deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-23 06:13:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
Files
c19fa00cc3ec2d444be06aec695c70a841f15c40
windows-itpro-docs/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
Tudor Dobrila c72b3f50b8 Rename Oracle EL -> Oracle Linux
2020-03-11 15:37:54 -07:00

5.4 KiB
Raw Blame History

title, ms.reviewer, description, keywords, search.product, search.appverid, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.author, author, ms.localizationpriority, manager, audience, ms.collection, ms.topic
title ms.reviewer description keywords search.product search.appverid ms.prod ms.mktglfcycl ms.sitesec ms.pagetype ms.author author ms.localizationpriority manager audience ms.collection ms.topic
Microsoft Defender ATP for Linux resources Describes resources for Microsoft Defender ATP for Linux, including how to uninstall it, how to collect diagnostic logs, CLI commands, and known issues with the product. microsoft, defender, atp, linux, installation, deploy, uninstallation, puppet, ansible, linux, redhat, ubuntu, debian, sles, suse, centos eADQiWindows 10XVcnh met150 w10 deploy library security dansimp dansimp medium dansimp ITPro M365-security-compliance conceptual

Resources

Applies to:

Collect diagnostic information

If you can reproduce a problem, please increase the logging level, run the system for some time, and restore the logging level to the default.

  1. Increase logging level:

    $ mdatp --log-level verbose
Creating connection to daemon
Connection established
Operation succeeded

  2. Reproduce the problem.

  3. Run sudo mdatp --diagnostic --create to backup Microsoft Defender ATP's logs. The files will be stored inside of a .zip archive. This command will also print out the file path to the backup after the operation succeeds:

    $ sudo mdatp --diagnostic --create
Creating connection to daemon
Connection established

  4. Restore logging level:

    $ mdatp --log-level info
Creating connection to daemon
Connection established
Operation succeeded

Log installation issues

If an error occurs during installation, the installer will only report a general failure.

The detailed log will be saved to /var/log/microsoft/mdatp_install.log. If you experience issues during installation, send us this file so we can help diagnose the cause.

Uninstall

There are several ways to uninstall Microsoft Defender ATP for Linux. If you are using a configuration tool such as Puppet, please follow the package uninstallation instructions for the configuration tool.

Manual uninstallation

  • sudo yum remove mdatp for RHEL and variants(CentOS and Oracle Linux).
  • sudo zypper remove mdatp for SLES and variants.
  • sudo apt-get purge mdatp for Ubuntu and Debian systems.

Configure from the command line

Important tasks, such as controlling product settings and triggering on-demand scans, can be done from the command line:

Group Scenario Command
Configuration Turn on/off real-time protection mdatp --config realTimeProtectionEnabled [true/false]
Configuration Turn on/off cloud protection mdatp --config cloudEnabled [true/false]
Configuration Turn on/off product diagnostics mdatp --config cloudDiagnosticEnabled [true/false]
Configuration Turn on/off automatic sample submission mdatp --config cloudAutomaticSampleSubmission [true/false]
Configuration Turn on PUA protection mdatp --threat --type-handling potentially_unwanted_application block
Configuration Turn off PUA protection mdatp --threat --type-handling potentially_unwanted_application off
Configuration Turn on audit mode for PUA protection mdatp --threat --type-handling potentially_unwanted_application audit
Diagnostics Change the log level mdatp --log-level [error/warning/info/verbose]
Diagnostics Generate diagnostic logs mdatp --diagnostic --create
Health Check the product's health mdatp --health
Protection Scan a path mdatp --scan --path [path]
Protection Do a quick scan mdatp --scan --quick
Protection Do a full scan mdatp --scan --full
Protection Cancel an ongoing on-demand scan mdatp --scan --cancel
Protection Request a security intelligence update mdatp --definition-update

Microsoft Defender ATP portal information

In the Microsoft Defender ATP portal, you'll see two categories of information:

  • Antivirus alerts, including:
    • Severity
    • Scan type
    • Device information (hostname, machine identifier, tenant identifier, app version, and OS type)
    • File information (name, path, size, and hash)
    • Threat information (name, type, and state)
  • Device information, including:
    • Machine identifier
    • Tenant identifier
    • App version
    • Hostname
    • OS type
    • OS version
    • Computer model
    • Processor architecture
    • Whether the device is a virtual machine