Forum Discussion

djolenole's avatar
djolenole
Brass Contributor
Apr 22, 2024

EICAR file is not blocked by Defender for Endpoint on Linux

Hello,

we are testing Microsoft Defender for Endpoint on Linux Ubuntu devices.

I successfully onboarded machine, it is visible in Defender portal and I am able to generate incident using test https://aka.ms/LinuxDIY  

However, I am not able to detect/block EICAR test file using suggested command:
curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt

 

After it, eicar.com.txt file is in Downloads folder and nothing happens.

 

"mdatp health" output:

Configuration in mdatp_managed.json file: 

Am I missing something?

 

Thanks

 

Resources