From 2dd3f334fbc7f1c88db26070e4ccb44c520a4ec7 Mon Sep 17 00:00:00 2001 From: Andrew Hills Date: Sat, 22 Feb 2025 19:16:34 +0000 Subject: [PATCH] Update microsoft-defender-endpoint-linux.md - Fix formatting of Important alert box. - Fix missing space in External Package Dependency section. - Change formatting of path to wdavdaemon. --- .../microsoft-defender-endpoint-linux.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/defender-endpoint/microsoft-defender-endpoint-linux.md b/defender-endpoint/microsoft-defender-endpoint-linux.md index 61d34124cb..00c3379ade 100644 --- a/defender-endpoint/microsoft-defender-endpoint-linux.md +++ b/defender-endpoint/microsoft-defender-endpoint-linux.md @@ -103,18 +103,18 @@ Microsoft Defender for Endpoint for Linux includes anti-malware and endpoint det - Oracle Linux 9.x ARM64 - SUSE Linux Enterprise Server 15 (SP5, SP6) ARM64 - - > [!IMPORTANT] + + > [!IMPORTANT] > Support for Microsoft Defender for Endpoint on Linux for ARM64-based Linux devices is now in preview. For more information, see [Microsoft Defender for Endpoint on Linux for ARM64-based devices (preview)](mde-linux-arm.md). - > [!NOTE] + > [!NOTE] > The workstation versions of these distributions are unsupported. > Distributions and versions that aren't explicitly listed are unsupported (even if they're derived from the officially supported distributions). > After a new package version is released, support for the previous two versions is reduced to technical support only. Versions older than that which are listed in this section are provided for technical upgrade support only. > Currently, Rocky and Alma distributions aren't supported in Microsoft Defender Vulnerability Management. > Microsoft Defender for Endpoint for all other supported distributions and versions is kernel-version agnostic. The minimal requirement for the kernel version to be `3.10.0-327` or later. - > [!CAUTION] + > [!CAUTION] > Running Defender for Endpoint on Linux side by side with other `fanotify`-based security solutions isn't supported. It can lead to unpredictable results, including hanging the operating system. If there are any other applications on the system that use `fanotify` in blocking mode, applications are listed in the `conflicting_applications` field of the `mdatp health` command output. The Linux **FAPolicyD** feature uses `fanotify` in blocking mode, and is therefore unsupported when running Defender for Endpoint in active mode. You can still safely take advantage of Defender for Endpoint on Linux EDR functionality after configuring the antivirus functionality Real Time Protection Enabled to [Passive mode](linux-preferences.md#enforcement-level-for-antivirus-engine). - List of supported filesystems for RTP, Quick, Full, and Custom Scan. @@ -146,7 +146,7 @@ Microsoft Defender for Endpoint for Linux includes anti-malware and endpoint det > If eBPF isn't supported on your machines, or if there are specific requirements to remain on Auditd, and your machines are using Defender for Endpoint on Linux version `101.24072.0001` or lower, then Audit framework (`auditd`) must be enabled on your system. > If you're using Auditd, then system events captured by rules added to `/etc/audit/rules.d/` adds to `audit.log`(s) and might affect host auditing and upstream collection. Events added by Microsoft Defender for Endpoint on Linux are tagged with the `mdatp` key. -- /opt/microsoft/mdatp/sbin/wdavdaemon requires executable permission. For more information, see "Ensure that the daemon has executable permission" in [Troubleshoot installation issues for Microsoft Defender for Endpoint on Linux](linux-support-install.md). +- `/opt/microsoft/mdatp/sbin/wdavdaemon` requires executable permission. For more information, see "Ensure that the daemon has executable permission" in [Troubleshoot installation issues for Microsoft Defender for Endpoint on Linux](linux-support-install.md). ### Installation instructions @@ -182,7 +182,7 @@ If the Microsoft Defender for Endpoint installation fails due to missing depende > - For DEBIAN, the mdatp package requires `auditd`. > - For Mariner, the mdatp package requires `audit`. -The`mde-netfilter` package also has the following package dependencies: +The `mde-netfilter` package also has the following package dependencies: - For DEBIAN, the mde-netfilter package requires `libnetfilter-queue1`, and `libglib2.0-0` - For RPM, the mde-netfilter package requires `libmnl`, `libnfnetlink`, `libnetfilter_queue`, and `glib2`