diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md index 7367f5ccb6..c82f6bfdb6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md @@ -30,36 +30,31 @@ If you can reproduce a problem, increase the logging level, run the system for s 1. Increase logging level: ```bash - mdatp --log-level verbose + mdatp log level set --level verbose ``` ```Output - Creating connection to daemon - Connection established - Operation succeeded + Log level configured successfully ``` 2. Reproduce the problem -3. Run `sudo mdatp --diagnostic --create` to back up Microsoft Defender ATP's logs. The files will be stored inside a .zip archive. This command will also print out the file path to the backup after the operation succeeds. +3. Run `sudo mdatp diagnostic create` to back up Microsoft Defender ATP's logs. The files will be stored inside a .zip archive. This command will also print out the file path to the backup after the operation succeeds. ```bash - sudo mdatp --diagnostic --create + sudo mdatp diagnostic create ``` ```Output - Creating connection to daemon - Connection established + Diagnostic file created: "/Library/Application Support/Microsoft/Defender/wdavdiag/932e68a8-8f2e-4ad0-a7f2-65eb97c0de01.zip" ``` 4. Restore logging level: ```bash - mdatp --log-level info + mdatp log level set --level info ``` ```Output - Creating connection to daemon - Connection established - Operation succeeded + Log level configured successfully ``` ## Logging installation issues @@ -85,30 +80,32 @@ There are several ways to uninstall Microsoft Defender ATP for Mac. Note that wh Important tasks, such as controlling product settings and triggering on-demand scans, can be done from the command line: -|Group |Scenario |Command | -|-------------|-------------------------------------------|-----------------------------------------------------------------------| -|Configuration|Turn on/off real-time protection |`mdatp --config realTimeProtectionEnabled [true/false]` | -|Configuration|Turn on/off cloud protection |`mdatp --config cloudEnabled [true/false]` | -|Configuration|Turn on/off product diagnostics |`mdatp --config cloudDiagnosticEnabled [true/false]` | -|Configuration|Turn on/off automatic sample submission |`mdatp --config cloudAutomaticSampleSubmission [true/false]` | -|Configuration|Add a threat name to the allowed list |`mdatp threat allowed add --name [threat-name]` | -|Configuration|Remove a threat name from the allowed list |`mdatp threat allowed remove --name [threat-name]` | -|Configuration|List all allowed threat names |`mdatp threat allowed list` | -|Configuration|Turn on PUA protection |`mdatp --threat --type-handling potentially_unwanted_application block`| -|Configuration|Turn off PUA protection |`mdatp --threat --type-handling potentially_unwanted_application off` | -|Configuration|Turn on audit mode for PUA protection |`mdatp --threat --type-handling potentially_unwanted_application audit`| -|Configuration|Turn on/off passiveMode |`mdatp --config passiveMode [on/off]` | -|Diagnostics |Change the log level |`mdatp --log-level [error/warning/info/verbose]` | -|Diagnostics |Generate diagnostic logs |`mdatp --diagnostic --create` | -|Health |Check the product's health |`mdatp --health` | -|Protection |Scan a path |`mdatp --scan --path [path]` | -|Protection |Do a quick scan |`mdatp --scan --quick` | -|Protection |Do a full scan |`mdatp --scan --full` | -|Protection |Cancel an ongoing on-demand scan |`mdatp --scan --cancel` | -|Protection |Request a security intelligence update |`mdatp --definition-update` | -|EDR |Turn on/off EDR preview for Mac |`mdatp --edr --early-preview [true/false]` OR `mdatp --edr --earlyPreview [true/false]` for versions earlier than 100.78.0 | -|EDR |Add group tag to device. EDR tags are used for managing device groups. For more information, please visit https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups |`mdatp --edr --set-tag GROUP [name]` | -|EDR |Remove group tag from device |`mdatp --edr --remove-tag [name]` | +|Group |Scenario |Command | +|-------------|-------------------------------------------|----------------------------------------------------------------------------------| +|Configuration|Turn on/off real-time protection |`mdatp config real-time-protection [enabled/disabled]` | +|Configuration|Turn on/off cloud protection |`mdatp config cloud --value [enabled/disabled]` | +|Configuration|Turn on/off product diagnostics |`mdatp config cloud-diagnostic --value [enabled/disabled]` | +|Configuration|Turn on/off automatic sample submission |`mdatp config cloud-automatic-sample-submission --value [enabled/disabled]` | +|Configuration|Add a threat name to the allowed list |`mdatp threat allowed add --name [threat-name]` | +|Configuration|Remove a threat name from the allowed list |`mdatp threat allowed remove --name [threat-name]` | +|Configuration|List all allowed threat names |`mdatp threat allowed list` | +|Configuration|Turn on PUA protection |`mdatp threat policy set --type potentially_unwanted_application -- action block` | +|Configuration|Turn off PUA protection |`mdatp threat policy set --type potentially_unwanted_application -- action off` | +|Configuration|Turn on audit mode for PUA protection |`mdatp threat policy set --type potentially_unwanted_application -- action audit` | +|Configuration|Turn on/off passiveMode |`mdatp config passive-mode --value enabled [enabled/disabled]` | +|Diagnostics |Change the log level |`mdatp log level set --level [error/warning/info/verbose]` | +|Diagnostics |Generate diagnostic logs |`mdatp diagnostic create` | +|Health |Check the product's health |`mdatp health` | +|Health |Check for a spefic product attribute |`mdatp health --field [attribute: healthy/licensed/engine_version...]` | +|Protection |Scan a path |`mdatp scan custom --path [path]` | +|Protection |Do a quick scan |`mdatp scan quick` | +|Protection |Do a full scan |`mdatp scan full` | +|Protection |Cancel an ongoing on-demand scan |`mdatp scan cancel` | +|Protection |Request a security intelligence update |`mdatp definitions update` | +|EDR |Turn on/off EDR preview for Mac |`mdatp edr early-preview [enabled/disabled]` | +|EDR |Add group tag to device. EDR tags are used for managing device groups. For more information, please visit https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups |`mdatp edr tag set --name GROUP --value [name]` | +|EDR |Remove group tag from device |`mdatp edr tag remove --tag-name [name]` | +|EDR |Add Group Id |`mdatp edr group-ids --group-id [group]` | ### How to enable autocompletion