Enhancing Linux antivirus with behavior monitoring capabilities!

Published Mar 23 2021 02:10 PM 8,686 Views
Microsoft

As we continue our powerful momentum in securing Linux platforms, we are excited to announce the public preview of Microsoft Defender for Endpoint on Linux antivirus behavior monitoring and blocking!

 

The new preventive antivirus functionality complements our existing strong content-based capabilities with behavior monitoring and deep memory scanning. These enhancements bring immediate ability to closely monitor processes, file system activities, and process interactions within the system. The enhanced ability to correlate events and behaviors across multiple processes allows us to more generically detect and block malware based on their behavioral classification. These behavior-based signals will act as additional runtime signals for behavioral cloud-powered machine learning models and for effective runtime protection.

 

Our Linux antivirus behavior monitoring and blocking can be previewed on any Linux distribution that is currently supported by Microsoft Defender for Endpoint on Linux:

  • RHEL 7.2+,
  • CentOS Linux 7.2+
  • Ubuntu 16 LTS, or higher LTS
  • SLES 12+
  • Debian 9+
  • Oracle Linux 7.2+

 

 

Microsoft Defender for Endpoint on Linux antivirus behavior monitoring seamlessly integrates into the existing preventive experiences. Behavior monitoring details and artifacts can be explored locally using the existing Microsoft Defender for Endpoint on Linux command line interface.

 

client-alert_med2.png

 

 

Behavior monitoring alerts appear in the Microsoft Defender Security Center (as well as in the Microsoft 365 security center) alongside all other alerts and can be effectively investigated.

 

portal-alert1.png

 

 

 

What are the preview prerequisites for Linux antivirus behavior monitoring and blocking?

 

To experience the Linux antivirus behavior monitoring and blocking in public preview, you’ll need to have preview features turned on in the Microsoft Defender Security Center. If you have not yet opted into previews, we encourage you to turn on preview features in the Microsoft Defender Security Center or in the Microsoft 365 security center today.

 

As a preview entry prerequisite, please ensure the following requirements are fulfilled:

  • Device must be in the InsiderFast channel 
  • Minimal Microsoft Defender for Endpoint version number must be (InsiderFast): 101.25.42
  • Device must be explicitly enrolled into the preview. The preview enrollment can be activated / deactivated using the following commands:

$ sudo mdatp config behavior-monitoring –value enabled

$ sudo mdatp config behavior-monitoring –value disabled

 

  • Microsoft Defender for Endpoint must be restarted for the enrollment/unenrollment commands to take effect.

 

 

 

How to start previewing Linux antivirus behavior monitoring and blocking?

 

To get started with the Linux antivirus behavior monitoring and blocking public preview:

  • Ensure preview prerequisites are met
  • Ensure to initially evaluate this new functionality on a selected subset of your non-production Linux devices
  • Ensure cloud-delivered protection is enabled on devices enrolled into the preview by running the following command:  

$ mdatp health --field cloud_enabled # this should print “true”

 

  • Try “Do It Yourself” scenarios to see features in action. You can find "Do It Yourself" scenarios attached to this blog
  • Continue running Linux clients enrolled into evaluation as you normally would
  • Share your feedback and observations to help us improve.

 

 

We welcome your feedback and look forward to hearing from you! You can submit feedback through the Microsoft Defender Security Center or through the Microsoft 365 security center.

 

Monitor the What's new in Microsoft Defender for Endpoint on Linux page for upcoming announcements (including general availability of Linux antivirus behavior monitoring and blocking). Stay tuned to our blog and Twitter channel to stay up to date on additional Microsoft Defender for Endpoint advancements.

 

 

Microsoft Defender for Endpoint is an industry leading, cloud powered endpoint security solution offering endpoint protection, endpoint detection and response, vulnerability management, and mobile threat defense. With our solution, threats are no match. If you are not yet taking advantage of Microsoft’s unrivaled threat optics and proven capabilities, sign up for a free Microsoft Defender for Endpoint trial today. 

