Linux Configuation
Linux commands for Microsoft Defender can be located at:
After installing Defender for Linux enable the block potentially unwanted applications (PUA) functionality using:
sudo mdatp threat policy set --type potentially_unwanted_application --action block
Once this has been done add cron jobs using:
sudo crontab -e
Add this line to schedule a quick scan at 2:00 UTC Monday to Saturday, output will be placed in /var/log/mdatp_cron_job.log
00 2 * * 1-6 /usr/bin/mdatp scan quick > /var/log/mdatp_cron_job.log
Add this line to schedule a full scan at 2:00 UTC Sunday, output will be placed in /var/log/mdatp_cron_job.log
00 2 * * 0 /usr/bin/mdatp scan full > /var/log/mdatp_cron_job.log
Exit the editor saving your changes.
You may now log off from the server
Check the health of Microsoft Defernder by running
mdatp health
If you need to restart the service use
sudo service mdatp restart
A configuration file called mdatp_managed.json can be used to set the Defender settings under Linux. This file should be saved in /etc/opt/microsoft/mdatp/managed.
{
"antivirusEngine":{
"enforcementLevel":"real_time",
"threatTypeSettings":[
{
"key":"potentially_unwanted_application",
"value":"block"
},
{
"key":"archive_bomb",
"value":"audit"
}
]
},
"cloudService":{
"automaticDefinitionUpdateEnabled":true,
"automaticSampleSubmissionConsent":"safe",
"enabled":true
}
}