You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/mde-linux-prerequisites.md
+6-8Lines changed: 6 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,7 +15,7 @@ ms.collection:
15
15
ms.topic: conceptual
16
16
ms.subservice: linux
17
17
search.appverid: met150
18
-
ms.date: 08/11/2025
18
+
ms.date: 08/19/2025
19
19
---
20
20
21
21
# Prerequisites for Microsoft Defender for Endpoint on Linux
@@ -72,13 +72,10 @@ For detailed licensing information, see [Product Terms: Microsoft Defender for E
72
72
The following Linux server distributions and x64 (AMD64/EM64T) versions are supported:
73
73
74
74
- Red Hat Enterprise Linux 7.2 and higher
75
-
76
75
- Red Hat Enterprise Linux 8.x
77
76
- Red Hat Enterprise Linux 9.x
78
77
- CentOS 7.2 and higher, excluding CentOS Stream
79
-
80
78
- CentOS 8.x
81
-
82
79
- Ubuntu 16.04 LTS
83
80
- Ubuntu 18.04 LTS
84
81
- Ubuntu 20.04 LTS
@@ -88,7 +85,6 @@ The following Linux server distributions and x64 (AMD64/EM64T) versions are supp
88
85
- SUSE Linux Enterprise Server 12.x
89
86
- SUSE Linux Enterprise Server 15.x
90
87
- Oracle Linux 7.2 and higher
91
-
92
88
- Oracle Linux 8.x
93
89
- Oracle Linux 9.x
94
90
- Amazon Linux 2
@@ -121,9 +117,11 @@ The following Linux server distributions and x64 (AMD64/EM64T) versions are supp
121
117
> Microsoft Defender for Endpoint is kernel-version agnostic for all other supported distributions and versions. The minimal requirement for the kernel version is `3.10.0-327` or later.
122
118
123
119
> [!WARNING]
124
-
> Running Defender for Endpoint on Linux with other fanotify-based security solutions isn't supported. It can lead to unpredictable results, including hanging the operating system.
125
-
> If there are any other applications on the system that use fanotify in blocking mode, applications are listed in the conflicting_applications field of the mdatp health command output.
126
-
> The Linux FAPolicyD feature uses fanotify in blocking mode, and is therefore unsupported when running Defender for Endpoint in active mode. You can still safely take advantage of Defender for Endpoint on Linux EDR functionality after configuring the antivirus functionality Real Time Protection Enabled to passive mode. See [Enforcement level for Microsoft Defender Antivirus](/defender-endpoint/linux-preferences#enforcement-level-for-microsoft-defender-antivirus).
120
+
> Running Defender for Endpoint on Linux alongside other fanotify-based security solutions is not supported and may lead to unpredictable behavior, including system hangs.
121
+
> If any applications use fanotify in blocking mode, they will appear in the conflicting_applications field of the mdatp health command output.
122
+
> You can still safely take advantage of Defender for Endpoint on Linux EDR functionality by setting antivirus enforcement level to passive. See [Configure security settings in Microsoft Defender for Endpoint on Linux](/defender-endpoint/linux-preferences).
123
+
>
124
+
> **EXCEPTION: The Linux `FAPolicyD` feature, which also uses Fanotify in blocking mode, is supported with Defender for Endpoint on RHEL and Fedora platforms, provided that mdatp health reports a healthy status. This exception is based on validated compatibility specific to these distributions.**
127
125
128
126
## Supported filesystems for real-time protection and quick, full, and custom scans
0 commit comments