 

 

 

Microsoft Defender for Endpoint team

 
 
4 Comments
New Contributor

Do these features extend coverage to Windows Subsystem for Linux (WSL) as well on a Windows 10 endpoint registered with Defender?

Microsoft

@mdgary , these new capabilities do not currently apply to WSL scenario. 

Valued Contributor

Is there any plan to test capability of this Anti-Malware through independence Anti-Malware testers like AV-Comparatives or AV-Test? There are positive result for Microsoft Defender on Windows but I am wondering how well it will be performed in the Linux. Result for the MacOS would be nice too.

Senior Member

May I know if other features like "software inventory","discovered vulnerabilities" are on the roadmap? When will them be available?

The "discovered vulnerabilities" feature is CRITICAL and we hope it could be available soon on linux platform. thanks.

%3CLINGO-SUB%20id%3D%22lingo-sub-2226705%22%20slang%3D%22en-US%22%3EEnhancing%20Linux%20antivirus%20with%20behavior%20monitoring%20capabilities!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2226705%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20we%20continue%20our%20powerful%20momentum%20in%20securing%20Linux%20platforms%2C%20we%20are%20excited%20to%20announce%20the%20public%20preview%20of%20Microsoft%20Defender%20for%20Endpoint%20on%20Linux%20antivirus%20behavior%20monitoring%20and%20blocking!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20new%20preventive%20antivirus%20functionality%20complements%20our%20existing%20strong%20content-based%20capabilities%20with%20behavior%20monitoring%20and%20deep%20memory%20scanning.%20These%20enhancements%20bring%20immediate%20ability%20to%20closely%20monitor%20processes%2C%20file%20system%20activities%2C%20and%20process%20interactions%20within%20the%20system.%20The%20enhanced%20ability%20to%20correlate%20events%20and%20behaviors%20across%20multiple%20processes%20allows%20us%20to%20more%20generically%20detect%20and%20block%20malware%20based%20on%20their%20behavioral%20classification.%20These%20behavior-based%20signals%20will%20act%20as%20additional%20runtime%20signals%20for%20behavioral%20cloud-powered%20machine%20learning%20models%20and%20for%20effective%20runtime%20protection.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOur%20Linux%20antivirus%20behavior%20monitoring%20and%20blocking%20can%20be%20previewed%20on%20any%20Linux%20distribution%20that%20is%20currently%20supported%20by%20Microsoft%20Defender%20for%20Endpoint%20on%20Linux%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3ERHEL%207.2%2B%2C%3C%2FLI%3E%0A%3CLI%3ECentOS%20Linux%207.2%2B%3C%2FLI%3E%0A%3CLI%3EUbuntu%2016%20LTS%2C%20or%20higher%20LTS%3C%2FLI%3E%0A%3CLI%3ESLES%2012%2B%3C%2FLI%3E%0A%3CLI%3EDebian%209%2B%3C%2FLI%3E%0A%3CLI%3EOracle%20Linux%207.2%2B%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EMicrosoft%20Defender%20for%20Endpoint%20on%20Linux%20antivirus%20behavior%20monitoring%20seamlessly%20integrates%20into%20the%20existing%20preventive%20experiences.%20Behavior%20monitoring%20details%20and%20artifacts%20can%20be%20explored%20locally%20using%20the%20existing%20Microsoft%20Defender%20for%20Endpoint%20on%20Linux%20command%20line%20interface.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22client-alert_med2.png%22%20style%3D%22width%3A%20961px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F266516iBE3D4EEE6C70359A%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22client-alert_med2.png%22%20alt%3D%22client-alert_med2.