Forum Discussion
Re: EICAR file is not blocked by Defender for Endpoint
Hi ramalabey,
For Microsoft Defender for Endpoint to work properly on a macOS device, you need to make sure that MDE has the proper permissions to the file system on a macOS. Please check in the settings of your macOS, please check this article: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-install-manually?view=o365-worldwide.
For Microsoft Defender for Endpoint to work properly on a macOS device, you need to make sure that MDE has the proper permissions to the file system on a macOS. Please check in the settings of your macOS, please check this article: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-install-manually?view=o365-worldwide.
4 Replies
yongrheemsftMicrosoft
ramal, after enabling the setting, you need to make sure that the policy is refreshed.
And regarding Tiennes recommendation about full disk access, make sure to reboot for the setting to take effect, if you already haven't.
If the symptom persists, since I can't reproduce it in my environment, please open a Microsoft support ticket. Have the following data collected and attached to the case. aka.ms/xMDEClientAnalyzer . For more info about the Client Analyzer on macOS, please review https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/run-analyzer-macos-linux?view=o365-worldwide
Thanks,
Yong Rhee - MSFTHi yongrheemsft
I think the issue is resolved after making the changes to the defender profile as advised by you
But i didn't receive a desktop notification saying that the file is quarantined, they have quarantined the file and it says that it will be removed periodically, do you have an idea when it will be removed and why i didn't get the desktop notification when they quarantined the file ?
