Hello Blog Readers,
I have summarized the Linux Configuration and Operation commands in this cheat sheet for your convenient use. Enjoy your MD for Endpoint Linux run!
MD for Endpoint Linux Commands
Group |
Scenario |
Command |
Configuration |
Turn on/off real-time protection |
mdatp config real-time-protection --value [enabled|disabled] |
Configuration |
Turn on/off cloud protection |
mdatp config cloud --value [enabled|disabled] |
Configuration |
Turn on/off product diagnostics |
mdatp config cloud-diagnostic --value [enabled|disabled] |
Configuration |
Turn on/off automatic sample submission |
mdatp config cloud-automatic-sample-submission --value [enabled|disabled] |
Configuration |
Turn on/off AV passive mode |
mdatp config passive-mode [enabled|disabled] |
Configuration |
Add/remove an antivirus exclusion for a file extension |
mdatp exclusion extension [add|remove] --name [extension] |
Configuration |
Add/remove an antivirus exclusion for a file |
mdatp exclusion file [add|remove] --path [path-to-file] |
Configuration |
Add/remove an antivirus exclusion for a directory |
mdatp exclusion folder [add|remove] --path [path-to-directory] |
Configuration |
Add/remove an antivirus exclusion for a process |
mdatp exclusion process [add|remove] --path [path-to-process] |
Configuration |
List all antivirus exclusions |
mdatp exclusion list |
Configuration |
Turn on PUA (Potentially Unwanted Applications) protection |
mdatp threat policy set --type potentially_unwanted_application --action block |
Configuration |
Turn off PUA protection |
mdatp threat policy set --type potentially_unwanted_application --action off |
Configuration |
Turn on audit mode for PUA protection |
mdatp threat policy set --type potentially_unwanted_application --action audit |
Diagnostics |
Change the log level |
mdatp log level set --level verbose [error|warning|info|verbose] |
Diagnostics |
Generate diagnostic logs |
mdatp diagnostic create |
Health |
Check the product's health |
mdatp health |
Protection |
Scan a path |
mdatp scan custom --path [path] |
Protection |
Do a quick scan |
mdatp scan quick |
Protection |
Do a full scan |
mdatp scan full |
Protection |
Cancel an ongoing on-demand scan |
mdatp scan cancel |
Protection |
Request a security intelligence update |
mdatp definitions update |
Protection history |
Print the full protection history |
mdatp threat list |
Protection history |
Get threat details |
mdatp threat get --id [threat-id] |
Quarantine management |
List all quarantined files |
mdatp threat quarantine list |
Quarantine management |
Remove all files from the quarantine |
mdatp threat quarantine remove-all |
Quarantine management |
Add a file detected as a threat to the quarantine |
mdatp threat quarantine add --id [threat-id] |
Quarantine management |
Remove a file detected as a threat from the quarantine |
mdatp threat quarantine add --id [threat-id] |
Quarantine management |
Restore a file from the quarantine |
mdatp threat quarantine add --id [threat-id] |
Examples:
To enable ATP diagnostic
mdatp config cloud-diagnostic –value enabled
To check ATP Configuration Settings:
mdatp health
To Check MD for Endpoint Linux's Virus History
mdatp threat list
To view the Quarantine list and remove the non-threat file based on threat ID
mdatp threat quarantine add --id "Your threat ID"
mdatp threat quarantine list
To Create a PUA Policy (Potentially Unwanted Applications Policy) in audit mode
mdatp threat policy list
mdatp threat policy set --type potentially_unwanted_application --action audit
mdatp threat policy list
To update MD for Endpoint Linux's AV Definition
mdatp definitions update
More info:
I hope the command list is helpful.
___________________________________________________________________________________
Disclaimer: The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.
Updated Nov 20, 2020
Version 8.0TanTran
Microsoft
Joined September 13, 2019
Core Infrastructure and Security Blog
Follow this blog board to get notified when there's new activity