deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 06:47:21 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Incorporated review comments.

Browse Source
This commit is contained in:
Amrut Kale 2019-10-24 12:36:47 +05:30
parent fd1ef148b1
commit 67fb15b1ef
5 changed files with 42 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux-install-manually.md
View File

@ -39,30 +39,24 @@ Before you get started, see [the main Microsoft Defender ATP for Linux page](mic
Follow the steps given in [Configure Microsoft's Linux Software Repository](https://docs.microsoft.com/en-us/windows-server/administration/linux-package-repository-for-microsoft-software) to setup the repository.
> [!NOTE]
> * **TODO:** Use a forward link for above instead of URL
> * I am assuming that ring 0 customers will download the onboarding package from ATP portal
## Download onboarding package
Download the onboarding package from Windows Defender Security Center:
Download the onboarding package from Microsoft Defender Security Center:
1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**.
2. In Section 1 of the page, set operating system to **Linux, macOS, iOS, and Android** and Deployment method to **Local script**.
3. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
1. In Microsoft Defender Security Center, go to **Settings > Machine Management > Onboarding**.
2. In the first drop down, set operating system to **Windows 10** and in second drop down, Deployment method to **Mobile Device Management / Microsoft Intune**.
3. Click on **Download package**. Save it as WindowsDefenderATPOnboardingPackage.zip.
![Windows Defender Security Center screenshot](images/ATP_Portal_Onboarding_page.png)
![Windows Defender Security Center screenshot](images/ATP_Portal_Onboarding_win_intune.png)
4. From a command prompt, verify that you have the file.
Extract the contents of the .zip file:
Extract the contents of the .zip file and create mdatp_onboard.json file as follows:
```bash
$ ls -l
total 8
-rw-r--r-- 1 test staff 6287 Oct 21 11:22 WindowsDefenderATPOnboardingPackage.zip
$ unzip WindowsDefenderATPOnboardingPackage.zip
Archive: WindowsDefenderATPOnboardingPackage.zip
inflating: WindowsDefenderATPOnboarding.py
$ unzip -p WindowsDefenderATPOnboardingPackage.zip | python -c 'import sys,json;data={"onboardingInfo":"\n".join(sys.stdin.readlines())};print(json.dumps(data));' >mdatp_onboard.json
```
## Application installation
@ -74,13 +68,13 @@ To complete this process, you must have admin privileges on the machine.
- ### Enterprise Linux (RHEL and variants)
```bash
sudo yum install mdatp
sudo yum -y install mdatp
```
- ### Ubuntu and Debian systems
```bash
sudo apt-get install mdatp
sudo apt-get -y install mdatp
```
@ -94,14 +88,11 @@ To complete this process, you must have admin privileges on the machine.
$ mdatp --health orgId
```
2. Run the Python script to install the configuration file:
2. Copy the mdatp_onboard.json created in earlier step to /etc/opt/microsoft/mdatp_onboard.json
```bash
$ /usr/bin/python WindowsDefenderATPOnboarding.py
Generating /etc/opt/microsoft/mdatp/mdatp_onboard.json ... (You may be required to enter sudo password)
$ sudo cp mdatp.json /etc/opt/microsoft/mdatp/mdatp_onboard.json
```
> [!NOTE]
> **TODO:** verify the path associated with above command.
3. Verify that the machine is now associated with your organization and reports a valid *orgId*:
@ -110,15 +101,23 @@ To complete this process, you must have admin privileges on the machine.
E6875323-A6C0-4C60-87AD-114BBE7439B8
```
After installation, you can see the status by running the following command:
4. After installation, you can see the status by running the following command:
```bash
$ mdatp --health healthy
1
```
```bash
$ mdatp --health healthy
1
```
> [!NOTE]
> **TODO:** Should we add eicar detection step?
5. Run a detection test
To verify that the machine is properly onboarded and reporting to the service, take the following steps on the newly onboarded machine:
- Ensure Real-time protection setting is ON ```mdatp --health realTimeProtectionEnabled```
- Open a Terminal window
Copy and run the command below:
``` bash
curl -o ~/Downloads/eicar.com.txt http://www.eicar.org/download/eicar.com.txt
```
## Logging installation issues

14
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux-install-with-puppet.md
View File

@ -35,20 +35,20 @@ This topic describes how to deploy Microsoft Defender ATP for Linux through Pupp
Before you get started, please see [the main Microsoft Defender ATP for Linux page](microsoft-defender-atp-linux.md) for a description of prerequisites and system requirements for the current software version.
In addition, for Puppet deployment, you need to be familiar with Puppet administration tasks, have a Puppet configured, and know how to deploy packages. Puppet has many ways to complete the same task. These instructions assume availability of supported puppet modules such as *apt*, *lsb-release* to help deploy the package. Your organization might use a different workflow.
In addition, for Puppet deployment, you need to be familiar with Puppet administration tasks, have a Puppet configured, and know how to deploy packages. Puppet has many ways to complete the same task. These instructions assume availability of supported puppet modules such as *apt* to help deploy the package. Your organization might use a different workflow. Please refer to [Puppet documentation](https://puppet.com/docs) for details.
## Download onboarding package
Download the onboarding package from Windows Defender Security Center:
Download the onboarding package from Microsoft Defender Security Center:
1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**.
2. In Section 1 of the page, set operating system to **Linux, macOS, iOS, and Android** and Deployment method to **Local script**.
3. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
1. In Microsoft Defender Security Center, go to **Settings > Machine Management > Onboarding**.
2. In the first drop down, set operating system to **Windows 10** and in second drop down, Deployment method to **Mobile Device Management / Microsoft Intune**.
3. Click on **Download package**. Save it as WindowsDefenderATPOnboardingPackage.zip.
![Windows Defender Security Center screenshot](images/ATP_Portal_Onboarding_win_intune.png)
4. From a command prompt, verify that you have the file.
Extract the contents of the .zip file and create mdatp_onboard.json file as follows
Extract the contents of the .zip file and create mdatp_onboard.json file as follows:
```bash
$ ls -l
@ -61,7 +61,7 @@ Download the onboarding package from Windows Defender Security Center:
You need to create a puppet manifest for deploying Microsoft Defender ATP for Linux to devices managed by puppet server. This example makes use of *apt* module available from puppetlabs and assumes that apt module has been installed on your puppet server.
Create a folders *install_mdatp/files* and *install_mdatp/manifests* under the modules folder of your puppet installation. This typically is located in */etc/puppetlabs/code/environments/production/modules* on your puppet server. Copy the mdatp.json file created in above step to *install_mdatp/files* folder. Create *init.pp* file which will contain the deployment instructions.
Create a folders *install_mdatp/files* and *install_mdatp/manifests* under the modules folder of your puppet installation. This typically is located in */etc/puppetlabs/code/environments/production/modules* on your puppet server. Copy the mdatp_onboard.json file created in above step to *install_mdatp/files* folder. Create *init.pp* file which will contain the deployment instructions.
```bash
$ pwd

25
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux-preferences.md
View File

@ -35,13 +35,9 @@ This topic describes the structure of this profile (including a recommended prof
The configuration profile is a .json file that consists of entries identified by a key (which denotes the name of the preference), followed by a value, which depends on the nature of the preference. Values can either be simple (such as a numerical value) or complex, such as a nested list of preferences.
The top level of the configuration profile includes product-wide preferences and entries for subareas of the product, which are explained in more detail in the next sections.
Typically, you would use a configuration management tool to push a file with name ```mdatp_maanged.json``` at location ```/etc/opt/microsoft/mdatp/managed/```
>[!NOTE]
> **TODO:**
> * Should Domain be removed from all the entries below?
> * Should we add path to wdavcfg?
> * Verify each of below?
The top level of the configuration profile includes product-wide preferences and entries for subareas of the product, which are explained in more detail in the next sections.
### Antivirus engine preferences
@ -49,7 +45,6 @@ The *antivirusEngine* section of the configuration profile is used to manage the
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | antivirusEngine |
| **Data type** | Dictionary (nested preference) |
| **Comments** | See the following sections for a description of the dictionary contents. |
@ -60,7 +55,6 @@ Whether real-time protection (scan files as they are accessed) is enabled or not
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | enableRealTimeProtection |
| **Data type** | Boolean |
| **Possible values** | true (default) <br/> false |
@ -76,7 +70,6 @@ Whether the antivirus engine runs in passive mode or not. In passive mode:
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | passiveMode |
| **Data type** | Boolean |
| **Possible values** | false (default) <br/> true |
@ -88,7 +81,6 @@ Entities that have been excluded from the scan. Exclusions can be specified by f
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | exclusions |
| **Data type** | Dictionary (nested preference) |
| **Comments** | See the following sections for a description of the dictionary contents. |
@ -99,7 +91,6 @@ Specifies the type of content excluded from the scan.
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | $type |
| **Data type** | String |
| **Possible values** | excludedPath <br/> excludedFileExtension <br/> excludedFileName |
@ -110,7 +101,6 @@ Used to exclude content from the scan by full file path.
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | path |
| **Data type** | String |
| **Possible values** | valid paths |
@ -122,7 +112,6 @@ Indicates if the *path* property refers to a file or directory.
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | isDirectory |
| **Data type** | Boolean |
| **Possible values** | false (default) <br/> true |
@ -134,7 +123,6 @@ Used to exclude content from the scan by file extension.
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | extension |
| **Data type** | String |
| **Possible values** | valid file extensions |
@ -146,7 +134,6 @@ Used to exclude content from the scan by file name.
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | name |
| **Data type** | String |
| **Possible values** | any string |
@ -158,7 +145,6 @@ List of threats (identified by their name) that are not blocked by the product a
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | allowedThreats |
| **Data type** | Array of strings |
@ -168,7 +154,6 @@ The *threatTypeSettings* preference in the antivirus engine is used to control h
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | threatTypeSettings |
| **Data type** | Dictionary (nested preference) |
| **Comments** | See the following sections for a description of the dictionary contents. |
@ -179,7 +164,6 @@ Type of the threat for which the behavior is configured.
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | key |
| **Data type** | String |
| **Possible values** | potentially_unwanted_application <br/> archive_bomb |
@ -194,7 +178,6 @@ Action to take when coming across a threat of the type specified in the precedin
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | value |
| **Data type** | String |
| **Possible values** | audit (default) <br/> block <br/> off |
@ -205,7 +188,6 @@ The *cloudService* entry in the configuration profile is used to configure the c
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | cloudService |
| **Data type** | Dictionary (nested preference) |
| **Comments** | See the following sections for a description of the dictionary contents. |
@ -216,7 +198,6 @@ Whether cloud delivered protection is enabled on the device or not. To improve t
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | enabled |
| **Data type** | Boolean |
| **Possible values** | true (default) <br/> false |
@ -227,7 +208,6 @@ Diagnostic data is used to keep Microsoft Defender ATP secure and up-to-date, de
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | diagnosticLevel |
| **Data type** | String |
| **Possible values** | optional (default) <br/> required |
@ -238,7 +218,6 @@ Determines whether suspicious samples (that are likely to contain threats) are s
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | automaticSampleSubmission |
| **Data type** | Boolean |
| **Possible values** | true (default) <br/> false |

