Forum Discussion
Public Preview for MD ATP for Linux
Hi Microsoft Community - Yesterday's blog officially announced public preview for MDATP for linux.
https://www.microsoft.com/security/blog/2020/02/20/microsoft-threat-protection-intelligence-automation/?irgwc=1&OCID=AID2000142_aff_7794_1246483&tduid=%28ir__hdhb0ypbukkftlhekk0sohz3xm2xlt1p1gqwjkc000&irgwc=1&OCID=AID2000142_aff_7593_159229&tduid=(ir__ezfojkpqzokftw32kk0sohznxn2xltu0ulhhg6sl00)(7593)(159229)()(UUwpUdUnU75053YYwYg)&irclickid=_ezfojkpqzokftw32kk0sohznxn2xltu0ulhhg6sl00
I'm very interested in testing this functionality out for my enterprise. Can anyone let me know if further documentation has been published on this or if anything special is required to gain access to the public preview?
In Security Center Onboarding I only see instructions for MacOS or "other OS via 3rd party".
I'm starting to look at Sentinel One, but Ziften Zenith seems to be dormant.. I haven't been able to get through to anyone via their demo scheduling pipeline or their main phone number.
4 Replies
Hi danggIT,
I've installed MD ATP for Linux to my Debian testing (will be Debian11 "bullseye" machine.
Installation is fine but got lot error messages from time to time as
[{microsoft_defender_core}]: [933][2020-03-13 23:13:35.329940 UTC][error]: {"code":{"key":"generic","value":9},"call_stack":{"frames":[{"file":"event_provider_request.cpp","line":32}]},"context":["/lib/x86_64-linux-gnu/libutil-2.29.so"]}
[{microsoft_defender_core}]: [933][2020-03-13 23:14:04.423376 UTC][error]: {"code":{"key":"generic","value":9},"call_stack":{"frames":[{"file":"event_provider_request.cpp","line":32}]},"context":["/lib/x86_64-linux-gnu/libc-2.29.so"]}
[{microsoft_defender_core}]: [933][2020-03-13 23:14:30.544355 UTC][error]: {"code":{"key":"generic","value":9},"call_stack":{"frames":[{"file":"event_provider_request.cpp","line":32}]},"context":["/lib/x86_64-linux-gnu/libdl-2.29.so"]}I know it does not support Debian11 officially, but I hope it would work as well as other Debian versions. Please let me know if you want more information to investigate this issue, thanks.
danggIT So far I'm deploying manually to some Debian systems with this instruction:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually
A nearly EOL Debian Jesse install gave some headaches on a libc dependenc, but it worked without issues on later versions.
I'm just wondering if I have some firewall issue somewhere as I'm not seeing alerts and timeline show up in the portal, even though health and connectivity status show OK on the systems.
- Nice, now Linux users can feel safe like Windows users.
