deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 03:43:39 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merging changes synced from https://github.com/MicrosoftDocs/windows-docs-pr (branch live)

Browse Source
This commit is contained in:
officedocspr
2020-04-03 19:29:06 +00:00
parent f7f059c2b0 2826f98d9a
commit 71f0688e75
12 changed files with 231 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
windows/security/information-protection/windows-information-protection/limitations-with-wip.md
View File

@ -53,7 +53,7 @@ This table provides info about the most common problems you might encounter whil
</tr>
<tr>
<td>WIP is designed for use by a single user per device.</td>
<td>A secondary user on a device might experience app compat issues when unenlightened apps start to automatically encrypt for all users. Additionally, only the initial, enrolled users content can be revoked during the unenrollment process.</td>
<td>A secondary user on a device might experience app compatibility issues when unenlightened apps start to automatically encrypt for all users. Additionally, only the initial, enrolled users content can be revoked during the unenrollment process.</td>
<td>We recommend only having one user per managed device.</td>
</tr>
<tr>
@ -121,12 +121,12 @@ This table provides info about the most common problems you might encounter whil
<tr>
<td>Only enlightened apps can be managed without device enrollment
</td>
<td>If a user enrolls a device for Mobile Application Management (MAM) without device enrollment, only enlightened apps will be managed. This is by design to prevent personal files from being unintenionally encrypted by unenlighted apps. Unenlighted apps that need to access work using MAM need to be re-compiled as LOB apps or managed by using MDM with device enrollment.</td>
<td>If a user enrolls a device for Mobile Application Management (MAM) without device enrollment, only enlightened apps will be managed. This is by design to prevent personal files from being unintentionally encrypted by unenlighted apps. Unenlighted apps that need to access work using MAM need to be re-compiled as LOB apps or managed by using MDM with device enrollment.</td>
<td>If all apps need to be managed, enroll the device for MDM.
</td>
</tr>
<tr>
<td>By design, files in the Windows directory (%windir% or C:/Windows) cannot be encrypted because they need to be accessed by any user. If a file in the Windows directory gets encypted by one user, other users can&#39;t access it.<br/> </td>
<td>By design, files in the Windows directory (%windir% or C:/Windows) cannot be encrypted because they need to be accessed by any user. If a file in the Windows directory gets encrypted by one user, other users can&#39;t access it.<br/> </td>
<td>Any attempt to encrypt a file in the Windows directory will return a file access denied error. But if you copy or drag and drop an encrypted file to the Windows directory, it will retain encryption to honor the intent of the owner.
</td>
<td>If you need to save an encrypted file in the Windows directory, create and encrypt the file in a different directory and copy it.

2
windows/security/threat-protection/TOC.md
View File

@ -230,6 +230,7 @@
### [Microsoft Defender Advanced Threat Protection for Linux](microsoft-defender-atp/microsoft-defender-atp-linux.md)
#### [What's New](microsoft-defender-atp/linux-whatsnew.md)
#### [Deploy]()
##### [Manual deployment](microsoft-defender-atp/linux-install-manually.md)
##### [Puppet based deployment](microsoft-defender-atp/linux-install-with-puppet.md)
@ -244,6 +245,7 @@
##### [Set preferences](microsoft-defender-atp/linux-preferences.md)
#### [Troubleshoot]()
##### [Troubleshoot installation issues](microsoft-defender-atp/linux-support-install.md)
##### [Troubleshoot cloud connectivity issues](microsoft-defender-atp/linux-support-connectivity.md)
##### [Troubleshoot performance issues](microsoft-defender-atp/linux-support-perf.md)

15
windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md
View File

@ -41,10 +41,17 @@ The follow table shows the exclusion types supported by Microsoft Defender ATP f
Exclusion | Definition | Examples
---|---|---
File extension | All files with the extension, anywhere on the machine | .test
File | A specific file identified by the full path | /var/log/test.log
Folder | All files under the specified folder | /var/log/
Process | A specific process (specified either by the full path or file name) and all files opened by it | /bin/cat<br/>cat
File extension | All files with the extension, anywhere on the machine | `.test`
File | A specific file identified by the full path | `/var/log/test.log`<br/>`/var/log/*.log`<br/>`/var/log/install.?.log`
Folder | All files under the specified folder | `/var/log/`<br/>`/var/*/`
Process | A specific process (specified either by the full path or file name) and all files opened by it | `/bin/cat`<br/>`cat`<br/>`c?t`
File, folder, and process exclusions support the following wildcards:
Wildcard | Description | Example | Matches
---|---|---|---
\* | Matches any number of any characters including none | `/var/\*/\*.log` | `/var/log/system.log`
? | Matches any single character | `file?.log` | `file1.log`<br/>`file2.log`
## How to configure the list of exclusions

121
windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md Normal file
View File

