Update run-analyzer-macos-linux.md

denisebmsft · denisebmsft · commit ef5cacc69d0b · 2025-01-05T08:49:39.000-08:00
diff --git a/defender-endpoint/run-analyzer-macos-linux.md b/defender-endpoint/run-analyzer-macos-linux.md
@@ -258,11 +258,11 @@ The files generated when using this mode are summarized in the following table:
 | ------------- | ------------- |
 | `mde_diagnostic.zip`  | Defender for Endpoint logs and configs  |
 | `health.txt`  | The health status of Defender for Endpoint [^1]  |
-| `health_details_features.txt`  | The health status of additional MDE features [^1]   |
-| `permissions.txt`  | Permission issues with the folders owned/used by MDE [^1]   |
-| `crashes`  | Crash dumps generated by MDE |
+| `health_details_features.txt`  | The health status of additional Defender for Endpoint features [^1]   |
+| `permissions.txt`  | Permission issues with the folders owned/used by Defender for Endpoint [^1]   |
+| `crashes`  | Crash dumps generated by Defender for Endpoint |
 | `process_information.txt`  | Process running in the machine when the tool was run |
-| `proc_directory_info.txt`  | Mapping of the virtual memory of MDE processes [^1]   |
+| `proc_directory_info.txt`  | Mapping of the virtual memory of Defender for Endpoint processes [^1]   |
 | `auditd_info.txt`  | Auditd health, rules, logs |
 | `auditd_log_analysis.txt`  | Summary of events processed by auditd  |
 | `auditd_logs.zip`  | Auditd log files  |
@@ -273,55 +273,55 @@ The files generated when using this mode are summarized in the following table:
 | `ebpf_maps_info.txt`  | eBPF maps' id and size info  |
 | `syslog.zip`  | The files usder /var/log/syslog  |
 | `messages.zip`  | The files under /var/log/messages  |
-| `conflicting_processes_information.txt`  | MDE Conflicting Processes |
+| `conflicting_processes_information.txt`  | Defender for Endpoint Conflicting Processes |
 | `exclusions.txt`  | List of AV exclusions |
 | `definitions.txt`  | AV defintion info  |
-| `mde_directories.txt` | List of files in the MDE directories |
+| `mde_directories.txt` | List of files in the Defender for Endpoint directories |
 | `disk_usage.txt`  | Disk usage details |
-| `mde_user.txt` | MDE User Info |
-| `mde_definitions_mount.txt` |  MDE Definitions Mount Point |
-| `service_status.txt` | MDE Service Status |
-| `service_file.txt` | MDE Service File |
+| `mde_user.txt` | Defender for Endpoint User Info |
+| `mde_definitions_mount.txt` |  Defender for Endpoint Definitions Mount Point |
+| `service_status.txt` | Defender for Endpoint Service Status |
+| `service_file.txt` | Defender for Endpoint Service File |
 | `hardware_info.txt` | Hardware Information |
 | `mount.txt` | Mount point information |
 | `uname.txt` | Kernel info |
 | `memory.txt` | System memory info |
 | `meminfo.txt` | Detailed information about the system's memory usage |
 | `cpuinfo.txt` | CPU Information |
 | `lsns_info.txt` | Linux namespace information |
-| `lsof.txt` | MDE Open File Descriptors Information [^1]  |
-| `sestatus.txt` | MDE Open File Descriptors Information |
+| `lsof.txt` | Defender for Endpoint Open File Descriptors Information [^1]  |
+| `sestatus.txt` | Defender for Endpoint Open File Descriptors Information |
 | `lsmod.txt` | Status of modules in the Linux kernel |
 | `dmesg.txt` | Messages from the kernel ring buffer |
 | `kernel_lockdown.txt` | kernel lockdown Info |
-| `rtp_statistics.txt` | MDE Real Time Protection(RTP) statistics [^1]   |
+| `rtp_statistics.txt` | Defender for Endpoint Real Time Protection(RTP) statistics [^1]   |
 | `libc_info.txt` | libc library information |
 | `uptime_info.txt` | Time since last restart |
 | `last_info.txt` | Listing of last logged in users |
 | `locale_info.txt` | Show current locale |
 | `tmp_files_owned_by_mdatp.txt` | /tmp files owned by group:mdatp [^1]  |
-| `mdatp_config.txt` | All the MDE configurations [^1]  |
+| `mdatp_config.txt` | All the Defender for Endpoint configurations [^1]  |
 | `mpenginedb.db`, `mpenginedb.db-wal`, `mpenginedb.db-shm` | AV definations file [^1]  |
 | `iptables_rules.txt` | Linux iptables rules |
 | `network_info.txt` | Network information |
 | `sysctl_info.txt` | kernel settings info |
 | `hostname_diagnostics.txt` | Hostname diagnostics information |
-| `mde_event_statistics.txt` | MDE Event statistics [^1]  |
-| `mde_ebpf_statistics.txt` | MDE eBPF statistics [^1]  |
+| `mde_event_statistics.txt` | Defender for Endpoint Event statistics [^1]  |
+| `mde_ebpf_statistics.txt` | Defender for Endpoint eBPF statistics [^1]  |
 | `kernel_logs.zip` | Kernel logs |
 | `mdc_log.zip` | Microsoft Defender for Cloud logs |
 | `netext_config.txt` |  |
-| `threat_list.txt` | List of threats detected by MDE [^1]  |
+| `threat_list.txt` | List of threats detected by Defender for Endpoint [^1]  |
 | `top_output.txt `| Process running in the machine when the tool was run |
 | `top_summary.txt` | Memeory and CPU usage analytics of the process running |
 
-[^1]: Only when MDE is installed.
+[^1]: Only when Defender for Endpoint is installed.
 
 ### Positional arguments
 
 #### Collect performance info
 
-Collect extensive machine performance tracing of MDE processes for analysis of a performance scenario that can be reproduced on demand.
+Collect extensive machine performance tracing of Defender for Endpoint processes for analysis of a performance scenario that can be reproduced on demand.
 
 ```console
 -h, --help            show this help message and exit
@@ -333,9 +333,11 @@ Collect extensive machine performance tracing of MDE processes for analysis of a
 Usage example: `sudo ./MDESupportTool performance --frequency 500`
 
 The files generated when using this mode:
+
 | File  | Remarks |
-| ------------- | ------------- |
-| perf_benchmark.tar.gz  | MDE processes performance data  |
+| ------ | ------ |
+| `perf_benchmark.tar.gz`  | Defender for Endpoint processes performance data  |
+
 > [!NOTE]
 > The files corresponding to diagnostic mode will also be generated.
 
@@ -345,37 +347,43 @@ The data file can be read using the command:
 `perf report -i <pid>.data`
 
 #### Run connectivity test
-This modes test if the cloud resources needed by MDE is reachable or not.
+This modes test if the cloud resources needed by Defender for Endpoint is reachable or not.
 
 ```console
+
   -h, --help            show this help message and exit
   -o ONBOARDING_SCRIPT, --onboarding-script ONBOARDING_SCRIPT
                         Path to onboarding script
   -g GEO, --geo GEO     Geo string to test <US|UK|EU|AU|CH|IN>
+
 ```
+
 Usage example: `sudo ./MDESupportTool connectivitytest -o ~/MicrosoftDefenderATPOnboardingLinuxServer.py`
 
 The result will be printed in the screen.
 
 
 #### Collect different installation/onboarding reports
+
 This mode collects installation related info like disto info, system requirements, etc.
 
 ```console
+
   -h, --help    show this help message and exit
   -d, --distro  Check for distro support
   -a, --all     Run all checks
+
 ```
 
 Usage example: `sudo ./MDESupportTool installation --all`
 
-A single report `installation_report.json` will be generated. The keys in the file are as:
+A single report `installation_report.json` is generated. The keys in the file are as:
+
 | Key  | Remarks |
 | ------------- | ------------- |
-| agent_version  | Version of MDE installed  |
+| agent_version  | Version of Defender for Endpoint installed  |
 | onboarding_status | The onboarding and ring info |
 
-
 #### Use OS trace (for macOS only)
 
 Use OS tracing facilities to record Defender for Endpoint performance traces.
@@ -384,9 +392,11 @@ Use OS tracing facilities to record Defender for Endpoint performance traces.
 > This functionality exists in the Python solution only.
 
 ```console
+
 -h, --help       show this help message and exit
 --length LENGTH  Length of time to record the trace (in seconds).
 --mask MASK      Mask to select with event to trace. Defaults to all
+
 ```
 
 On running this command for the first time, it installs a Profile configuration.
@@ -403,6 +413,7 @@ Add exclusions for audit-d monitoring.
 > This functionality exists for Linux only.
 
 ```console
+
   -h, --help            show this help message and exit
   -e <executable>, --exe <executable>
                         exclude by executable name, i.e: bash
@@ -420,6 +431,7 @@ Add exclusions for audit-d monitoring.
   -o, --override        Override the existing auditd exclusion rules file for mdatp
   -c <syscall number>, --syscall <syscall number>
                         exclude all process of the given syscall
+
 ```
 
 Usage example: `sudo ./MDESupportTool exclude -d /var/foo/bar`
@@ -432,8 +444,10 @@ Syntax that can be used to limit the number of events being reported by the audi
 > This functionality exists for Linux only.
 
 ```console
+
 -h, --help                                  show this help message and exit
 -e <true/false>, --enable <true/false>      enable/disable the rate limit with default values
+
 ```
 
 Usage example: `sudo ./mde_support_tool.sh ratelimit -e true`
@@ -449,8 +463,10 @@ This option enables you to skip the faulty rules added in the auditd rules file
 > This functionality is only available on Linux.
 
 ```console
+
 -h, --help                                  show this help message and exit
 -e <true/false>, --enable <true/false>      enable/disable the option to skip the faulty rules. In case no argumanet is passed, the option will be true by default.
+
 ```
 
 Usage example: `sudo ./mde_support_tool.sh skipfaultyrules -e true`