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBehavior%20monitoring%20alerts%20appear%20in%20the%20Microsoft%20Defender%20Security%20Center%20(as%20well%20as%20in%20the%20Microsoft%20365%20security%20center)%20alongside%20all%20other%20alerts%20and%20can%20be%20effectively%20investigated.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22portal-alert1.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F266535iBC3460DF02534C18%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22portal-alert1.png%22%20alt%3D%22portal-alert1.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EWhat%20are%20the%20preview%20prerequisites%20for%20Linux%20antivirus%20behavior%20monitoring%20and%20blocking%3F%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20experience%20the%20Linux%20antivirus%20behavior%20monitoring%20and%20blocking%20in%20public%20preview%2C%20you%E2%80%99ll%20need%20to%20have%20preview%20features%20turned%20on%20in%20the%20Microsoft%20Defender%20Security%20Center.%20If%20you%20have%20not%20yet%20opted%20into%20previews%2C%20we%20encourage%20you%20to%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Fpreview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eturn%20on%20preview%20features%3C%2FA%3E%26nbsp%3Bin%20the%20Microsoft%20Defender%20Security%20Center%20or%20in%20the%20Microsoft%20365%20security%20center%20today.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAs%20a%20preview%20entry%20prerequisite%2C%20please%20ensure%20the%20following%20requirements%20are%20fulfilled%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3EDevice%20must%20be%26nbsp%3Bin%20the%26nbsp%3B%3CSTRONG%3EInsiderFast%3C%2FSTRONG%3E%26nbsp%3Bchannel%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%3CSTRONG%3EMinimal%20Microsoft%20Defender%20for%20Endpoint%20version%3C%2FSTRONG%3E%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3Bnumber%20must%20be%20(InsiderFast)%3A%26nbsp%3B%3CSTRONG%3E101.25.42%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3EDevice%20must%20be%20explicitly%20enrolled%20into%20the%20preview.%20%3CSPAN%3EThe%20preview%20enrollment%20can%20be%20activated%20%2F%20deactivated%20using%26nbsp%3Bthe%26nbsp%3Bfollowing%26nbsp%3Bcommands%3C%2FSPAN%3E%3CSPAN%3E%3A%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CEM%3E%24%20sudo%20mdatp%20config%20behavior-monitoring%20%E2%80%93value%20enabled%3C%2FEM%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CEM%3E%24%20sudo%20mdatp%20config%20behavior-monitoring%20%E2%80%93value%20disabled%3C%2FEM%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EMicrosoft%20Defender%20for%20Endpoint%20must%20be%20restarted%20for%20the%20enrollment%2Funenrollment%20commands%20to%20take%20effect.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EHow%20to%20start%20previewing%20Linux%20antivirus%20behavior%20monitoring%20and%20blocking%3F%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20get%20started%20with%20the%20Linux%20antivirus%20behavior%20monitoring%20and%20blocking%20public%20preview%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EEnsure%20preview%20prerequisites%20are%20met%3C%2FLI%3E%0A%3CLI%3EEnsure%20to%20initially%20evaluate%20this%20new%20functionality%20on%20a%20selected%20subset%20of%20your%20%3CSTRONG%3E%3CEM%3Enon-production%3C%2FEM%3E%3C%2FSTRONG%3E%20Linux%20devices%3C%2FLI%3E%0A%3CLI%3EEnsure%20cloud-delivered%20protection%20is%20enabled%20on%20devices%20enrolled%20into%20the%20preview%20by%20running%20the%20following%20command%3A%26nbsp%3B%26nbsp%3B%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CEM%20style%3D%22font-family%3A%20inherit%3B%22%3E%24%20mdatp%20health%20--field%20cloud_enabled%20%23%20this%20should%20print%20%E2%80%9Ctrue%E2%80%9D%3C%2FEM%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3ETry%20%E2%80%9CDo%20It%20Yourself%E2%80%9D%20scenarios%20to%20see%20features%20in%20action.