From d83d8992d6640578c6f95c3250ed9a5d1f4ced61 Mon Sep 17 00:00:00 2001 From: schmurky Date: Tue, 11 Aug 2020 14:59:42 +0800 Subject: [PATCH 1/2] Update mac-support-kext.md --- .../mac-support-kext.md | 30 ++++++++++++------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md index 650b67011f..5576457042 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md @@ -35,6 +35,8 @@ You can also run ```mdatp --health```. It reports if real-time protection is ena ```bash mdatp --health +``` +```Output ... realTimeProtectionAvailable : false realTimeProtectionEnabled : true @@ -64,6 +66,9 @@ In this case, you need to perform the following steps to trigger the approval fl ```bash sudo kextutil /Library/Extensions/wdavkext.kext + ``` + + ```Output Kext rejected due to system policy: { URL = "file:///Library/StagedExtensions/Library/Extensions/wdavkext.kext/", ID = "com.microsoft.wdavkext" } Kext rejected due to system policy: { URL = "file:///Library/StagedExtensions/Library/Extensions/wdavkext.kext/", ID = "com.microsoft.wdavkext" } Diagnostics for /Library/Extensions/wdavkext.kext: @@ -75,16 +80,19 @@ In this case, you need to perform the following steps to trigger the approval fl 4. In Terminal, install the driver again. This time the operation will succeed: -```bash -sudo kextutil /Library/Extensions/wdavkext.kext -``` + ```bash + sudo kextutil /Library/Extensions/wdavkext.kext + ``` -The banner should disappear from the Defender application, and ```mdatp --health``` should now report that real-time protection is both enabled and available: + The banner should disappear from the Defender application, and ```mdatp --health``` should now report that real-time protection is both enabled and available: -```bash -mdatp --health -... -realTimeProtectionAvailable : true -realTimeProtectionEnabled : true -... -``` \ No newline at end of file + ```bash + mdatp --health + ``` + + ```Output + ... + realTimeProtectionAvailable : true + realTimeProtectionEnabled : true + ... + ``` \ No newline at end of file From a0668ff87c24feef514148d41a27f503806f460e Mon Sep 17 00:00:00 2001 From: schmurky Date: Tue, 11 Aug 2020 15:04:06 +0800 Subject: [PATCH 2/2] Update mac-support-kext.md --- .../microsoft-defender-atp/mac-support-kext.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md index 5576457042..e8edd981e3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md @@ -23,15 +23,15 @@ ms.topic: conceptual - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md) -This topic provides information on how to troubleshoot issues with the kernel extension that is installed as part of Microsoft Defender ATP for Mac. +This article provides information on how to troubleshoot issues with the kernel extension that is installed as part of Microsoft Defender ATP for Mac. Starting with macOS High Sierra (10.13), macOS requires all kernel extensions to be explicitly approved before they are allowed to run on the device. -If you did not approve the kernel extension during the deployment / installation of Microsoft Defender ATP for Mac, then the application displays a banner prompting you to enable it: +If you did not approve the kernel extension during the deployment/installation of Microsoft Defender ATP for Mac, the application displays a banner prompting you to enable it: ![RTP disabled screenshot](../microsoft-defender-antivirus/images/MDATP-32-Main-App-Fix.png) -You can also run ```mdatp --health```. It reports if real-time protection is enabled but not available. This is an indication that the kernel extension is not approved to run on your device. +You can also run ```mdatp --health```. It reports if real-time protection is enabled but not available. This indicates that the kernel extension is not approved to run on your device. ```bash mdatp --health @@ -62,7 +62,7 @@ If you don't see this prompt, it means that 30 or more minutes have passed, and In this case, you need to perform the following steps to trigger the approval flow again. -1. In Terminal, attempt to install the driver. The following operation will fail, because the kernel extension was not approved to run on the device, however it will trigger the approval flow again. +1. In Terminal, attempt to install the driver. The following operation will fail, because the kernel extension was not approved to run on the device. However, it will trigger the approval flow again. ```bash sudo kextutil /Library/Extensions/wdavkext.kext