deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-28 05:07:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'lsaldanha-4650392' of https://github.com/MicrosoftDocs/windows-docs-pr into lsaldanha-4650392

Browse Source
This commit is contained in:
Gary Moore 2020-12-03 23:22:29 -08:00
commit a93e1c420c
6 changed files with 209 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
windows/security/threat-protection/TOC.md
View File

@ -298,6 +298,7 @@
##### [Set preferences](microsoft-defender-atp/linux-preferences.md)
##### [Detect and block Potentially Unwanted Applications](microsoft-defender-atp/linux-pua.md)
##### [Schedule scans with Microsoft Defender ATP for Linux](microsoft-defender-atp/linux-schedule-scan-atp.md)
##### [Schedule an update of the Microsoft Defender for Endpoint (Linux)](microsoft-defender-atp/linux-update-MDE-Linux.md)
#### [Troubleshoot]()
##### [Troubleshoot installation issues](microsoft-defender-atp/linux-support-install.md)

BIN
windows/security/threat-protection/microsoft-defender-atp/images/update-MDE-linux-4634577.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 42 KiB

182
windows/security/threat-protection/microsoft-defender-atp/linux-update-MDE-Linux.md Normal file
View File

@ -0,0 +1,182 @@
---
title: How to schedule an update of the Microsoft Defender for Endpoint (Linux)
description: Learn how to schedule an update of the Microsoft Defender for Endpoint (Linux) to better protect your organization's assets.
keywords: microsoft, defender, atp, linux, scans, antivirus, microsoft defender for endpoint (linux)
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dansimp
author: dansimp
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
---
# Schedule an update of the Microsoft Defender for Endpoint (Linux)
To run an update on Microsoft Defender for Endpoint for Linux, see [Deploy updates for Microsoft Defender for Endpoint for Linux](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-updates).
Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to be able to run scheduled tasks.
## Pre-requisite
> [!NOTE]
> To get a list of all the time zones, run the following command:
> `timedatectl list-timezones`<br>
> Examples for timezones: <br>
> - `America/Los_Angeles`
> - `America/New_York`
> - `America/Chicago`
> - `America/Denver`
## To set the Cron job
Use the following commands:
**To backup crontab entries**
`sudo crontab -l > /var/tmp/cron_backup_201118.dat`
> [!NOTE]
> Where 201118 == YYMMDD
> [!TIP]
> Do this before you edit or remove. <br>
To edit the crontab, and add a new job as a root user: <br>
`sudo crontab -e`
> [!NOTE]
> The default editor is VIM.
You might see:
0****/etc/opt/microsoft/mdatp/logrorate.sh
And
02**sat /bin/mdatp scan quick>~/mdatp_cron_job.log
See [Schedule scans with Microsoft Defender for Endpoint (Linux)](linux-schedule-scan-atp.md)
Press “Insert”
Add the following entries:
CRON_TZ=America/Los_Angeles
> #!RHEL and variants (CentOS and Oracle Linux)
`06**sun[$(date +\%d) -le 15] sudo yum update mdatp>>~/mdatp_cron_job.log`
> #!SLES and variants
`06**sun[$(date +\%d) -le 15] sudo zypper update mdatp>>~/mdatp_cron_job.log`
> #!Ubuntu and Debian systems
`06**sun [$(date +\%d) -le 15] sudo apt-get install --only-upgrade mdatp>>~/mdatp_cron_job.log`
> [!NOTE]
> In the examples above, we are setting it to 00 minutes, 6 a.m.(hour in 24 hour format), any day of the month, any month, on Sundays.[$(date +\%d) -le 15] == Wont run unless its equal or less than the 15th day (3rd week). Meaning it will run every 3rd Sundays(7) of the month at 6:00 a.m. Pacific (UTC -8).
Press “Esc”
Type “:wq” w/o the double quotes.
> [!NOTE]
> w == write, q == quit
To view your cron jobs, type `sudo crontab -l`
:::image type="content" source="images/update-MDE-linux-4634577.jpg" alt-text="update MDE linux":::
To inspect cron job runs:
`sudo grep mdatp /var/log/cron`
To inspect the mdatp_cron_job.log
`sudo nano mdatp_cron_job.log`
## For those who use Ansible, Chef, or Puppet
Use the following commands:
### To set cron jobs in Ansible
`cron Manage cron.d and crontab entries`
See [https://docs.ansible.com/ansible/latest/modules/cron_module.html](https://docs.ansible.com/ansible/latest/modules/cron_module.html) for more information.
### To set crontabs in Chef
`cron resource`
See [https://docs.chef.io/resources/cron/](https://docs.chef.io/resources/cron/) for more information.
### To set cron jobs in Puppet
Resource Type: cron
See [https://puppet.com/docs/puppet/5.5/types/cron.html](https://puppet.com/docs/puppet/5.5/types/cron.html) for more information.
Automating with Puppet: Cron jobs and scheduled tasks
See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/) for more information.
## Additional information
**To get help with crontab**
`man crontab`
**To get a list of crontab file of the current user**
`crontab -l`
**To get a list of crontab file of another user**
`crontab -u username -l`
**To backup crontab entries**
`crontab -l > /var/tmp/cron_backup.dat`
> [!TIP]
> Do this before you edit or remove. <br>
**To restore crontab entries**
`crontab /var/tmp/cron_backup.dat`
**To edit the crontab and add a new job as a root user**
`sudo crontab -e`
**To edit the crontab and add a new job**
`crontab -e`
**To edit other users crontab entries**
`crontab -u username -e`
**To remove all crontab entries**
`crontab -r`
**To remove other users crontab entries**
`crontab -u username -r`
**Explanation**
<pre>
+—————- minute (values: 0 59) (special characters: , * /) <br>
| +————- hour (values: 0 23) (special characters: , * /) <br>
| | +———- day of month (values: 1 31) (special characters: , * / L W C) <br>
| | | +——- month (values: 1 12) (special characters: ,- * / ) <br>
| | | | +—- day of week (values: 0 6) (Sunday=0 or 7) (special characters: , * / L W C) <br>
| | | | |*****command to be executed
</pre>

