Merge pull request #8848 from konstruktoid/ISSUE8760

add info about the allowedThreats option

windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md

@@ -161,6 +161,7 @@ In order to preview new features and provide early feedback, it is recommended t
     ```bash
     sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-[channel].list
     ```
+
     For example, if you chose *prod* channel:
     
     ```bash
@@ -346,6 +347,8 @@ Download the onboarding package from Microsoft Defender Security Center:
         mdatp threat list
         ```
 
+    If the test file isn't detected and quarantined, it might be labeled as an allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md).
+
 ## Installer script
 
 Alternatively, you can use an automated [installer bash script](https://github.com/microsoft/mdatp-xplat/blob/master/linux/installation/mde_installer.sh) provided in our [public GitHub repository](https://github.com/microsoft/mdatp-xplat/).

windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md

@@ -257,6 +257,30 @@ Now run the tasks files under `/etc/ansible/playbooks/` or relevant directory.
     ansible-playbook /etc/ansible/playbooks/uninstall_mdatp.yml -i /etc/ansible/hosts
     ```
 
+## Testing
+
+Run a detection test to verify that the device is properly onboarded and reporting to the service. Perform the following steps on a newly onboarded device:
+
+- Ensure that real-time protection is enabled (denoted by a result of `1` from running the following command):
+
+    ```bash
+    mdatp health --field real_time_protection_enabled
+    ```
+
+- Open a Terminal window. Copy and execute the following command:
+
+    ```bash
+    curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt
+    ```
+
+- The file should have been quarantined by Defender for Endpoint for Linux. Use the following command to list all the detected threats:
+
+    ```bash
+    mdatp threat list
+    ```
+
+If the test file isn't detected and quarantined, it might be labeled as an allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md).
+
 ## Log installation issues
 
 See [Log installation issues](linux-resources.md#log-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs.

windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md

@@ -228,6 +228,30 @@ If the product is not healthy, the exit code (which can be checked through `echo
 - 1 if the device isn't onboarded yet.
 - 3 if the connection to the daemon cannot be established.
 
+## Testing
+
+Run a detection test to verify that the device is properly onboarded and reporting to the service. Perform the following steps on a newly onboarded device:
+
+- Ensure that real-time protection is enabled (denoted by a result of `1` from running the following command):
+
+    ```bash
+    mdatp health --field real_time_protection_enabled
+    ```
+
+- Open a Terminal window. Copy and execute the following command:
+
+    ```bash
+    curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt
+    ```
+
+- The file should have been quarantined by Defender for Endpoint for Linux. Use the following command to list all the detected threats:
+
+    ```bash
+    mdatp threat list
+    ```
+
+If the test file isn't detected and quarantined, it might be labeled as an allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md).
+
 ## Log installation issues
 
 For more information on how to find the automatically generated log that is created by the installer when an error occurs, see [Log installation issues](linux-resources.md#log-installation-issues).