@ -0,0 +1,121 @@
---
title: Troubleshoot installation issues for Microsoft Defender ATP for Linux
ms.reviewer:
description: Troubleshoot installation issues for Microsoft Defender ATP for Linux
keywords: microsoft, defender, atp, linux, installation
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dansimp
author: dansimp
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
---
# Troubleshoot installation issues for Microsoft Defender ATP for Linux
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux](microsoft-defender-atp-linux.md)
## Verify if installation succeeded
An error in installation may or may not result in a meaningful error message by the package manager. To verify if the installation succeeded, one can obtain and check the installation logs using:
```bash
$ sudo journalctl | grep 'microsoft-mdatp' > installation.log
$ grep 'postinstall end' installation.log
microsoft-mdatp-installer[102243]: postinstall end [2020-03-26 07:04:43OURCE +0000] 102216
```
An output from the previous command with correct date and time of installation indicates success.
Also check the [Client configuration](linux-install-manually.md#client-configuration) to verify the health of the product and detect the EICAR text file.
## Installation failed
Check if the mdatp service is running
```bash
$ systemctl status mdatp
● mdatp.service - Microsoft Defender ATP
Loaded: loaded (/lib/systemd/system/mdatp.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2020-03-26 10:37:30 IST; 23h ago
Main PID: 1966 (wdavdaemon)
Tasks: 105 (limit: 4915)
CGroup: /system.slice/mdatp.service
├─1966 /opt/microsoft/mdatp/sbin/wdavdaemon
├─1967 /opt/microsoft/mdatp/sbin/wdavdaemon
└─1968 /opt/microsoft/mdatp/sbin/wdavdaemon
```
## Steps to troubleshoot if mdatp service isn't running
1. Check if “mdatp” user exists:
```bash
$ id “mdatp”
```
If theres no output, run
```bash
$ sudo useradd --system --no-create-home --user-group --shell /usr/sbin/nologin mdatp
```
2. Try enabling and restarting the service using:
```bash
$ sudo systemctl enable mdatp
$ sudo systemctl restart mdatp
```
3. If mdatp.service isn't found upon running the previous command, run
```bash
$ sudo cp /opt/microsoft/mdatp/conf/mdatp.service <systemd_path>
where <systemd_path> is
/lib/systemd/system for Ubuntu and Debian distributions
/usr/lib/systemd/system for Rhel, CentOS, Oracle and SLES
```
and then rerun step 2.
4. If the above steps dont work, check if SELinux is installed and in enforcing mode. If so, try setting it to permissive (preferably) or disabled mode. It can be done by setting the parameter `SELINUX` to "permissive" or "disabled" in `/etc/selinux/config` file, followed by reboot. Check the man-page of selinux for more details.
Now try restarting the mdatp service using step 2. Revert the configuration change immediately though for security reasons after trying it and reboot.
5. Ensure that the daemon has executable permission.
```bash
$ ls -l /opt/microsoft/mdatp/sbin/wdavdaemon
-rwxr-xr-x 2 root root 15502160 Mar 3 04:47 /opt/microsoft/mdatp/sbin/wdavdaemon
```
If the daemon doesn't have executable permissions, make it executable using:
```bash
$ sudo chmod 0755 /opt/microsoft/mdatp/sbin/wdavdaemon
```
and retry running step 2.
6. Ensure that the file system containing wdavdaemon isn't mounted with “noexec”.
## If mdatp service is running, but EICAR text file detection doesn't work
1. Check the file system type using:
```bash
$ findmnt -T <path_of_EICAR_file>
```
Currently supported file systems for on-access activity are listed [here](microsoft-defender-atp-linux.md#system-requirements). Any files outside these file systems won't be scanned.
## Command-line tool “mdatp” isn't working
1. If running the command-line tool `mdatp` gives an error `command not found`, run the following command:
```bash
$ sudo ln -sf /opt/microsoft/mdatp/sbin/wdavdaemonclient /usr/bin/mdatp
```
and try again.
If none of the above steps help, collect the diagnostic logs:
```bash
$ sudo mdatp --diagnostic --create
```
Path to a zip file that contains the logs will be displayed as an output. Reach out to our customer support with these logs.

27
windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md Normal file
View File

@ -0,0 +1,27 @@
---
title: What's new in Microsoft Defender Advanced Threat Protection for Linux
description: List of major changes for Microsoft Defender ATP for Linux.
keywords: microsoft, defender, atp, linux, whatsnew, release
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: security
ms.sitesec: library
ms.pagetype: security
ms.author: dansimp
author: dansimp
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
---
# What's new in Microsoft Defender Advanced Threat Protection for Linux
## 100.90.70
- Antivirus [exclusions now support wildcards](linux-exclusions.md#supported-exclusion-types)
- Added the ability to [troubleshoot performance issues](linux-support-perf.md) through the `mdatp` command-line tool
- Improvements to make the package installation more robust
- Performance improvements & bug fixes

8
windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md
View File

@ -41,10 +41,10 @@ The follow table shows the exclusion types supported by Microsoft Defender ATP f
Exclusion | Definition | Examples
---|---|---
File extension | All files with the extension, anywhere on the machine | .test
File | A specific file identified by the full path | /var/log/test.log
Folder | All files under the specified folder | /var/log/
Process | A specific process (specified either by the full path or file name) and all files opened by it | /bin/cat<br/>cat
File extension | All files with the extension, anywhere on the machine | `.test`
File | A specific file identified by the full path | `/var/log/test.log`
Folder | All files under the specified folder | `/var/log/`
Process | A specific process (specified either by the full path or file name) and all files opened by it | `/bin/cat`<br/>`cat`
## How to configure the list of exclusions

2
windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
View File

@ -70,6 +70,8 @@ In general you need to take the following steps:
- [Deploy using Puppet configuration management tool](linux-install-with-puppet.md)
- [Deploy using Ansible configuration management tool](linux-install-with-ansible.md)
If you experience any installation failures, refer to [Troubleshooting installation failures in Microsoft Defender ATP for Linux](linux-support-install.md).
### System requirements
- Supported Linux server distributions and versions: