diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md index 27b3a8f924..82e53c1ff4 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md @@ -114,32 +114,14 @@ After installation, you'll see the Microsoft Defender icon in the macOS status b ![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png) -## Configuring from the command line +## Test alert -Important tasks, such as controlling product settings and triggering on-demand scans, can be done from the command line: +Run in Terminal the following command. It will download [a harmless file](https://en.wikipedia.org/wiki/EICAR_test_file) which will trigger a test detection. + + ```bash + curl -o ~/Downloads/eicar.com.txt http://www.eicar.org/download/eicar.com.txt + ``` -|Group |Scenario |Command | -|-------------|-------------------------------------------|-----------------------------------------------------------------------| -|Configuration|Turn on/off real-time protection |`mdatp config --rtp [true/false]` | -|Configuration|Turn on/off cloud protection |`mdatp config --cloud [true/false]` | -|Configuration|Turn on/off product diagnostics |`mdatp config --diagnostic [true/false]` | -|Configuration|Turn on/off automatic sample submission |`mdatp config --sample-submission [true/false]` | -|Configuration|Turn on PUA protection |`mdatp threat --type-handling --potentially_unwanted_application block`| -|Configuration|Turn off PUA protection |`mdatp threat --type-handling --potentially_unwanted_application off` | -|Configuration|Turn on audit mode for PUA protection |`mdatp threat --type-handling --potentially_unwanted_application audit`| -|Diagnostics |Change the log level |`mdatp log-level --[error/warning/info/verbose]` | -|Diagnostics |Generate diagnostic logs |`mdatp --diagnostic` | -|Health |Check the product's health |`mdatp --health` | -|Protection |Scan a path |`mdatp scan --path [path]` | -|Protection |Do a quick scan |`mdatp scan --quick` | -|Protection |Do a full scan |`mdatp scan --full` | -|Protection |Cancel an ongoing on-demand scan |`mdatp scan --cancel` | -|Protection |Request a definition update |`mdatp --signature-update` | +You will get a "Threats found" notification, you can inspect threat's details in the Protection history. -## Logging installation issues - -See [Logging installation issues](microsoft-defender-atp-mac-resources#Logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. - -## Uninstallation - -See [Uninstalling](microsoft-defender-atp-mac-resources#Uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices. \ No newline at end of file +Soon after that you'll get an alert in the ATP Portal. diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md index 8af90fded1..6cfc85694d 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md @@ -164,6 +164,18 @@ After Intune changes are propagated to the enrolled machines, you'll see it on t ![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png) +## Test alert + +Run in Terminal the following command. It will download [a harmless file](https://en.wikipedia.org/wiki/EICAR_test_file) which will trigger a test detection. + + ```bash + curl -o ~/Downloads/eicar.com.txt http://www.eicar.org/download/eicar.com.txt + ``` + +You will get a "Threats found" notification, you can inspect threat's details in the Protection history. + +Soon after that you'll get an alert in the ATP Portal. + ## Logging installation issues See [Logging installation issues](microsoft-defender-atp-mac-resources#Logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md index 8837b3bcc5..b2df2ab85f 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md @@ -199,6 +199,18 @@ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py | This script returns 0 if Microsoft Defender ATP is registered with the Windows Defender ATP service, and another exit code if it is not installed or registered. +## Test alert + +Run in Terminal the following command. It will download [a harmless file](https://en.wikipedia.org/wiki/EICAR_test_file) which will trigger a test detection. + + ```bash + curl -o ~/Downloads/eicar.com.txt http://www.eicar.org/download/eicar.com.txt + ``` + +You will get a "Threats found" notification, you can inspect threat's details in the Protection history. + +Soon after that you'll get an alert in the ATP Portal. + ## Logging installation issues See [Logging installation issues](microsoft-defender-atp-mac-resources#Logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md index 09a4dcceae..03532ddfb4 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md @@ -36,9 +36,7 @@ If you can reproduce a problem, please increase the logging level, run the syste 1) Increase logging level: ```bash - mavel-mojave:~ testuser$ mdatp log-level --verbose - Creating connection to daemon - Connection established + mavel-mojave:~ testuser$ mdatp --log-level verbose Operation succeeded ``` @@ -47,21 +45,40 @@ If you can reproduce a problem, please increase the logging level, run the syste 3) Run `mdatp --diagnostic` to backup Defender ATP's logs. The command will print out location with generated zip file. ```bash - mavel-mojave:~ testuser$ mdatp --diagnostic - Creating connection to daemon - Connection established + mavel-mojave:~ testuser$ mdatp --diagnostic --create "/Library/Application Support/Microsoft/Defender/wdavdiag/d85e7032-adf8-434a-95aa-ad1d450b9a2f.zip" ``` 4) Restore logging level: ```bash - mavel-mojave:~ testuser$ mdatp log-level --info - Creating connection to daemon - Connection established + mavel-mojave:~ testuser$ mdatp --log-level info Operation succeeded ``` +## Managing from the command line + +Important tasks, such as controlling product settings and triggering on-demand scans, can be done from the command line: + +|Group |Scenario |Command | +|-------------|-------------------------------------------|-----------------------------------------------------------------------| +|Configuration|Turn on/off real-time protection |`mdatp --config rtp [true/false]` | +|Configuration|Turn on/off cloud protection |`mdatp --config cloud [true/false]` | +|Configuration|Turn on/off product diagnostics |`mdatp --config diagnostic [true/false]` | +|Configuration|Turn on/off automatic sample submission |`mdatp --config sample-submission [true/false]` | +|Configuration|Turn on PUA protection |`mdatp --threat --type-handling potentially_unwanted_application block`| +|Configuration|Turn off PUA protection |`mdatp --threat --type-handling potentially_unwanted_application off` | +|Configuration|Turn on audit mode for PUA protection |`mdatp --threat --type-handling potentially_unwanted_application audit`| +|Diagnostics |Change the log level |`mdatp --log-level [error/warning/info/verbose]` | +|Diagnostics |Generate diagnostic logs |`mdatp --diagnostic --create` | +|Health |Check the product's health |`mdatp --health` | +|Health |Prints a single health metric |`mdatp --health [metric]` | +|Protection |Scan a path |`mdatp --scan --path [path]` | +|Protection |Do a quick scan |`mdatp --scan --quick` | +|Protection |Do a full scan |`mdatp --scan --full` | +|Protection |Cancel an ongoing on-demand scan |`mdatp --scan --cancel` | +|Protection |Request a definition update |`mdatp --definition-update` | + ## Logging installation issues If an error occurs during installation, the installer will only report a general failure.