cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MDATP on Linux behave differently with different browsers

jstibila
Copper Contributor

‎Sep 18 2023 07:33 AM

‎Sep 18 2023 07:33 AM

MDATP on Linux behave differently with different browsers

Hi,
I'm currently testing MS Defender as a possible replacement for currently used ESET as it has broader Linux support.

During my testing I stumbled upon inconsistent behavior. I'm running Ubuntu 22.04 with MDATP from production repo.

 

When I download eicar, I get different results based on browser I used:

wget - file is detected and quarantined without any problems. Incident is reported.

vivaldi - file is detected, but not quarantined. Log says it's not found (most likely, because between threat detection and attempt to quarantine, vivaldi moved file to Downloads folder):

Id: "3bc1571b-45c8-4d3c-a332-92036f179765"
Name: Virus:DOS/EICAR_Test_File
Type: "virus"
Detection time: Mon Sep 18 16:14:10 2023
Status: "not_found"
Path: "/tmp/..com.vivaldi.Vivaldi.pYmfLu"
File properties are not available

firefox - file is not detected, nor quarantined. Nothing is reported.

chromium - file is not detected, nor quarantined. Nothing is reported.

 

Why is it, that every browser acts differently? And most importantly, why is it, that when eicar is downloaded with firefox or chromium, MS Defender is unable to detect anything?

56 Views
0 Likes
0 Replies
Reply
0 Replies