As we continue our powerful momentum in securing Linux platforms, we are excited to announce the public preview of Microsoft Defender for Endpoint on Linux antivirus behavior monitoring and blocking!
The new preventive antivirus functionality complements our existing strong content-based capabilities with behavior monitoring and deep memory scanning. These enhancements bring immediate ability to closely monitor processes, file system activities, and process interactions within the system. The enhanced ability to correlate events and behaviors across multiple processes allows us to more generically detect and block malware based on their behavioral classification. These behavior-based signals will act as additional runtime signals for behavioral cloud-powered machine learning models and for effective runtime protection.
Our Linux antivirus behavior monitoring and blocking can be previewed on any Linux distribution that is currently supported by Microsoft Defender for Endpoint on Linux:
Microsoft Defender for Endpoint on Linux antivirus behavior monitoring seamlessly integrates into the existing preventive experiences. Behavior monitoring details and artifacts can be explored locally using the existing Microsoft Defender for Endpoint on Linux command line interface.
Behavior monitoring alerts appear in the Microsoft Defender Security Center (as well as in the Microsoft 365 security center) alongside all other alerts and can be effectively investigated.
What are the preview prerequisites for Linux antivirus behavior monitoring and blocking?
To experience the Linux antivirus behavior monitoring and blocking in public preview, you’ll need to have preview features turned on in the Microsoft Defender Security Center. If you have not yet opted into previews, we encourage you to turn on preview features in the Microsoft Defender Security Center or in the Microsoft 365 security center today.
As a preview entry prerequisite, please ensure the following requirements are fulfilled:
$ sudo mdatp config behavior-monitoring –value enabled
$ sudo mdatp config behavior-monitoring –value disabled
How to start previewing Linux antivirus behavior monitoring and blocking?
To get started with the Linux antivirus behavior monitoring and blocking public preview:
$ mdatp health --field cloud_enabled # this should print “true”
We welcome your feedback and look forward to hearing from you! You can submit feedback through the Microsoft Defender Security Center or through the Microsoft 365 security center.
Monitor the What's new in Microsoft Defender for Endpoint on Linux page for upcoming announcements (including general availability of Linux antivirus behavior monitoring and blocking). Stay tuned to our blog and Twitter channel to stay up to date on additional Microsoft Defender for Endpoint advancements.
Microsoft Defender for Endpoint is an industry leading, cloud powered endpoint security solution offering endpoint protection, endpoint detection and response, vulnerability management, and mobile threat defense. With our solution, threats are no match. If you are not yet taking advantage of Microsoft’s unrivaled threat optics and proven capabilities, sign up for a free Microsoft Defender for Endpoint trial today.
Microsoft Defender for Endpoint team
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.