Tuesday, February 23, 05:59
Home security Microsoft Defender for Linux comes with a new security feature

Microsoft Defender for Linux comes with a new security feature

We know it's still hard for some of you to accept, but Microsoft really does support Linux - especially lately. A specific example: In June, Microsoft released Microsoft Defender Advanced Threat Protection (ATP) for Linux for all users. Now, Microsoft has improved the Linux version of Defender by adding a public preview of Endpoint Detection and Response (EDR) capabilities.

Microsoft Defender

This is not a version of Microsoft Defender that you can run on a standalone Linux desktop. Its main job remains to protect Linux servers from server threats and network. If you want protection for your standalone desktop, use programs like ClamAV or Sophos Antivirus for Linux.

For businesses, however, that have employees who work from home and use them now Poppy and their Windows computers everywhere, that's another story. While it relies on Linux servers, you can use it to protect running computers MacOS, Windows 8.1 and Windows 10.

With these new EDR capabilities, Linux Defender users can quickly detect advanced attacks involving Linux servers and recover any threats. This builds on existing antivirus prudence and aggregation reports available through the Microsoft Security Defender Center.

Specifically, it includes:

  • Rich research, including "machine timeline", process creation, file creation, network connections and connection events.
  • Optimized CPU performance with improved performance in compilation processes and "large" software applications.
  • AV detection in the environment. As with Windows, you will receive information about where a threat came from and how the malicious process or activity was created.

To run the updated program, you will need one of the following Linux servers: RHEL 7.2+, CentOS Linux 7.2+, Ubuntu 16.04 or newer LTS, SLES 12+ or Oracle Linux 7.2.

Next, to try out these public preview features, you should turn on the possibilities preview at the Microsoft Defender Security Center. Before doing this, make sure you are using version 101.12.99 or later. You can find out which version you are using with the command: mdatp health

You do not have to change all servers running Microsoft Defender for Endpoint to Linux in preview mode. Instead, Microsoft recommends that configure only some of the Linux servers in preview mode, with the following command: $ sudo mdatp edr early-preview enable

Microsoft Defender

Once this is done, if you feel brave enough and want to see for yourself if it works, Microsoft offers a way to run a simulated attack. To do this, follow these steps to simulate a scan on the Linux server and investigate the case.

1.Make sure the embedded Linux server appears in the Microsoft Defender Security Center.

2.Download and export the script file from here aka.ms/LinuxDIY to an embedded Linux server and run the following command: ./mde_linux_edr_diy.sh

3. After a few minutes, it should "open" in Microsoft Defender Security Center.

4. Look at the notification details, the so-called machine timeline and perform the standard steps of your research.

Source: zdnet.com

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.

LIVE NEWS

00:03:39

The top list of Xbox Game Pass games for 2021

https://www.youtube.com/watch?v=zJLiVBYFACw Μία από τις κορυφαίες πλατφόρμες με παιχνίδια για το Xbox και το PC σας σε προνομιακή...

The price of Bitcoin dropped by $ 10.000 in 24 hours

After weeks of steady gains, the price of Bitcoin plummeted. More than 10.000 ...

iPhone / iPad: How to delete old text messages automatically

By default, your iPhone and iPad store every iMessage text message and SMS you receive. As a result, you could ...

Tesla: The world's largest battery system is making progress

A new video taken by a drone shows that Tesla is making progress towards the completion of the Moss Landing Megapack project that ...

SonicWall is releasing an additional update for the SMA 100 vulnerability

SonicWall has released a second firmware update for a zero-day SMA-100 vulnerability known to be used in attacks and warns by saying ...

Chinese hackers have cloned a tool belonging to the NSA Equation Group

Chinese hackers "cloned" and used for years a zero-day exploit of Windows stolen by the NSA Equation Group, say the ...

Underwriters Laboratories (UL) was attacked by ransomware

UL LLC, known as Underwriters Laboratories, suffered a ransomware attack in which its servers were encrypted and forced to close ...

An image of Apple's third generation AirPods leaked

An image claiming to depict Apple's third-generation AirPods has leaked to the internet. The image was announced by 52audio. To her...

Kroger: Data breach exposes employee data

Giant supermarket chain Kroger suffered data breach after breaching a service used to transfer files securely ...

New Chrome firewall for iOS locks Incognito tabs with Face ID

Google Chrome for iOS gets a new privacy feature that allows users to lock open Incognito tabs and ...