diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md index e017a9cca2..eece58b177 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md @@ -161,6 +161,7 @@ In order to preview new features and provide early feedback, it is recommended t ```bash sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-[channel].list ``` + For example, if you chose *prod* channel: ```bash @@ -346,6 +347,8 @@ Download the onboarding package from Microsoft Defender Security Center: mdatp threat list ``` + If the test file isn't detected and quarantined, it might be labeled as an allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md). + ## Installer script Alternatively, you can use an automated [installer bash script](https://github.com/microsoft/mdatp-xplat/blob/master/linux/installation/mde_installer.sh) provided in our [public GitHub repository](https://github.com/microsoft/mdatp-xplat/). diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md index 111a241a5c..a226495d3e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md @@ -257,6 +257,30 @@ Now run the tasks files under `/etc/ansible/playbooks/` or relevant directory. ansible-playbook /etc/ansible/playbooks/uninstall_mdatp.yml -i /etc/ansible/hosts ``` +## Testing + +Run a detection test to verify that the device is properly onboarded and reporting to the service. Perform the following steps on a newly onboarded device: + +- Ensure that real-time protection is enabled (denoted by a result of `1` from running the following command): + + ```bash + mdatp health --field real_time_protection_enabled + ``` + +- Open a Terminal window. Copy and execute the following command: + + ```bash + curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt + ``` + +- The file should have been quarantined by Defender for Endpoint for Linux. Use the following command to list all the detected threats: + + ```bash + mdatp threat list + ``` + +If the test file isn't detected and quarantined, it might be labeled as an allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md). + ## Log installation issues See [Log installation issues](linux-resources.md#log-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md index f3363b34dd..c9005d568a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md @@ -55,7 +55,7 @@ Download the onboarding package from Microsoft Defender Security Center: ![Microsoft Defender Security Center screenshot](images/atp-portal-onboarding-linux-2.png) -4. From a command prompt, verify that you have the file. +4. From a command prompt, verify that you have the file. ```bash ls -l @@ -228,9 +228,33 @@ If the product is not healthy, the exit code (which can be checked through `echo - 1 if the device isn't onboarded yet. - 3 if the connection to the daemon cannot be established. +## Testing + +Run a detection test to verify that the device is properly onboarded and reporting to the service. Perform the following steps on a newly onboarded device: + +- Ensure that real-time protection is enabled (denoted by a result of `1` from running the following command): + + ```bash + mdatp health --field real_time_protection_enabled + ``` + +- Open a Terminal window. Copy and execute the following command: + + ```bash + curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt + ``` + +- The file should have been quarantined by Defender for Endpoint for Linux. Use the following command to list all the detected threats: + + ```bash + mdatp threat list + ``` + +If the test file isn't detected and quarantined, it might be labeled as an allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md). + ## Log installation issues - For more information on how to find the automatically generated log that is created by the installer when an error occurs, see [Log installation issues](linux-resources.md#log-installation-issues). +For more information on how to find the automatically generated log that is created by the installer when an error occurs, see [Log installation issues](linux-resources.md#log-installation-issues). ## Operating system upgrades