Merge pull request #4979 from MicrosoftDocs/main

[AutoPublish] main to live - 09/09 04:28 PDT | 09/09 16:58 IST

Author: m365-skilling-repo-management[bot]

defender-endpoint/event-error-codes.md

@@ -98,7 +98,6 @@ See the following table for a list of events recorded by the service.
    |51|New cloud configuration failed to apply, version: %1. Successfully applied the last known good configuration, version %2.|Received a bad configuration file from the cloud service. Last known good configuration was applied successfully.|If this error persists, contact Support.|
    |52|New cloud configuration failed to apply, version: %1. Also failed to apply last known good configuration, version %2. Successfully applied the default configuration.|Received a bad configuration file from the cloud service. Failed to apply the last known good configuration - and the default configuration was applied.|The service will attempt to download a new configuration file within 5 minutes. If you don't see event #50 - contact Support.|
    |53|Cloud configuration loaded from persistent storage, version: %1.|The configuration was loaded from persistent storage on service startup.|Normal operating notification; no action required.|
-   |54| Global (per-pattern) state changed. State: %1, pattern: %2 | If state = 0: Cyber-data reporting rule has reached its defined capping quota and doesn't send more data until the capping quota expires. If state = 1: The capping quota expired and the rule will resume sending data. | Normal operating notification; no action required. |
    |55|Failed to create the Secure ETW autologger. Failure code: %1|Failed to create the secure ETW logger.|Reboot the device. If this error persists, contact Support.|
    |56|Failed to remove the Secure ETW autologger. Failure code: %1|Failed to remove the secure ETW session on offboarding.|Contact Support.|
    |57|Capturing a snapshot of the machine for troubleshooting purposes.|An investigation package, also known as forensics package, is being collected.|Normal operating notification; no action required.|

defender-endpoint/linux-whatsnew.md

@@ -73,9 +73,8 @@ What's new
 - Defender for Endpoint on Linux now supports installation to a custom location (preview). For more information, see [Enabling deployment of Microsoft Defender for Endpoint to a custom location (preview)](/defender-endpoint/linux-custom-location-installation). Support for this feature is being added to the installer script.
 - The `mdatp threat quarantine add` command now requires superuser (root) privileges.
 - Custom definition path can now be updated without stopping Defender for Endpoint. Previously, this required stopping the service, but with this release onwards, updates to the definition path can be made dynamically, improving operational efficiency and reducing downtime.
-
-- Running Defender for Endpoint on Linux alongside Fapolicyd is now supported on RHEL and Fedora-based distributions, enabling both antivirus (real-time protection) and EDR functionality to operate without conflict. For other fanotify-based tools, Defender for Endpoint can still be used safely by setting the antivirus enforcement level to passive, helping avoid system instability.
-
+- Running Defender for Endpoint on Linux alongside Fapolicyd is now supported on RHEL and Fedora-based distributions, enabling both antivirus (real-time protection) and EDR functionality to operate without conflict. For other fanotify-based tools, MDE can still be used safely by setting the antivirus enforcement level to passive, helping avoid system instability.
+- Both the binary and Python versions of Client Analyzer are now included in the local package. There is no longer a need to download it separately, as it comes bundled by default. You can find it at the location `/opt/microsoft/mdatp/conf/client_analyzer/`.
 - Other stability enhancements and bug fixes.
 
 ### July-2025 Build: 101.25052.0007 | Release version: 30.125052.0007.0

defender-endpoint/manage-automation-file-uploads.md

@@ -52,6 +52,10 @@ For example, if you add *exe* and *bat* as file or attachment extension names, t
 
    - **File extension names** - Suspicious files except email attachments will be submitted for additional inspection
 
+> [!NOTE]
+> By default you will see several extension names are automatically filled. One of them is **_double quotes (")_**, this will include files that don't have any file extensions at all.
+
+
 ## Related topics
 
 - [Manage automation folder exclusions](manage-automation-folder-exclusions.md)