deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 12:53:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #8848 from konstruktoid/ISSUE8760

Browse Source 
add info about the allowedThreats option
This commit is contained in:
Kateyanne
2021-02-19 14:11:23 -08:00
committed by GitHub
parent 850bf3cc58 ab65d330ca
commit bff9148863
3 changed files with 53 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md
View File

@ -161,6 +161,7 @@ In order to preview new features and provide early feedback, it is recommended t
```bash ```bash
sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-[channel].list sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-[channel].list
``` ```
For example, if you chose *prod* channel: For example, if you chose *prod* channel:
```bash ```bash
@ -346,6 +347,8 @@ Download the onboarding package from Microsoft Defender Security Center:
mdatp threat list mdatp threat list
``` ```
If the test file isn't detected and quarantined, it might be labeled as an allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md).
## Installer script ## Installer script
Alternatively, you can use an automated [installer bash script](https://github.com/microsoft/mdatp-xplat/blob/master/linux/installation/mde_installer.sh) provided in our [public GitHub repository](https://github.com/microsoft/mdatp-xplat/). Alternatively, you can use an automated [installer bash script](https://github.com/microsoft/mdatp-xplat/blob/master/linux/installation/mde_installer.sh) provided in our [public GitHub repository](https://github.com/microsoft/mdatp-xplat/).

24
windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md
View File

@ -257,6 +257,30 @@ Now run the tasks files under `/etc/ansible/playbooks/` or relevant directory.
ansible-playbook /etc/ansible/playbooks/uninstall_mdatp.yml -i /etc/ansible/hosts ansible-playbook /etc/ansible/playbooks/uninstall_mdatp.yml -i /etc/ansible/hosts
``` ```
## Testing
Run a detection test to verify that the device is properly onboarded and reporting to the service. Perform the following steps on a newly onboarded device:
- Ensure that real-time protection is enabled (denoted by a result of `1` from running the following command):
```bash
mdatp health --field real_time_protection_enabled
```
- Open a Terminal window. Copy and execute the following command:
```bash
curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt
```
- The file should have been quarantined by Defender for Endpoint for Linux. Use the following command to list all the detected threats:
```bash
mdatp threat list
```
If the test file isn't detected and quarantined, it might be labeled as an allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md).
## Log installation issues ## Log installation issues
See [Log installation issues](linux-resources.md#log-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. See [Log installation issues](linux-resources.md#log-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs.

24
windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md
View File

@ -228,6 +228,30 @@ If the product is not healthy, the exit code (which can be checked through `echo
- 1 if the device isn't onboarded yet. - 1 if the device isn't onboarded yet.
- 3 if the connection to the daemon cannot be established. - 3 if the connection to the daemon cannot be established.
## Testing
Run a detection test to verify that the device is properly onboarded and reporting to the service. Perform the following steps on a newly onboarded device:
- Ensure that real-time protection is enabled (denoted by a result of `1` from running the following command):
```bash
mdatp health --field real_time_protection_enabled
```
- Open a Terminal window. Copy and execute the following command:
```bash
curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt
```
- The file should have been quarantined by Defender for Endpoint for Linux. Use the following command to list all the detected threats:
```bash
mdatp threat list
```
If the test file isn't detected and quarantined, it might be labeled as an allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md).
## Log installation issues ## Log installation issues
For more information on how to find the automatically generated log that is created by the installer when an error occurs, see [Log installation issues](linux-resources.md#log-installation-issues). For more information on how to find the automatically generated log that is created by the installer when an error occurs, see [Log installation issues](linux-resources.md#log-installation-issues).