From 99c8133f12c3fc863befe23dfca6e345264ca8cc Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Thu, 3 Dec 2020 10:48:24 -0800 Subject: [PATCH 1/3] Add release notes for 101.15.26 --- .../microsoft-defender-atp/mac-resources.md | 4 ++-- .../microsoft-defender-atp/mac-whatsnew.md | 9 ++++++++- .../microsoft-defender-atp/microsoft-defender-atp-mac.md | 4 ++-- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md index c6833b26ec..09df67acc4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md @@ -102,10 +102,10 @@ Important tasks, such as controlling product settings and triggering on-demand s |Configuration|Turn on audit mode for PUA protection |`mdatp threat policy set --type potentially_unwanted_application -- action audit` | |Configuration|Turn on/off passiveMode |`mdatp config passive-mode --value enabled [enabled/disabled]` | |Diagnostics |Change the log level |`mdatp log level set --level [error/warning/info/verbose]` | -|Diagnostics |Generate diagnostic logs |`mdatp diagnostic create --path [directory]` | +|Diagnostics |Generate diagnostic logs |`mdatp diagnostic create --path [directory]` | |Health |Check the product's health |`mdatp health` | |Health |Check for a spefic product attribute |`mdatp health --field [attribute: healthy/licensed/engine_version...]` | -|Protection |Scan a path |`mdatp scan custom --path [path]` | +|Protection |Scan a path |`mdatp scan custom --path [path] [--ignore-exclusions]` | |Protection |Do a quick scan |`mdatp scan quick` | |Protection |Do a full scan |`mdatp scan full` | |Protection |Cancel an ongoing on-demand scan |`mdatp scan cancel` | diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md index 336b9f1519..692a50914e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md @@ -27,10 +27,17 @@ ms.topic: conceptual > On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [this page](mac-sysext-policies.md). > [!IMPORTANT] -> With the agent version 101.13.75+, we released a change that removed conditions when Microsoft Defender for Endpoint was triggering the macOS Big Sur bug that manifests into a kernel panic. With that change Defender code path should no longer directly facilitate the kernel panic. +> Support for macOS 10.13 (High Sierra) will be discontinued on February 15th, 2021. + +## 101.15.26 + +- Improved the reliability of the agent when running on macOS 11 Big Sur +- Added a new command-line switch (`--ignore-exclusions`) to ignore AV exclusions during custom scans (`mdatp scan custom`) +- Performance improvements & bug fixes ## 101.13.75 +- Removed conditions when Microsoft Defender for Endpoint was triggering a macOS 11 (Big Sur) bug that manifests into a kernel panic - Fixed a memory leak in the Endpoint Security system extension when running on mac 11 (Big Sur) - Bug fixes diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md index e09cef38f1..f6e8c81c4d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md @@ -69,9 +69,9 @@ The three most recent major releases of macOS are supported. > On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [this page](mac-sysext-policies.md). > [!IMPORTANT] -> With the agent version 101.13.75+, we released a change that removed conditions when Microsoft Defender for Endpoint was triggering the macOS Big Sur bug that manifests into a kernel panic. With that change Defender code path should no longer directly facilitate the kernel panic. +> Support for macOS 10.13 (High Sierra) will be discontinued on February 15th, 2021. -- 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra) +- 11 (Big Sur), 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra) - Disk space: 1GB Beta versions of macOS are not supported. From d6046e5ab193e068fff46043dfbb741606cedeb5 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 3 Dec 2020 17:13:14 -0800 Subject: [PATCH 2/3] Corrected layout --- .../microsoft-defender-atp/mac-resources.md | 12 ++++++------ .../microsoft-defender-atp-mac.md | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md index 09df67acc4..e87077b592 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md @@ -46,13 +46,13 @@ If you can reproduce a problem, increase the logging level, run the system for s 3. Run `sudo mdatp diagnostic create` to back up the Microsoft Defender for Endpoint logs. The files will be stored inside a .zip archive. This command will also print out the file path to the backup after the operation succeeds. - > [!TIP] - > By default, diagnostic logs are saved to `/Library/Application Support/Microsoft/Defender/wdavdiag/`. To change the directory where diagnostic logs are saved, pass `--path [directory]` to the below command, replacing `[directory]` with the desired directory. + > [!TIP] + > By default, diagnostic logs are saved to `/Library/Application Support/Microsoft/Defender/wdavdiag/`. To change the directory where diagnostic logs are saved, pass `--path [directory]` to the below command, replacing `[directory]` with the desired directory. ```bash sudo mdatp diagnostic create ``` - ```Output + ```console Diagnostic file created: "/Library/Application Support/Microsoft/Defender/wdavdiag/932e68a8-8f2e-4ad0-a7f2-65eb97c0de01.zip" ``` @@ -61,7 +61,7 @@ If you can reproduce a problem, increase the logging level, run the system for s ```bash mdatp log level set --level info ``` - ```Output + ```console Log level configured successfully ``` @@ -113,7 +113,7 @@ Important tasks, such as controlling product settings and triggering on-demand s |EDR |Turn on/off EDR preview for Mac |`mdatp edr early-preview [enabled/disabled]` | |EDR |Add group tag to device. EDR tags are used for managing device groups. For more information, please visit https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups |`mdatp edr tag set --name GROUP --value [name]` | |EDR |Remove group tag from device |`mdatp edr tag remove --tag-name [name]` | -|EDR |Add Group Id |`mdatp edr group-ids --group-id [group]` | +|EDR |Add Group ID |`mdatp edr group-ids --group-id [group]` | ### How to enable autocompletion @@ -131,7 +131,7 @@ To enable autocompletion in `zsh`: cat ~/.zshrc | grep autoload ``` -- If the above command does not produce any output, you can enable autocompletion using the following command: +- If the preceding command does not produce any output, you can enable autocompletion using the following command: ```zsh echo "autoload -Uz compinit && compinit" >> ~/.zshrc diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md index f6e8c81c4d..94b89b5cbc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md @@ -150,4 +150,4 @@ In alignment with macOS evolution, we are preparing a Microsoft Defender for End - For more information about logging, uninstalling, or other topics, see the [Resources](mac-resources.md) page. -- [Privacy for Microsoft Defender for Endpoint for Mac](mac-privacy.md) +- [Privacy for Microsoft Defender for Endpoint for Mac](mac-privacy.md). From 818bf7247a3d12338a81e215f27fc7ea033c4fdd Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 3 Dec 2020 17:50:12 -0800 Subject: [PATCH 3/3] Corrected presentation of links --- .../microsoft-defender-atp/mac-resources.md | 6 +++--- .../microsoft-defender-atp/microsoft-defender-atp-mac.md | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md index e87077b592..11549d3a62 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md @@ -117,13 +117,13 @@ Important tasks, such as controlling product settings and triggering on-demand s ### How to enable autocompletion -To enable autocompletion in `Bash`, run the following command and restart the Terminal session: +To enable autocompletion in bash, run the following command and restart the Terminal session: ```bash echo "source /Applications/Microsoft\ Defender\ ATP.app/Contents/Resources/Tools/mdatp_completion.bash" >> ~/.bash_profile ``` -To enable autocompletion in `zsh`: +To enable autocompletion in zsh: - Check whether autocompletion is enabled on your device: @@ -152,4 +152,4 @@ To enable autocompletion in `zsh`: ## Microsoft Defender for Endpoint portal information -[This blog](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/edr-capabilities-for-macos-have-now-arrived/ba-p/1047801) provides detailed guidance on what to expect in Microsoft Defender for Endpoint Security Center. +[EDR capabilities for macOS have now arrived](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/edr-capabilities-for-macos-have-now-arrived/ba-p/1047801), on the Microsoft Defender for Endpoint blog, provides detailed guidance on what to expect in Microsoft Defender for Endpoint Security Center. diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md index 94b89b5cbc..0ec7a8050c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md @@ -66,7 +66,7 @@ There are several methods and deployment tools that you can use to install and c The three most recent major releases of macOS are supported. > [!IMPORTANT] -> On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [this page](mac-sysext-policies.md). +> On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [New configuration profiles for macOS Catalina and newer versions of macOS](mac-sysext-policies.md). > [!IMPORTANT] > Support for macOS 10.13 (High Sierra) will be discontinued on February 15th, 2021. @@ -98,7 +98,7 @@ The following downloadable spreadsheet lists the services and their associated U |**Spreadsheet of domains list**|**Description**| |:-----|:-----| -|![Thumb image for Microsoft Defender for Endpoint URLs spreadsheet](images/mdatp-urls.png)
| Spreadsheet of specific DNS records for service locations, geographic locations, and OS.

[Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx) +|![Thumb image for Microsoft Defender for Endpoint URLs spreadsheet](images/mdatp-urls.png)
| Spreadsheet of specific DNS records for service locations, geographic locations, and OS.

Download the spreadsheet here: [mdatp-urls.xlsx](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx). Microsoft Defender for Endpoint can discover a proxy server by using the following discovery methods: - Proxy autoconfig (PAC) @@ -144,10 +144,10 @@ Guidance for how to configure the product in enterprise environments is availabl ## macOS kernel and system extensions -In alignment with macOS evolution, we are preparing a Microsoft Defender for Endpoint for Mac update that leverages system extensions instead of kernel extensions. Visit [What's new in Microsoft Defender for Endpoint for Mac](mac-whatsnew.md) for relevant details. +In alignment with macOS evolution, we are preparing a Microsoft Defender for Endpoint for Mac update that leverages system extensions instead of kernel extensions. For relevant details, see [What's new in Microsoft Defender for Endpoint for Mac](mac-whatsnew.md). ## Resources -- For more information about logging, uninstalling, or other topics, see the [Resources](mac-resources.md) page. +- For more information about logging, uninstalling, or other topics, see [Resources for Microsoft Defender for Endpoint for Mac](mac-resources.md). - [Privacy for Microsoft Defender for Endpoint for Mac](mac-privacy.md).