Forum Discussion
Help understanding MDE Linux threat policies - MDE doesn't delete/quarantine rookits?
Hello. Hoping someone can help me understand how to confirm (and possibly modify) the behavior of MDE for Linux regarding threat policies. Here's a folder containing EICAR: $ ls test_me/
eic...
Update: This appears to be due to passive mode being enabled. By disabling passive mode, the threats are quarantined. Thanks
