Forum Discussion
djolenole
Apr 22, 2024Brass Contributor
EICAR file is not blocked by Defender for Endpoint on Linux
Hello,
we are testing Microsoft Defender for Endpoint on Linux Ubuntu devices.
I successfully onboarded machine, it is visible in Defender portal and I am able to generate incident using test https://aka.ms/LinuxDIY
However, I am not able to detect/block EICAR test file using suggested command:
curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt
After it, eicar.com.txt file is in Downloads folder and nothing happens.
"mdatp health" output:
Configuration in mdatp_managed.json file:
Am I missing something?
Thanks
Hi djolenole!
I checked with the team, and looks like EICAR changed the URL a while back. The correct one is already in our documentation.
AV detection test for verifying device's onboarding and reporting services | Microsoft Learn
We will update our instruction within the portal to reflect the new URL.
Thanks for pointing this out to us!
Heike
- HeikeRitter
Microsoft
Hi djolenole!
I checked with the team, and looks like EICAR changed the URL a while back. The correct one is already in our documentation.
AV detection test for verifying device's onboarding and reporting services | Microsoft Learn
We will update our instruction within the portal to reflect the new URL.
Thanks for pointing this out to us!
Heike
- djolenole1415Copper ContributorOk, thanks! I found a solution; I copied the text from the Eicar file and saved it as a new .txt file. After that the file was immediately detected 🙂
Thank you anyway!