Merge pull request #5661 from MicrosoftDocs/main

Ruchika-mittal01 · web-flow · commit 556238897ed6 · 2025-11-19T04:09:46.000+05:30
[AutoPublish] main to live - 11/18 13:29 PST | 11/19 02:59 IST
diff --git a/defender-endpoint/linux-install-with-defender-deployment-tool.md b/defender-endpoint/linux-install-with-defender-deployment-tool.md
@@ -67,19 +67,19 @@ The Defender deployment tool enforces the following set of prerequisites checks,
 
    ```console
    Archive: WindowsDefenderATPOnboardingPackage.zip
-   inflating: defender-deployment-tool.sh
+   inflating: defender_deployment_tool.sh
    ```
 
 1. Grant executable permissions to the script.
 
    ```bash
-   chmod +x defender-deployment-tool.sh
+   chmod +x defender_deployment_tool.sh
    ```
 
 1. Run the script using the following command to install and onboard Microsoft Defender for Endpoint on your endpoint.
 
    ```bash
-   sudo bash defender-deployment-tool.sh
+   sudo bash defender_deployment_tool.sh
    ```
 
    This command installs the latest agent version from the production channel and onboards the device to Defender portal. It might take 5-20 minutes for the device to show up in the [Device Inventory](https://security.microsoft.com/machines?category=all-devices).
@@ -90,7 +90,7 @@ The Defender deployment tool enforces the following set of prerequisites checks,
 1. You can further customize deployment by passing parameters to the tool based on your requirements. Use the option `--help` to see all the available options:
 
    ```bash
-    ./defender-deployment-tool.sh --help
+    ./defender_deployment_tool.sh --help
    ```
 
    :::image type="content" source="./media/linux-install-with-defender-deployment-tool/deployment-tool-help.png" alt-text="Screenshot showing the help command output." lightbox="./media/linux-install-with-defender-deployment-tool/deployment-tool-help.png":::
@@ -99,17 +99,17 @@ The following table provides examples of commands for useful scenarios.
 
 | **Scenario** | **Command** |
 |:-------------|:------------|
-| Check for unmet non-blocking prerequisites | `sudo ./defender-deployment-tool.sh --pre-req-non-blocking` |
-| Run the connectivity test | `sudo ./defender-deployment-tool.sh --connectivity-test` |
-| Deploy to a custom location | `sudo ./defender-deployment-tool.sh --install-path /usr/microsoft/` |
-| Deploy from the insider-slow channel | `sudo ./defender-deployment-tool.sh --channel insiders-slow` |
-| Deploy using a proxy | `sudo ./defender-deployment-tool.sh --http-proxy <http://username:password@proxy_host:proxy_port>` |
-| Deploy a specific agent version | `sudo ./defender-deployment-tool.sh --mdatp 101.25042.0003 --channel prod` |
-| Upgrade to a specific agent version | `sudo ./defender-deployment-tool.sh --upgrade --mdatp 101.24082.0004` |
-| Downgrade to a specific agent version | `sudo ./defender-deployment-tool.sh --downgrade --mdatp 101.24082.0004` |
-| Uninstall Defender | `sudo ./defender-deployment-tool.sh --remove` |
-| Only onboard if Defender is already installed | `sudo ./defender-deployment-tool.sh --only-onboard` |
-| Offboard Defender | `sudo ./defender-deployment-tool.sh --offboard MicrosoftDefenderATPOffboardingLinuxServer.py`<br>*(Note: The latest offboarding file can be downloaded from the Microsoft Defender portal)* |
+| Check for unmet non-blocking prerequisites | `sudo ./defender_deployment_tool.sh --pre-req-non-blocking` |
+| Run the connectivity test | `sudo ./defender_deployment_tool.sh --connectivity-test` |
+| Deploy to a custom location | `sudo ./defender_deployment_tool.sh --install-path /usr/microsoft/` |
+| Deploy from the insider-slow channel | `sudo ./defender_deployment_tool.sh --channel insiders-slow` |
+| Deploy using a proxy | `sudo ./defender_deployment_tool.sh --http-proxy <http://username:password@proxy_host:proxy_port>` |
+| Deploy a specific agent version | `sudo ./defender_deployment_tool.sh --mdatp 101.25042.0003 --channel prod` |
+| Upgrade to a specific agent version | `sudo ./defender_deployment_tool.sh --upgrade --mdatp 101.24082.0004` |
+| Downgrade to a specific agent version | `sudo ./defender_deployment_tool.sh --downgrade --mdatp 101.24082.0004` |
+| Uninstall Defender | `sudo ./defender_deployment_tool.sh --remove` |
+| Only onboard if Defender is already installed | `sudo ./defender_deployment_tool.sh --only-onboard` |
+| Offboard Defender | `sudo ./defender_deployment_tool.sh --offboard MicrosoftDefenderATPOffboardingLinuxServer.py`<br>*(Note: The latest offboarding file can be downloaded from the Microsoft Defender portal)* |
 
 ## Verify deployment status
 
@@ -173,7 +173,7 @@ The following table provides examples of commands for useful scenarios.
 If you're experiencing any connectivity issues, run this command to perform a connectivity test:
 
 ```bash
-sudo ./defender-deployment-tool.sh --connectivity-test
+sudo ./defender_deployment_tool.sh --connectivity-test
 ```
 
 This test might take some time to run as it performs checks for every URL needed by mdatp and find any issues if present. If the issue persists, refer to the troubleshooting guide.
@@ -213,19 +213,19 @@ To preview new features and provide early feedback, it's recommended that you co
 1. Remove the insiders-fast channel version of Defender for Endpoint on Linux..
 
    ```bash
-   sudo ./defender-deployment-tool.sh --remove --channel insiders-fast
+   sudo ./defender_deployment_tool.sh --remove --channel insiders-fast
    ```
 
 1. Delete the Defender for Endpoint on the Linux insiders-fast repo.
 
    ```bash
-   sudo ./defender-deployment-tool.sh --clean --channel insiders-fast
+   sudo ./defender_deployment_tool.sh --clean --channel insiders-fast
    ```
 
 1. Install Microsoft Defender for Endpoint on Linux using the production channel.
 
    ```bash
-   sudo ./defender-deployment-tool.sh --install --channel prod
+   sudo ./defender_deployment_tool.sh --install --channel prod
    ```
 
 ## Related content
diff --git a/defender-endpoint/microsoft-defender-antivirus-updates.md b/defender-endpoint/microsoft-defender-antivirus-updates.md
@@ -74,6 +74,22 @@ Updates contain:
 - Serviceability improvements
 - Integration improvements (Cloud, [Microsoft Defender XDR](/defender-xdr/microsoft-365-defender))
 
+### October-2025 (Platform: 4.18.25100.9008 | Engine: 1.1.25100.9002)
+
+- Security intelligence update version: **1.441.131.0**
+- Release date: **November 6, 2025 (Engine) / November 17, 2025 (Platform)**
+- Platform: **4.18.25100.9008**
+- Engine: **1.1.25100.9002**
+- Support phase: **Security and Critical Updates**
+
+#### What's new
+
+- **Fixed Network Inspection Service stability issue**: The service now correctly restarts when memory usage exceeds the threshold, which prevents the service from getting stuck in a faulty or pending state. 
+- **Reduced startup delay for Antimalware Service**: Improved Defender service startup time by removing its dependency on Core Service startup. This change improves overall system startup performance.
+- **Fixed crash in Defender settings on x86 devices**: Corrected an issue that caused the system to crash when applying Defender configuration settings on 32-bit machines.
+- **Fixed Defender startup issue**: The platform no longer crashes when processing invalid Attack Surface Reduction rule exclusions.
+- **Reduced system resource usage**: Defender no longer generates excessive Data Loss Prevention (DLP) logs that caused high disk activity, improving overall performance and stability.
+
 ### September-2025 (Platform: 4.18.25090.3009 | Engine: 1.1.25090.3001)
 
 - Security intelligence update version: **1.439.345.0**