%20You%20can%20find%20%3CA%20title%3D%22Do%20It%20Yourself%3A%20Linux%20behavior%20monitoring%20and%20blocking%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Fgxcuf89792%2Fattachments%2Fgxcuf89792%2FMicrosoftDefenderATPBlog%2F1161%2F1%2FLinux_BM_DIY.pdf%22%20target%3D%22_self%22%3E%22Do%20It%20Yourself%22%20scenarios%3C%2FA%3E%20attached%20to%20this%20blog%3C%2FLI%3E%0A%3CLI%3EContinue%20running%20Linux%20clients%20enrolled%20into%20evaluation%20as%20you%20normally%20would%3C%2FLI%3E%0A%3CLI%3EShare%20your%20feedback%20and%20observations%20to%20help%20us%20improve.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20welcome%20your%20feedback%20and%20look%20forward%20to%20hearing%20from%20you!%20You%20can%20submit%20feedback%20through%26nbsp%3Bthe%20Microsoft%20Defender%20Security%20Center%20or%20through%20the%20Microsoft%20365%20security%20center.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EMonitor%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Flinux-whatsnew%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EWhat's%20new%20in%20Microsoft%20Defender%20for%20Endpoint%20on%20Linux%20page%3C%2FA%3E%20for%20upcoming%20announcements%20(including%20general%20availability%20of%20Linux%20antivirus%20behavior%20monitoring%20and%20blocking).%20Stay%20tuned%20to%20our%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-defender-for-endpoint%2Fbg-p%2FMicrosoftDefenderATPBlog%22%20target%3D%22_blank%22%3Eblog%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eand%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2FMSThreatProtect%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3ETwitter%20channel%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eto%20stay%20up%20to%20date%20on%20additional%20Microsoft%20Defender%20for%20Endpoint%20advancements.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3EMicrosoft%20Defender%20for%20Endpoint%20is%20an%20industry%20leading%2C%20cloud%20ML%20powered%20endpoint%20security%20solution%20offering%20endpoint%20protection%2C%20endpoint%20detection%20and%20response%2C%20vulnerability%20management%2C%20and%20mobile%20threat%20defense.%20With%20our%20solution%2C%20threats%20are%20no%20match.%20If%20you%20are%20not%20yet%20taking%20advantage%20of%20Microsoft%E2%80%99s%20unrivaled%20threat%20optics%20and%20proven%20capabilities%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fendpoint-defender%3Frtc%3D1%3Frtc%3D1%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Esign%20up%20for%20a%20free%20Microsoft%20Defender%20for%20Endpoint%20trial%3C%2FA%3E%26nbsp%3Btoday.%3C%2FEM%3E%3CEM%3E%26nbsp%3B%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3EMicrosoft%20Defender%20for%20Endpoint%20team%3C%2FEM%3E%3C%2FP%3E%0A%3CDIV%20class%3D%22ms-editor-squiggler%22%20style%3D%22color%3A%20initial%3B%20font%3A%20initial%3B%20font-feature-settings%3A%20initial%3B%20font-kerning%3A%20initial%3B%20font-optical-sizing%3A%20initial%3B%20font-variation-settings%3A%20initial%3B%20forced-color-adjust%3A%20initial%3B%20text-orientation%3A%20initial%3B%20text-rendering%3A%20initial%3B%20-webkit-font-smoothing%3A%20initial%3B%20-