Skip to content

Commit 4a0626a

Browse files
mevasudemevasude
committed
2408 rel notes 1st draft
1 parent 8812716 commit 4a0626a

File tree

1 file changed

+22
-1
lines changed

1 file changed

+22
-1
lines changed

defender-endpoint/linux-whatsnew.md

Lines changed: 22 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ This article is updated frequently to let you know what's new in the latest rele
3434
- [What's new in Defender for Endpoint on iOS](ios-whatsnew.md)
3535

3636
> [!IMPORTANT]
37-
> Starting with version `101.2408.0000`, Microsoft defender for Endpoint for Linux no longer supports the Auditd event provider. We're transitioning completely to the more efficient eBPF technology. This change allows for better performance, reduced resource consumption, and overall improved stability. eBPF support has been available since August 2023 and is fully integrated into all updates of Defender for Endpoint on Linux (version `101.23082.0006` and later). We strongly encourage you to adopt the eBPF build, as it provides significant enhancements over Auditd. If eBPF is not supported on your machines, or if there are specific requirements to remain on Auditd, you have the following options:
37+
> Starting with version `101.2408.0004`, Microsoft defender for Endpoint for Linux no longer supports the Auditd event provider. We're transitioning completely to the more efficient eBPF technology. This change allows for better performance, reduced resource consumption, and overall improved stability. eBPF support has been available since August 2023 and is fully integrated into all updates of Defender for Endpoint on Linux (version `101.23082.0006` and later). We strongly encourage you to adopt the eBPF build, as it provides significant enhancements over Auditd. If eBPF is not supported on your machines, or if there are specific requirements to remain on Auditd, you have the following options:
3838
>
3939
> 1. Continue to use Defender for Endpoint on Linux build `101.24072.0000` with Auditd. This build will continue to be supported for several months, so you have time to plan and execute your migration to eBPF.
4040
>
@@ -44,6 +44,27 @@ This article is updated frequently to let you know what's new in the latest rele
4444
>
4545
> If you have any concerns or need assistance during this transition, contact support.
4646
47+
<details>
48+
<summary> Oct-2024 (Build: 101.24082.0004 | Release version: 30.124082.0004.0)</summary>
49+
50+
## Sept-2024 Build: 101.24082.0004 | Release version: 30.124082.0004.0
51+
52+
&ensp;Released: **October 15, 2024**<br/>
53+
&ensp;Published: **October 15, 2024**<br/>
54+
&ensp;Build: **101.24082.0004**<br/>
55+
&ensp;Release version: **30.124082.0004**<br/>
56+
&ensp;Engine version: **1.1.24080.9**<br/>
57+
&ensp;Signature version: **1.417.659.0**<br/>
58+
59+
**What's new**
60+
61+
- The supplementary event provider auditd is removed from support. We have transitioned completely to ebpf. In case of fallback of ebpf, it will switch back to netfilter as supplementary event provider. Netfilter will provide reduced functionality, tracking only process events
62+
- MDE Attach support for global exclusion settings configured on MEM portal
63+
- Stability and performance improvements
64+
- Other bug fixes
65+
66+
</details>
67+
4768
<details>
4869
<summary> Sept-2024 (Build: 101.24072.0001 | Release version: 30.124072.0001.0)</summary>
4970

0 commit comments

Comments
 (0)