22
windows/security/threat-protection/microsoft-defender-atp/mac-resources.md
View File

@ -46,13 +46,13 @@ If you can reproduce a problem, increase the logging level, run the system for s
3. Run `sudo mdatp diagnostic create` to back up the Microsoft Defender for Endpoint logs. The files will be stored inside a .zip archive. This command will also print out the file path to the backup after the operation succeeds.
> [!TIP]
> By default, diagnostic logs are saved to `/Library/Application Support/Microsoft/Defender/wdavdiag/`. To change the directory where diagnostic logs are saved, pass `--path [directory]` to the below command, replacing `[directory]` with the desired directory.
> [!TIP]
> By default, diagnostic logs are saved to `/Library/Application Support/Microsoft/Defender/wdavdiag/`. To change the directory where diagnostic logs are saved, pass `--path [directory]` to the below command, replacing `[directory]` with the desired directory.
```bash
sudo mdatp diagnostic create
```
```Output
```console
Diagnostic file created: "/Library/Application Support/Microsoft/Defender/wdavdiag/932e68a8-8f2e-4ad0-a7f2-65eb97c0de01.zip"
```
@ -61,7 +61,7 @@ If you can reproduce a problem, increase the logging level, run the system for s
```bash
mdatp log level set --level info
```
```Output
```console
Log level configured successfully
```
@ -102,10 +102,10 @@ Important tasks, such as controlling product settings and triggering on-demand s
|Configuration|Turn on audit mode for PUA protection |`mdatp threat policy set --type potentially_unwanted_application -- action audit` |
|Configuration|Turn on/off passiveMode |`mdatp config passive-mode --value enabled [enabled/disabled]` |
|Diagnostics |Change the log level |`mdatp log level set --level [error/warning/info/verbose]` |
|Diagnostics |Generate diagnostic logs |`mdatp diagnostic create --path [directory]` |
|Diagnostics |Generate diagnostic logs |`mdatp diagnostic create --path [directory]` |
|Health |Check the product's health |`mdatp health` |
|Health |Check for a spefic product attribute |`mdatp health --field [attribute: healthy/licensed/engine_version...]` |
|Protection |Scan a path |`mdatp scan custom --path [path]` |
|Protection |Scan a path |`mdatp scan custom --path [path] [--ignore-exclusions]` |
|Protection |Do a quick scan |`mdatp scan quick` |
|Protection |Do a full scan |`mdatp scan full` |
|Protection |Cancel an ongoing on-demand scan |`mdatp scan cancel` |
@ -113,17 +113,17 @@ Important tasks, such as controlling product settings and triggering on-demand s
|EDR |Turn on/off EDR preview for Mac |`mdatp edr early-preview [enabled/disabled]` |
|EDR |Add group tag to device. EDR tags are used for managing device groups. For more information, please visit https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups |`mdatp edr tag set --name GROUP --value [name]` |
|EDR |Remove group tag from device |`mdatp edr tag remove --tag-name [name]` |
|EDR |Add Group Id |`mdatp edr group-ids --group-id [group]` |
|EDR |Add Group ID |`mdatp edr group-ids --group-id [group]` |
### How to enable autocompletion
To enable autocompletion in `Bash`, run the following command and restart the Terminal session:
To enable autocompletion in bash, run the following command and restart the Terminal session:
```bash
echo "source /Applications/Microsoft\ Defender\ ATP.app/Contents/Resources/Tools/mdatp_completion.bash" >> ~/.bash_profile
```
To enable autocompletion in `zsh`:
To enable autocompletion in zsh:
- Check whether autocompletion is enabled on your device:
@ -131,7 +131,7 @@ To enable autocompletion in `zsh`:
cat ~/.zshrc | grep autoload
```
- If the above command does not produce any output, you can enable autocompletion using the following command:
- If the preceding command does not produce any output, you can enable autocompletion using the following command:
```zsh
echo "autoload -Uz compinit && compinit" >> ~/.zshrc
@ -152,4 +152,4 @@ To enable autocompletion in `zsh`:
## Microsoft Defender for Endpoint portal information
[This blog](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/edr-capabilities-for-macos-have-now-arrived/ba-p/1047801) provides detailed guidance on what to expect in Microsoft Defender for Endpoint Security Center.
[EDR capabilities for macOS have now arrived](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/edr-capabilities-for-macos-have-now-arrived/ba-p/1047801), on the Microsoft Defender for Endpoint blog, provides detailed guidance on what to expect in Microsoft Defender for Endpoint Security Center.

