diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md index ef0797f456..a8aa943686 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md @@ -64,7 +64,7 @@ For more information on how to configure exclusions from Puppet, Ansible, or ano Run the following command to see the available switches for managing exclusions: ```bash -$ mdatp --exclusion +$ mdatp exclusion ``` Examples: @@ -72,29 +72,29 @@ Examples: - Add an exclusion for a file extension: ```bash - $ mdatp --exclusion --add-extension .txt - Configuration updated successfully + $ mdatp exclusion extension add --name .txt + Extension exclusion configured successfully ``` - Add an exclusion for a file: ```bash - $ mdatp --exclusion --add-folder /var/log/dummy.log - Configuration updated successfully + $ mdatp exclusion file add --path /var/log/dummy.log + File exclusion configured successfully ``` - Add an exclusion for a folder: ```bash - $ mdatp --exclusion --add-folder /var/log/ - Configuration updated successfully + $ mdatp exclusion folder add --path /var/log/ + Folder exclusion configured successfully ``` - Add an exclusion for a process: ```bash - $ mdatp --exclusion --add-process cat - Configuration updated successfully + $ mdatp exclusion process add --name cat + Process exclusion configured successfully ``` ## Validate exclusions lists with the EICAR test file diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md index 31656eeae6..702afa998e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md @@ -268,7 +268,7 @@ Download the onboarding package from Microsoft Defender Security Center: Initially the client machine is not associated with an organization. Note that the *orgId* attribute is blank: ```bash - mdatp --health orgId + mdatp health --field org_id ``` 2. Run MicrosoftDefenderATPOnboardingLinuxServer.py, and note that, in order to run this command, you must have `python` installed on the device: @@ -280,13 +280,13 @@ Download the onboarding package from Microsoft Defender Security Center: 3. Verify that the machine is now associated with your organization and reports a valid organization identifier: ```bash - mdatp --health orgId + mdatp health --field org_id ``` 4. A few minutes after you complete the installation, you can see the status by running the following command. A return value of `1` denotes that the product is functioning as expected: ```bash - mdatp --health healthy + mdatp health --field healthy ``` > [!IMPORTANT] @@ -298,7 +298,7 @@ Download the onboarding package from Microsoft Defender Security Center: - Ensure that real-time protection is enabled (denoted by a result of `1` from running the following command): ```bash - mdatp --health realTimeProtectionEnabled + mdatp health --field real_time_protection_enabled ``` - Open a Terminal window. Copy and execute the following command: @@ -310,7 +310,7 @@ Download the onboarding package from Microsoft Defender Security Center: - The file should have been quarantined by Microsoft Defender ATP for Linux. Use the following command to list all the detected threats: ```bash - mdatp --threat --list --pretty + mdatp threat list ``` ## Log installation issues diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md index 34b6be737e..2227ba8f15 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md @@ -241,8 +241,8 @@ Now run the tasks files under `/etc/ansible/playbooks/`. - Validation/configuration: ```bash - $ ansible -m shell -a 'mdatp --connectivity-test' all - $ ansible -m shell -a 'mdatp --health' all + $ ansible -m shell -a 'mdatp connectivity test' all + $ ansible -m shell -a 'mdatp health' all ``` - Uninstallation: diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md index 3914bf58e0..0db0c18a3a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md @@ -174,10 +174,10 @@ Enrolled agent devices periodically poll the Puppet Server, and install new conf On the agent machine, you can also check the onboarding status by running: ```bash -$ mdatp --health +$ mdatp health ... licensed : true -orgId : "[your organization identifier]" +org_id : "[your organization identifier]" ... ``` @@ -190,7 +190,7 @@ orgId : "[your organization identifier]" You can check that devices have been correctly onboarded by creating a script. For example, the following script checks enrolled devices for onboarding status: ```bash -mdatp --health healthy +mdatp health --field healthy ``` The above command prints `1` if the product is onboarded and functioning as expected. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md b/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md index b0cd02009a..415341d721 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md @@ -53,7 +53,7 @@ You can configure how PUA files are handled from the command line or from the ma In Terminal, execute the following command to configure PUA protection: ```bash -$ mdatp --threat --type-handling potentially_unwanted_application [off|audit|block] +$ mdatp threat policy set --type potentially_unwanted_application --action [off|audit|block] ``` ### Use the management console to configure PUA protection: diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md index adc92e7c31..7014bcacaa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md @@ -31,29 +31,24 @@ If you can reproduce a problem, please increase the logging level, run the syste 1. Increase logging level: ```bash - $ mdatp --log-level verbose - Creating connection to daemon - Connection established - Operation succeeded + $ mdatp log level set --level verbose + Log level configured successfully ``` 2. Reproduce the problem. -3. Run `sudo mdatp --diagnostic --create` to backup Microsoft Defender ATP's logs. The files will be stored inside of a .zip archive. This command will also print out the file path to the backup after the operation succeeds: +3. Run `sudo mdatp diagnostic create` to backup Microsoft Defender ATP's logs. The files will be stored inside of a .zip archive. This command will also print out the file path to the backup after the operation succeeds: ```bash - $ sudo mdatp --diagnostic --create - Creating connection to daemon - Connection established + $ sudo mdatp diagnostic create + Diagnostic file created: ``` 4. Restore logging level: ```bash - $ mdatp --log-level info - Creating connection to daemon - Connection established - Operation succeeded + $ mdatp log level set --level info + Log level configured successfully ``` ## Log installation issues @@ -78,21 +73,22 @@ Important tasks, such as controlling product settings and triggering on-demand s |Group |Scenario |Command | |-------------|-------------------------------------------|-----------------------------------------------------------------------| -|Configuration|Turn on/off real-time protection |`mdatp --config realTimeProtectionEnabled [true/false]` | -|Configuration|Turn on/off cloud protection |`mdatp --config cloudEnabled [true/false]` | -|Configuration|Turn on/off product diagnostics |`mdatp --config cloudDiagnosticEnabled [true/false]` | -|Configuration|Turn on/off automatic sample submission |`mdatp --config cloudAutomaticSampleSubmission [true/false]` | -|Configuration|Turn on PUA protection |`mdatp --threat --type-handling potentially_unwanted_application block`| -|Configuration|Turn off PUA protection |`mdatp --threat --type-handling potentially_unwanted_application off` | -|Configuration|Turn on audit mode for PUA protection |`mdatp --threat --type-handling potentially_unwanted_application audit`| -|Diagnostics |Change the log level |`mdatp --log-level [error/warning/info/verbose]` | -|Diagnostics |Generate diagnostic logs |`mdatp --diagnostic --create` | -|Health |Check the product's health |`mdatp --health` | -|Protection |Scan a path |`mdatp --scan --path [path]` | -|Protection |Do a quick scan |`mdatp --scan --quick` | -|Protection |Do a full scan |`mdatp --scan --full` | -|Protection |Cancel an ongoing on-demand scan |`mdatp --scan --cancel` | -|Protection |Request a security intelligence update |`mdatp --definition-update` | +|Configuration|Turn on/off real-time protection |`mdatp config real_time_protection --value [enabled|disabled]` | +|Configuration|Turn on/off cloud protection |`mdatp config cloud --value [enabled|disabled]` | +|Configuration|Turn on/off product diagnostics |`mdatp config cloud-diagnostic --value [enabled|disabled]` | +|Configuration|Turn on/off automatic sample submission |`mdatp config cloud-automatic-sample-submission [enabled|disabled]` | +|Configuration|Turn on/off AV passive mode |`mdatp config passive-mode [enabled|disabled]` | +|Configuration|Turn on PUA protection |`mdatp threat policy set --type potentially_unwanted_application --action block` | +|Configuration|Turn off PUA protection |`mdatp threat policy set --type potentially_unwanted_application --action off` | +|Configuration|Turn on audit mode for PUA protection |`mdatp threat policy set --type potentially_unwanted_application --action audit` | +|Diagnostics |Change the log level |`mdatp log level set --level verbose [error|warning|info|verbose]` | +|Diagnostics |Generate diagnostic logs |`mdatp diagnostic create` | +|Health |Check the product's health |`mdatp health` | +|Protection |Scan a path |`mdatp scan custom --path [path]` | +|Protection |Do a quick scan |`mdatp scan quick` | +|Protection |Do a full scan |`mdatp scan full` | +|Protection |Cancel an ongoing on-demand scan |`mdatp scan cancel` | +|Protection |Request a security intelligence update |`mdatp definitions update` | ## Microsoft Defender ATP portal information diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md index 4a25d355bf..a124167305 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md @@ -29,7 +29,7 @@ ms.topic: conceptual To test if Microsoft Defender ATP for Linux can communicate to the cloud with the current network settings, run a connectivity test from the command line: ```bash -$ mdatp --connectivity-test +$ mdatp connectivity test ``` If the connectivity test fails, check if the machine has Internet access and if [any of the endpoints required by the product](microsoft-defender-atp-linux.md#network-connections) are blocked by a proxy or firewall. @@ -84,7 +84,7 @@ $ sudo systemctl daemon-reload; sudo systemctl restart mdatp Upon success, attempt another connectivity test from the command line: ```bash -$ mdatp --connectivity-test +$ mdatp connectivity test ``` If the problem persists, contact customer support. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md index 0982c630fa..8ffdc04ee8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md @@ -116,6 +116,7 @@ and try again. If none of the above steps help, collect the diagnostic logs: ```bash -$ sudo mdatp --diagnostic --create +$ sudo mdatp diagnostic create +Diagnostic file created: ``` Path to a zip file that contains the logs will be displayed as an output. Reach out to our customer support with these logs. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md index 55da60a602..6748041572 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md @@ -36,7 +36,8 @@ The following steps can be used to troubleshoot and mitigate these issues: If your device is not managed by your organization, real-time protection can be disabled from the command line: ```bash - $ mdatp --config realTimeProtectionEnabled false + $ mdatp config real-time-protection --value disabled + Configuration property updated ``` If your device is managed by your organization, real-time protection can be disabled by your administrator using the instructions in [Set preferences for Microsoft Defender ATP for Linux](linux-preferences.md). @@ -49,19 +50,20 @@ The following steps can be used to troubleshoot and mitigate these issues: This feature is enabled by default on the `Dogfood` and `InsisderFast` channels. If you're using a different update channel, this feature can be enabled from the command line: ```bash - $ mdatp config real_time_protection_statistics_enabled on + $ mdatp config real-time-protection-statistics --value enabled ``` This feature requires real-time protection to be enabled. To check the status of real-time protection, run the following command: ```bash - $ mdatp health + $ mdatp health --field real_time_protection_enabled ``` Verify that the `real_time_protection_enabled` entry is `true`. Otherwise, run the following command to enable it: ```bash - $ mdatp --config realTimeProtectionEnabled true + $ mdatp config real-time-protection --value enabled + Configuration property updated ``` To collect current statistics, run: