You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/mde-plugin-wsl.md
+19-15Lines changed: 19 additions & 15 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,6 +11,8 @@ ms.localizationpriority: medium
11
11
ms.collection:
12
12
- m365-security
13
13
- tier2
14
+
ms.custom:
15
+
- partner-contribution
14
16
audience: ITPro
15
17
ms.date: 04/25/2024
16
18
search.appverid: MET150
@@ -26,13 +28,11 @@ The Windows Subsystem for Linux (WSL) 2, which replaces the previous version of
26
28
27
29
Be aware of the following before you start:
28
30
29
-
1. The plug-in doesn't yet automatically update. When a new plug-in version is released, the new MSI package needs to be applied to perform the update. You can apply the new package by using any tool that deploys software. Updates are coming soon through Microsoft Update. If preferred, you can continue to use the MSI package method.
31
+
1. The plug-in does not currently support automatic updates. When a new version is released, a new MSI package needs to be applied to perform the update. This can be done through any of the software deployment tools. Updates will come through Microsoft updates.
30
32
31
33
2. As it takes a few minutes for the plug-in to fully instantiate and up to 30 minutes for a WSL2 instance to onboard itself, short-lived WSL container instances might result in the WSL2 instance not showing up in the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)). Once a (any) distribution has been running long enough (at least 30 minutes), it does show up.
32
34
33
-
3. If you're using a proxy in your (test) environment, make sure that the plug-in is set up to use it correctly. WSL is typically not automatically configured to use a proxy. For more information, see the section, [Setting a proxy for Defender running in WSL](#setting-a-proxy-for-defender-running-in-wsl).
34
-
35
-
4. The use of a custom kernel in combination with the plug-in isn't supported. When you attempt to launch WSL with the plugin installed, you'll encounter the error *A fatal error was returned by plugin 'DefenderforEndpointPlug-in'. Error message: 'Custom Kernel/Configuration not supported.'*.
35
+
3. The use of a custom kernel in combination with the plug-in isn't supported. When you attempt to launch WSL with the plugin installed, you'll encounter the error *A fatal error was returned by plugin 'DefenderforEndpointPlug-in'. Error message: 'Custom Kernel/Configuration not supported.'*.
36
36
37
37
## Software prerequisites
38
38
@@ -42,7 +42,7 @@ Be aware of the following before you start:
42
42
43
43
- Defender for Endpoint must be onboarded and running on the Windows host OS.
44
44
45
-
- The host OS must be running Windows 10, version 2004 and higher (build 19044 and higher) or Windows 11 to support the Windows Subsystem for Linux versions that can work with the plug-in.
45
+
- The host OS must be running Windows 10 Client, version 2004 and higher (build 19044 and higher) or Windows 11 Client to support the Windows Subsystem for Linux versions that can work with the plug-in.
46
46
47
47
## Software components and installer file names
48
48
@@ -68,19 +68,20 @@ If your Windows Subsystem for Linux isn't installed yet, follow these steps:
68
68
69
69
2. Run the command `wsl -–install`.
70
70
71
-
### Confirm WSL is installed and running
71
+
### 1. Confirm WSL is installed and running
72
+
73
+
1. Using Terminal or Command Prompt, run `wsl –update` to make sure you have the latest version.
72
74
73
-
1. Using Terminal or Command Prompt, run`wsl –update`to make sure you have the latest version.
75
+
2. Run the`wsl` command to ensure WSL is running before testing.
74
76
75
-
2. Run the `wsl` command to ensure WSL is running before testing.
77
+
### 2. Install the plug-in
76
78
77
-
### Install the plug-in
78
79
79
-
After WSL is running and fully up to date, follow these steps to install the plug-in:
80
+
After WSL is running and fully up to date, follow these steps to install the plug-in:
80
81
81
-
1. Install the MSI file downloaded from the onboarding section in the Microsoft Defender portal (**Settings** > **Endpoints** > **Onboarding** > **Windows Subsystem for Linux 2 (plug-in)**.)
82
+
1. Install the MSI file downloaded from the onboarding section in the Microsoft Defender portal (**Settings** > **Endpoints** > **Onboarding** > **Windows Subsystem for Linux 2 (plug-in)**.)
82
83
83
-
2. Open a command prompt/terminal and run `wsl`.
84
+
2. Open a command prompt/terminal and run `wsl`.
84
85
85
86
You can [deploy the package using Microsoft Intune](/mem/intune/apps/lob-apps-windows).
86
87
@@ -108,11 +109,11 @@ After WSL is running and fully up to date, follow these steps to install the plu
108
109
109
110
This section describes how to configure proxy connectivity for the Defender for Endpoint plug-in. If your enterprise uses a proxy to provide connectivity to Defender for Endpoint running on the Windows host, continue reading to determine whether you need to configure it for the plug-in.
110
111
111
-
Reuse the Defender for Endpoint static proxy setting (`TelemetryProxyServer`).
112
+
If you want to use the host [windows EDR telemetry proxy](configure-proxy-internet.md) configuration for MDE for the WSL plug-in, nothing more is required. This configuration is adopted by the plug-in automatically.
112
113
113
-
If you want to use the host [static proxy](configure-proxy-internet.md) configuration for MDE for the WSL plug-in, nothing more is required. This configuration is adopted by the plug-in automatically.
114
+
If you want to use the host [winhttp proxy](/defender-endpoint/configure-proxy-internet#configure-the-proxy-server-manually-using-netsh-command) configuration for MDE for WSL plug-in, nothing more is required. This configuration is adopted by the plug-in automatically.
114
115
115
-
If you want to use the host network and network proxy setting for MDE for WSL plug-in, nothing more is required. This configuration is adopted by the plug-in automatically.
116
+
If you want to use the host [network and network proxy setting](https://support.microsoft.com/windows/use-a-proxy-server-in-windows-03096c53-0554-4ffe-b6ab-8b1deee8dae1#ID0EFD=Windows_11&preserve-view=true) for MDE for WSL plug-in, nothing more is required. This configuration is adopted by the plug-in automatically.
116
117
117
118
## Plug-in Proxy selection
118
119
@@ -126,6 +127,9 @@ If your host machine contains multiple proxy settings, the plug-in selects the p
126
127
127
128
Example: If your host machine has both *Winhttp proxy* and *Network & Internet proxy*, the plug-in selects `Winhttp proxy` as the proxy configuration.
128
129
130
+
> [!NOTE]
131
+
> The `DefenderProxyServer` registry key is no longer supported. Follow the above mentioned steps to configure proxy in plug-in.
132
+
129
133
## Connectivity test for Defender running in WSL
130
134
131
135
The following procedure describes how to confirm that Defender in Endpoint in WSL has internet connectivity.
0 commit comments