MDATP on Linux behave differently with different browsers

Copper Contributor

I'm currently testing MS Defender as a possible replacement for currently used ESET as it has broader Linux support.

During my testing I stumbled upon inconsistent behavior. I'm running Ubuntu 22.04 with MDATP from production repo.


When I download eicar, I get different results based on browser I used:

wget - file is detected and quarantined without any problems. Incident is reported.

vivaldi - file is detected, but not quarantined. Log says it's not found (most likely, because between threat detection and attempt to quarantine, vivaldi moved file to Downloads folder):

Id: "3bc1571b-45c8-4d3c-a332-92036f179765"
Name: Virus:DOS/EICAR_Test_File
Type: "virus"
Detection time: Mon Sep 18 16:14:10 2023
Status: "not_found"
Path: "/tmp/"
File properties are not available

firefox - file is not detected, nor quarantined. Nothing is reported.

chromium - file is not detected, nor quarantined. Nothing is reported.


Why is it, that every browser acts differently? And most importantly, why is it, that when eicar is downloaded with firefox or chromium, MS Defender is unable to detect anything?

0 Replies