13
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux-resources.md
View File

@ -60,19 +60,16 @@ If you can reproduce a problem, please increase the logging level, run the syste
If an error occurs during installation, the installer will only report a general failure.
The detailed log will be saved to /Library/Logs/Microsoft/mdatp/install.log. If you experience issues during installation, send us this file so we can help diagnose the cause.
The detailed log will be saved to /var/log/microsoft/mdatp_install.log. If you experience issues during installation, send us this file so we can help diagnose the cause.
## Uninstalling
There are several ways to uninstall Microsoft Defender ATP for Linux. Please note that while centrally managed uninstall is available on JAMF, it is not yet available for Microsoft Intune.
There are several ways to uninstall Microsoft Defender ATP for Linux. If you are using a configuration tool such as Puppet, please follow the package uninstallation instructions for the configuration tool.
### Interactive uninstallation
### Manual uninstallation
- Open **Finder > Applications**. Right click on **Microsoft Defender ATP > Move to Trash**.
### From the command line
- ```sudo rm -rf '/Applications/Microsoft Defender ATP'```
- ```sudo apt-get purge mdatp``` for Debian and Ubuntu systems
- ```sudo yum remove mdatp``` for RHEL, Oracle Linux, CentOS based systems
## Configuring from the command line

17
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux.md
View File

@ -25,12 +25,6 @@ This topic describes how to install, configure, update, and use Microsoft Defend
> [!CAUTION]
> Running other third-party endpoint protection products alongside Microsoft Defender ATP for Linux is likely to lead to performance problems and unpredictable side effects.
> [!NOTE]
>How would users give us feedback?
> **TODO:** Should we add atp --feedback "Feedback" that will send the feedback to us / OCV. I am keeping the original line for reference.
>
> If you have any feedback that you would like to share, submit it by opening Microsoft Defender ATP for Mac on your device and navigating to **Help** > **Send feedback**.
## How to install Microsoft Defender ATP for Linux
### Prerequisites
@ -41,14 +35,10 @@ This topic describes how to install, configure, update, and use Microsoft Defend
### System requirements
- Supported Linux distributions and versions: RHEL 7, Oracle 7, CentOS 7, Ubuntu 16 and 18, Debian 9
- Supported Linux server distributions and versions: RHEL 7, Oracle Linux 7, CentOS 7, Ubuntu 16 and 18, Debian 9
- Disk space: 650 MB.
> [!NOTE]
>**TODO**: Verify this
After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints.
The following table lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an *allow* rule specifically for them.
If your Linux server is behind firewall or proxy, you will likely need to allow outbound connections between it and following servers. The following table lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an *allow* rule specifically for them.
| Service location | DNS record |
| ---------------------------------------- | ----------------------- |
@ -57,9 +47,6 @@ The following table lists the services and their associated URLs that your netwo
| United Kingdom | unitedkingdom.x.cp.wd.microsoft.com |
| United States | unitedstates.x.cp.wd.microsoft.com |
>[!NOTE]
> **TODO:** Verify the proxy paragraph
Microsoft Defender ATP can discover a proxy server by using the following discovery methods:
- Web Proxy Auto-discovery Protocol (WPAD)
- Manual static proxy configuration