Linux Configuation
Linux commands for Microsoft Defender can be located at:
After installing Defender for Linux enable the block potentially unwanted applications (PUA) functionality using:
sudo mdatp threat policy set --type potentially_unwanted_application --action block
Once this has been done add cron jobs using:
sudo crontab -e
Add this line to schedule a quick scan at 2:00 UTC Monday to Saturday, output will be placed in /var/log/mdatp_cron_job.log00 2 * * 1-6 /usr/bin/mdatp scan quick > /var/log/mdatp_cron_job.log
Add this line to schedule a full scan at 2:00 UTC Sunday, output will be placed in /var/log/mdatp_cron_job.log
00 2 * * 0 /usr/bin/mdatp scan full > /var/log/mdatp_cron_job.log
Exit the editor saving your changes.
Check the health of Microsoft Defernder by running
mdatp health
If you need to restart the service use
sudo service mdatp restart
A configuration file called mdatp_managed.json can be used to set the Defender settings under Linux. This file should be saved in /etc/opt/microsoft/mdatp/managed.
{
"antivirusEngine":{
"enforcementLevel":"real_time",
"threatTypeSettings":[
{
"key":"potentially_unwanted_application",
"value":"block"
},
{
"key":"archive_bomb",
"value":"audit"
}
]
},
"cloudService":{
"automaticDefinitionUpdateEnabled":true,
"automaticSampleSubmissionConsent":"safe",
"enabled":true
}
}
Next, cron jobs should be created for scheduled scans. This can been done via:
sudo crontab -e
Copy and paste the below into the editor to define the scans## Microsoft Defender quick scan Monday to Saturday
00 2 * * 1-6 /usr/bin/mdatp scan quick > /var/log/mdatp_cron_job.log
## Microsoft Defender full scan on Sunday
00 2 * * 0 /usr/bin/mdatp scan full > /var/log/mdatp_cron_job.log
Exit the editor saving your changes.
Check the health of Microsoft Defender by running
mdatp health
If you need to restart the service use
sudo service mdatp restart