br/>`/var/log/install.?.log`
Folder | All files under the specified folder | `/var/log/`<br/>`/var/*/`
Folder | All files under the specified folder (recursively) | `/var/log/`<br/>`/var/*/`
Process | A specific process (specified either by the full path or file name) and all files opened by it | `/bin/cat`<br/>`cat`<br/>`c?t`
File, folder, and process exclusions support the following wildcards:
@ -124,3 +124,25 @@ echo 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' > te
```
You can also copy the string into a blank text file and attempt to save it with the file name or in the folder you are attempting to exclude.
## Allow threats
In addition to excluding certain content from being scanned, you can also configure the product not to detect some classes of threats (identified by the threat name). You should exercise caution when using this functionality, as it can leave your device unprotected.
To add a threat name to the allowed list, execute the following command:
```bash
mdatp threat allowed add --name [threat-name]
```
The threat name associated with a detection on your device can be obtained using the following command:
```bash
mdatp threat list
```
For example, to add `EICAR-Test-File (not a virus)` (the threat name associated with the EICAR detection) to the allowed list, execute the following command:
```bash
mdatp threat allowed add --name "EICAR-Test-File (not a virus)"
```

3
windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
View File

@ -98,6 +98,9 @@ The following table lists commands for some of the most common scenarios. Run `m
|Configuration |Add/remove an antivirus exclusion for a directory |`mdatp exclusion folder [add|remove] --path [path-to-directory]` |
|Configuration |Add/remove an antivirus exclusion for a process |`mdatp exclusion process [add|remove] --path [path-to-process]`<br/>`mdatp exclusion process [add|remove] --name [process-name]` |
|Configuration |List all antivirus exclusions |`mdatp exclusion list` |
|Configuration |Add a threat name to the allowed list |`mdatp threat allowed add --name [threat-name]` |
|Configuration |Remove a threat name from the allowed list |`mdatp threat allowed remove --name [threat-name]` |
|Configuration |List all allowed threat names |`mdatp threat allowed list` |
|Configuration |Turn on PUA protection |`mdatp threat policy set --type potentially_unwanted_application --action block` |
|Configuration |Turn off PUA protection |`mdatp threat policy set --type potentially_unwanted_application --action off` |
|Configuration |Turn on audit mode for PUA protection |`mdatp threat policy set --type potentially_unwanted_application --action audit` |

24
windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md
View File

@ -43,7 +43,7 @@ Exclusion | Definition | Examples
---|---|---
File extension | All files with the extension, anywhere on the machine | `.test`
File | A specific file identified by the full path | `/var/log/test.log`<br/>`/var/log/*.log`<br/>`/var/log/install.?.log`
Folder | All files under the specified folder | `/var/log/`<br/>`/var/*/`
Folder | All files under the specified folder (recursively) | `/var/log/`<br/>`/var/*/`
Process | A specific process (specified either by the full path or file name) and all files opened by it | `/bin/cat`<br/>`cat`<br/>`c?t`
File, folder, and process exclusions support the following wildcards:
@ -86,3 +86,25 @@ echo 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' > te
```
You can also copy the string into a blank text file and attempt to save it with the file name or in the folder you are attempting to exclude.
## Allow threats
In addition to excluding certain content from being scanned, you can also configure the product not to detect some classes of threats (identified by the threat name). You should exercise caution when using this functionality, as it can leave your device unprotected.
To add a threat name to the allowed list, execute the following command:
```bash
mdatp threat allowed add --name [threat-name]
```
The threat name associated with a detection on your device can be obtained using the following command:
```bash
mdatp threat list
```
For example, to add `EICAR-Test-File (not a virus)` (the threat name associated with the EICAR detection) to the allowed list, execute the following command:
```bash
mdatp threat allowed add --name "EICAR-Test-File (not a virus)"
```

7
windows/security/threat-protection/microsoft-defender-atp/mac-resources.md
View File

@ -89,14 +89,17 @@ Important tasks, such as controlling product settings and triggering on-demand s
|-------------|-------------------------------------------|-----------------------------------------------------------------------|
|Configuration|Turn on/off real-time protection |`mdatp --config realTimeProtectionEnabled [true/false]` |
|Configuration|Turn on/off cloud protection |`mdatp --config cloudEnabled [true/false]` |
|Configuration|Turn on/off product diagnostics |`mdatp --config cloudDiagnosticEnabled [true/false]` |
|Configuration|Turn on/off product diagnostics |`mdatp --config cloudDiagnosticEnabled [true/false]` |
|Configuration|Turn on/off automatic sample submission |`mdatp --config cloudAutomaticSampleSubmission [true/false]` |
|Configuration|Add a threat name to the allowed list |`mdatp threat allowed add --name [threat-name]` |
|Configuration|Remove a threat name from the allowed list |`mdatp threat allowed remove --name [threat-name]` |
|Configuration|List all allowed threat names |`mdatp threat allowed list` |
|Configuration|Turn on PUA protection |`mdatp --threat --type-handling potentially_unwanted_application block`|
|Configuration|Turn off PUA protection |`mdatp --threat --type-handling potentially_unwanted_application off` |
|Configuration|Turn on audit mode for PUA protection |`mdatp --threat --type-handling potentially_unwanted_application audit`|
|Configuration|Turn on/off passiveMode |`mdatp --config passiveMode [on/off]` |
|Diagnostics |Change the log level |`mdatp --log-level [error/warning/info/verbose]` |
|Diagnostics |Generate diagnostic logs |`mdatp --diagnostic --create` |
|Diagnostics |Generate diagnostic logs |`mdatp --diagnostic --create` |
|Health |Check the product's health |`mdatp --health` |
|Protection |Scan a path |`mdatp --scan --path [path]` |
|Protection |Do a quick scan |`mdatp --scan --quick` |

2
windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
View File

@ -65,7 +65,7 @@ If you experience any installation failures, refer to [Troubleshooting installat
> [!CAUTION]
> Running Microsoft Defender ATP for Linux side by side with other `fanotify`-based security solutions is not supported. It can lead to unpredictable results, including hanging the operating system.
- Disk space: 650 MB
- Disk space: 1GB
- The solution currently provides real-time protection for the following file system types:
- `btrfs`

2
windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
View File

@ -61,7 +61,7 @@ There are several methods and deployment tools that you can use to install and c
The three most recent major releases of macOS are supported.
- 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra)
- Disk space: 650 MB
- Disk space: 1GB
Beta versions of macOS are not supported. macOS Sierra (10.12) support ended on January 1, 2020.