webkit-locale%3A%20initial%3B%20-webkit-text-orientation%3A%20initial%3B%20-webkit-writing-mode%3A%20initial%3B%20writing-mode%3A%20initial%3B%20zoom%3A%20initial%3B%20place-content%3A%20initial%3B%20place-items%3A%20initial%3B%20place-self%3A%20initial%3B%20alignment-baseline%3A%20initial%3B%20animation%3A%20initial%3B%20appearance%3A%20initial%3B%20aspect-ratio%3A%20initial%3B%20backdrop-filter%3A%20initial%3B%20backface-visibility%3A%20initial%3B%20background%3A%20initial%3B%20background-blend-mode%3A%20initial%3B%20baseline-shift%3A%20initial%3B%20block-size%3A%20initial%3B%20border-block%3A%20initial%3B%20border%3A%20initial%3B%20border-radius%3A%20initial%3B%20border-collapse%3A%20initial%3B%20border-end-end-radius%3A%20initial%3B%20border-end-start-radius%3A%20initial%3B%20border-inline%3A%20initial%3B%20border-start-end-radius%3A%20initial%3B%20border-start-start-radius%3A%20initial%3B%20inset%3A%20initial%3B%20box-shadow%3A%20initial%3B%20box-sizing%3A%20initial%3B%20break-after%3A%20initial%3B%20break-before%3A%20initial%3B%20break-inside%3A%20initial%3B%20buffered-rendering%3A%20initial%3B%20caption-side%3A%20initial%3B%20caret-color%3A%20initial%3B%20clear%3A%20initial%3B%20clip%3A%20initial%3B%20clip-path%3A%20initial%3B%20clip-rule%3A%20initial%3B%20color-interpolation%3A%20initial%3B%20color-interpolation-filters%3A%20initial%3B%20color-rendering%3A%20initial%3B%20color-scheme%3A%20initial%3B%20columns%3A%20initial%3B%20column-fill%3A%20initial%3B%20gap%3A%20initial%3B%20column-rule%3A%20initial%3B%20column-span%3A%20initial%3B%20contain%3A%20initial%3B%20contain-intrinsic-size%3A%20initial%3B%20content%3A%20initial%3B%20content-visibility%3A%20initial%3B%20counter-increment%3A%20initial%3B%20counter-reset%3A%20initial%3B%20counter-set%3A%20initial%3B%20cursor%3A%20initial%3B%20cx%3A%20initial%3B%20cy%3A%20initial%3B%20d%3A%20initial%3B%20display%3A%20block%3B%20dominant-baseline%3A%20initial%3B%20empty-cells%3A%20initial%3B%20fill%3A%20initial%3B%20fill-opacity%3A%20initial%3B%20fill-rule%3A%20initial%3B%20filter%3A%20initial%3B%20flex%3A%20initial%3B%20flex-flow%3A%20initial%3B%20float%3A%20initial%3B%20flood-color%3A%20initial%3B%20flood-opacity%3A%20initial%3B%20grid%3A%20initial%3B%20grid-area%3A%20initial%3B%20height%3A%200px%3B%20hyphens%3A%20initial%3B%20image-orientation%3A%20initial%3B%20image-rendering%3A%20initial%3B%20inline-size%3A%20initial%3B%20inset-block%3A%20initial%3B%20inset-inline%3A%20initial%3B%20isolation%3A%20initial%3B%20letter-spacing%3A%20initial%3B%20lighting-color%3A%20initial%3B%20line-break%3A%20initial%3B%20list-style%3A%20initial%3B%20margin-block%3A%20initial%3B%20margin%3A%20initial%3B%20margin-inline%3A%20initial%3B%20marker%3A%20initial%3B%20mask%3A%20initial%3B%20mask-type%3A%20initial%3B%20max-block-size%3A%20initial%3B%20max-height%3A%20initial%3B%20max-inline-size%3A%20initial%3B%20max-width%3A%20initial%3B%20min-block-size%3A%20initial%3B%20min-height%3A%20initial%3B%20min-inline-size%3A%20initial%3B%20min-width%3A%20initial%3B%20mix-blend-mode%3A%20initial%3B%20object-fit%3A%20initial%3B%20object-position%3A%20initial%3B%20offset%3A%20initial%3B%20opacity%3A%20initial%3B%20order%3A%20initial%3B%20origin-trial-test-property%3A%20initial%3B%20orphans%3A%20initial%3B%20outline%3A%20initial%3B%20outline-offset%3A%20initial%3B%20overflow-anchor%3A%20initial%3B%20overflow-clip-margin%3A%20initial%3B%20overflow-wrap%3A%20initial%3B%20overflow%3A%20initial%3B%20overscroll-behavior-block%3A%