9
windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
View File

@ -27,10 +27,17 @@ ms.topic: conceptual
> On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [this page](mac-sysext-policies.md).
> [!IMPORTANT]
> With the agent version 101.13.75+, we released a change that removed conditions when Microsoft Defender for Endpoint was triggering the macOS Big Sur bug that manifests into a kernel panic. With that change Defender code path should no longer directly facilitate the kernel panic.
> Support for macOS 10.13 (High Sierra) will be discontinued on February 15th, 2021.
## 101.15.26
- Improved the reliability of the agent when running on macOS 11 Big Sur
- Added a new command-line switch (`--ignore-exclusions`) to ignore AV exclusions during custom scans (`mdatp scan custom`)
- Performance improvements & bug fixes
## 101.13.75
- Removed conditions when Microsoft Defender for Endpoint was triggering a macOS 11 (Big Sur) bug that manifests into a kernel panic
- Fixed a memory leak in the Endpoint Security system extension when running on mac 11 (Big Sur)
- Bug fixes

14
windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
View File

@ -66,12 +66,12 @@ There are several methods and deployment tools that you can use to install and c
The three most recent major releases of macOS are supported.
> [!IMPORTANT]
> On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [this page](mac-sysext-policies.md).
> On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [New configuration profiles for macOS Catalina and newer versions of macOS](mac-sysext-policies.md).
> [!IMPORTANT]
> With the agent version 101.13.75+, we released a change that removed conditions when Microsoft Defender for Endpoint was triggering the macOS Big Sur bug that manifests into a kernel panic. With that change Defender code path should no longer directly facilitate the kernel panic.
> Support for macOS 10.13 (High Sierra) will be discontinued on February 15th, 2021.
- 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra)
- 11 (Big Sur), 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra)
- Disk space: 1GB
Beta versions of macOS are not supported.
@ -98,7 +98,7 @@ The following downloadable spreadsheet lists the services and their associated U
|**Spreadsheet of domains list**|**Description**|
|:-----|:-----|
|![Thumb image for Microsoft Defender for Endpoint URLs spreadsheet](images/mdatp-urls.png)<br/> | Spreadsheet of specific DNS records for service locations, geographic locations, and OS. <br><br>[Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)
|![Thumb image for Microsoft Defender for Endpoint URLs spreadsheet](images/mdatp-urls.png)<br/> | Spreadsheet of specific DNS records for service locations, geographic locations, and OS. <br><br>Download the spreadsheet here: [mdatp-urls.xlsx](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx).
Microsoft Defender for Endpoint can discover a proxy server by using the following discovery methods:
- Proxy autoconfig (PAC)
@ -144,10 +144,10 @@ Guidance for how to configure the product in enterprise environments is availabl
## macOS kernel and system extensions
In alignment with macOS evolution, we are preparing a Microsoft Defender for Endpoint for Mac update that leverages system extensions instead of kernel extensions. Visit [What's new in Microsoft Defender for Endpoint for Mac](mac-whatsnew.md) for relevant details.
In alignment with macOS evolution, we are preparing a Microsoft Defender for Endpoint for Mac update that leverages system extensions instead of kernel extensions. For relevant details, see [What's new in Microsoft Defender for Endpoint for Mac](mac-whatsnew.md).
## Resources
- For more information about logging, uninstalling, or other topics, see the [Resources](mac-resources.md) page.
- For more information about logging, uninstalling, or other topics, see [Resources for Microsoft Defender for Endpoint for Mac](mac-resources.md).
- [Privacy for Microsoft Defender for Endpoint for Mac](mac-privacy.md)
- [Privacy for Microsoft Defender for Endpoint for Mac](mac-privacy.md).