Skip to content

Commit 0f271db

Browse files
denisebmsftdenisebmsft
committed
Update switch-to-mde-phase-2.md
1 parent 3fd5ffe commit 0f271db

File tree

1 file changed

+10
-10
lines changed

1 file changed

+10
-10
lines changed

defender-endpoint/switch-to-mde-phase-2.md

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -106,16 +106,16 @@ For macOS devices, the following table lists processes to exclude in your non-Mi
106106

107107
For Linux servers, the following table lists processes to exclude in your non-Microsoft antivirus/antimalware solution:
108108

109-
| Process | Location | Purpose |
110-
|---|---|---|
111-
| `wdavdaemon` | `/opt/microsoft/mdatp/sbin/` | Core daemon (service). Uses FANotify for both antimalware and EDR purposes (TALPA on older RHEL). |
112-
| `wdavdaemon enterprise` | `/opt/microsoft/mdatp/sbin/` | EDR engine. Used for enrichment, also leverages auditd on most Linux platforms. |
113-
| `wdavdaemon unprivileged` | `/opt/microsoft/mdatp/sbin/` | Antivirus engine |
114-
| `mdatp_audisp_plugin` | `/opt/microsoft/mdatp/sbin/` | Auditd log ingestion |
115-
| `crashpad_handler` | `/opt/microsoft/mdatp/sbin/` | Collects crash dumps |
116-
| `mdatp` | `/opt/microsoft/mdatp/sbin/Wdavdaemonclient` | Command line utility |
117-
| `telemetryd_v2` | `/opt/microsoft/mdatp/sbin/` | Telemetry daemon for EDR |
118-
| `mde_netfilter` | `/opt/microsoft/mde_netfilter/sbin` | Packet filter for Network protection, also used for response capabilities |
109+
| Process | Location |
110+
|---|---|
111+
| `wdavdaemon`<br/>Core daemon (service). Uses FANotify for both antimalware and EDR purposes (TALPA on older RHEL). | `/opt/microsoft/mdatp/sbin/` |
112+
| `wdavdaemon enterprise`<br/>EDR engine. Used for enrichment, also leverages auditd on most Linux platforms. | `/opt/microsoft/mdatp/sbin/` |
113+
| `wdavdaemon unprivileged`<br/> Antivirus engine | `/opt/microsoft/mdatp/sbin/` |
114+
| `mdatp_audisp_plugin`<br/>Auditd log ingestion | `/opt/microsoft/mdatp/sbin/` |
115+
| `crashpad_handler`<br/>Collects crash dumps | `/opt/microsoft/mdatp/sbin/` |
116+
| `mdatp` <br/>Command line utility| `/opt/microsoft/mdatp/sbin/Wdavdaemonclient` |
117+
| `telemetryd_v2`<br/>Telemetry daemon for EDR | `/opt/microsoft/mdatp/sbin/` |
118+
| `mde_netfilter` <br/>Packet filter for Network protection, also used for response capabilities | `/opt/microsoft/mde_netfilter/sbin` |
119119

120120
---
121121

0 commit comments

Comments
 (0)