20initial%3B%20overscroll-behavior-inline%3A%20initial%3B%20overscroll-behavior%3A%20initial%3B%20padding-block%3A%20initial%3B%20padding%3A%20initial%3B%20padding-inline%3A%20initial%3B%20page%3A%20initial%3B%20page-orientation%3A%20initial%3B%20paint-order%3A%20initial%3B%20perspective%3A%20initial%3B%20perspective-origin%3A%20initial%3B%20pointer-events%3A%20initial%3B%20position%3A%20initial%3B%20quotes%3A%20initial%3B%20r%3A%20initial%3B%20resize%3A%20initial%3B%20ruby-position%3A%20initial%3B%20rx%3A%20initial%3B%20ry%3A%20initial%3B%20scroll-behavior%3A%20initial%3B%20scroll-margin-block%3A%20initial%3B%20scroll-margin%3A%20initial%3B%20scroll-margin-inline%3A%20initial%3B%20scroll-padding-block%3A%20initial%3B%20scroll-padding%3A%20initial%3B%20scroll-padding-inline%3A%20initial%3B%20scroll-snap-align%3A%20initial%3B%20scroll-snap-stop%3A%20initial%3B%20scroll-snap-type%3A%20initial%3B%20shape-image-threshold%3A%20initial%3B%20shape-margin%3A%20initial%3B%20shape-outside%3A%20initial%3B%20shape-rendering%3A%20initial%3B%20size%3A%20initial%3B%20speak%3A%20initial%3B%20stop-color%3A%20initial%3B%20stop-opacity%3A%20initial%3B%20stroke%3A%20initial%3B%20stroke-dasharray%3A%20initial%3B%20stroke-dashoffset%3A%20initial%3B%20stroke-linecap%3A%20initial%3B%20stroke-linejoin%3A%20initial%3B%20stroke-miterlimit%3A%20initial%3B%20stroke-opacity%3A%20initial%3B%20stroke-width%3A%20initial%3B%20tab-size%3A%20initial%3B%20table-layout%3A%20initial%3B%20text-align%3A%20initial%3B%20text-align-last%3A%20initial%3B%20text-anchor%3A%20initial%3B%20text-combine-upright%3A%20initial%3B%20text-decoration%3A%20initial%3B%20text-decoration-skip-ink%3A%20initial%3B%20text-indent%3A%20initial%3B%20text-overflow%3A%20initial%3B%20text-shadow%3A%20initial%3B%20text-size-adjust%3A%20initial%3B%20text-transform%3A%20initial%3B%20text-underline-offset%3A%20initial%3B%20text-underline-position%3A%20initial%3B%20touch-action%3A%20initial%3B%20transform%3A%20initial%3B%20transform-box%3A%20initial%3B%20transform-origin%3A%20initial%3B%20transform-style%3A%20initial%3B%20transition%3A%20initial%3B%20user-select%3A%20initial%3B%20vector-effect%3A%20initial%3B%20vertical-align%3A%20initial%3B%20visibility%3A%20initial%3B%20-webkit-app-region%3A%20initial%3B%20border-spacing%3A%20initial%3B%20-webkit-border-image%3A%20initial%3B%20-webkit-box-align%3A%20initial%3B%20-webkit-box-decoration-break%3A%20initial%3B%20-webkit-box-direction%3A%20initial%3B%20-webkit-box-flex%3A%20initial%3B%20-webkit-box-ordinal-group%3A%20initial%3B%20-webkit-box-orient%3A%20initial%3B%20-webkit-box-pack%3A%20initial%3B%20-webkit-box-reflect%3A%20initial%3B%20-webkit-highlight%3A%20initial%3B%20-webkit-hyphenate-character%3A%20initial%3B%20-webkit-line-break%3A%20initial%3B%20-webkit-line-clamp%3A%20initial%3B%20-webkit-mask-box-image%3A%20initial%3B%20-webkit-mask%3A%20initial%3B%20-webkit-mask-composite%3A%20initial%3B%20-webkit-perspective-origin-x%3A%20initial%3B%20-webkit-perspective-origin-y%3A%20initial%3B%20-webkit-print-color-adjust%3A%20initial%3B%20-webkit-rtl-ordering%3A%20initial%3B%20-webkit-ruby-position%3A%20initial%3B%20-webkit-tap-highlight-color%3A%20initial%3B%20-webkit-text-combine%3A%20initial%3B%20-webkit-text-decorations-in-effect%3A%20initial%3B%20-webkit-text-emphasis%3A%20initial%3B%20-webkit-text-emphasis-position%3A%20initial%3B%20-webkit-text-fill-color%3A%20initial%3B%20-webkit-text-security%3A%20initial%3B%20-webkit-text-stroke%3A%20initial%3B%20-webkit-transform-origin-x%3A%20initial%3B%20-webkit-transform-origin-y%3A%20initial%3B%20-webkit-transform-origin-z%3A%20initial%3B%20-webkit-user-drag%3A%20initial%3B%20-webkit-user-modify%3A%20initial%3B%20white-space%3A%20initial%3B%20widows%3A%20initial%3B%20width%3A%20initial%3B%20will-change%3A%20initial%3B%20word-break%3A%20initial%3B%20word-spacing%3A%20initial%3B%20x%3A%20initial%3B%20y%3A%20initial%3B%20z-index%3A%20initial%3B%22%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2226705%22%20slang%3D%22en-US%22%3E%3CP%20style%3D%22margin%3A%200in%3B%22%3EAs%20we%20continue%20our%20powerful%20momentum%20in%20securing%20Linux%20platforms%2C%20we%20are%20excited%20to%20announce%20the%20public%20preview%20of%20Microsoft%20Defender%20for%20Endpoint%20on%20Linux%20antivirus%20behavior%20monitoring%20and%20blocking!%3C%2FP%3E%0A%3CP%20style%3D%22margin%3A%200in%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22portal-alert_cropped.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F266542iC0DDA7F88E53729F%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22portal-alert_cropped.png%22%20alt%3D%22portal-alert_cropped.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2226705%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ELinux%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2235598%22%20slang%3D%22en-US%22%3ERe%3A%20Enhancing%20Linux%20antivirus%20with%20behavior%20monitoring%20capabilities!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2235598%22%20slang%3D%22en-US%22%3E%3CP%3EDo%20these%20features%20extend%20coverage%20to%20Windows%20Subsystem%20for%20Linux%20(WSL)%20as%20well%20on%20a%20Windows%2010%20endpoint%20registered%20with%20Defender%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2238523%22%20slang%3D%22en-US%22%3ERe%3A%20Enhancing%20Linux%20antivirus%20with%20behavior%20monitoring%20capabilities!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2238523%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F465276%22%20target%3D%22_blank%22%3E%40mdgary%3C%2FA%3E%26nbsp%3B%2C%20these%20new%20capabilities%20do%20not%20currently%20apply%20to%20WSL%20scenario.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2239470%22%20slang%3D%22en-US%22%3ERe%3A%20Enhancing%20Linux%20antivirus%20with%20behavior%20monitoring%20capabilities!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2239470%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20any%20plan%20to%20test%20capability%20of%20this%20Anti-Malware%20through%20independence%20Anti-Malware%20testers%20like%20AV-Comparatives%20or%20AV-Test%3F%20There%20are%20positive%20result%20for%20Microsoft%20Defender%20on%20Windows%20but%20I%20am%20wondering%20how%20well%20it%20will%20be%20performed%20in%20the%20Linux.%20Result%20for%20the%20MacOS%20would%20be%20nice%20too.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2246124%22%20slang%3D%22en-US%22%3ERe%3A%20Enhancing%20Linux%20antivirus%20with%20behavior%20monitoring%20capabilities!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2246124%22%20slang%3D%22en-US%22%3E%3CP%3EMay%20I%20know%20if%20other%20features%20like%20%22software%20inventory%22%2C%22discovered%20vulnerabilities%22%20are%20on%20the%20roadmap%3F%20When%20will%20them%20be%20available%3F%3C%2FP%3E%3CP%3EThe%20%22discovered%20vulnerabilities%22%20feature%20is%20CRITICAL%20and%20we%20hope%20it%20could%20be%20available%20soon%20on%20linux%20platform.%20thanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎Mar 29 2021 10:13 AM
Updated by: