Shulou(Shulou.com)06/01 Report--

This article is to share with you about what protection Microsoft has added to Linux servers. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

A public preview of Microsoft's server-based Linux protection plan now provides improved endpoint detection and response capabilities.

I know it's hard for some of you to accept, but Microsoft has been supporting Linux lately. One example is that as early as June, Microsoft released Microsoft Defender Advanced Threat Protection (ATP) for Linux for ordinary users. Now, Microsoft has improved the Linux version of Microsoft Defender, and the public preview version has added endpoint detection and response (EDR) capabilities.

This is not a version of Microsoft Defender that you can run on a separate Linux desktop. Its main job is still to protect Linux servers from server and network threats. If you want to protect your stand-alone desktop, you can use programs such as ClamAV or Sophos Antivirus for Linux.

But for businesses, because people who work from home now use their Mac and Windows PC in a variety of places, this is another requirement. Although based on Linux server, you can use it to protect PC running macOS, Windows 8.1 and Windows 10.

With these new EDR features, Linux Defender users can detect advanced attacks involving Linux servers, leverage a wealth of experience, and quickly remedy threats. This is developed on the basis of existing preventive antivirus capabilities and centralized reports provided through the Microsoft Defender Security Center.

Specifically, it includes:

Rich investigative experience, including machine timelines, process creation, file creation, network connections, login events, and advanced hunting.

Performance-enhanced CPU utilization is optimized in the compilation process and in large software deployments.

Contextual antivirus detection. Just like the Windows version, you can learn more about the source of the threat and how malicious processes or activities are created.

To run the updated program, you need one of the following Linux servers: RHEL 7.2 +, CentOS Linux 7.2 +, Ubuntu 16.04 or later LTS, SLES 12 +, Debian or later, or Oracle Linux 7.2.

Next, to try these public preview features, you need to turn on the preview function in the Microsoft Defender Security Center. Before you do this, make sure you are running version 101.12.99 or later. You can find out which version you are running with the command:

Mdatp health

Under no circumstances should you switch all servers running Microsoft Defender for Endpoint on Linux to preview mode. Instead, Microsoft recommends that you configure only part of the Linux server in preview mode and use the following command to switch:

$sudo mdatp edr early-preview enable

After doing this, if you feel brave and want to see for yourself whether it works, Microsoft offers a way to run simulated attacks. To do this, follow these steps to simulate the test on your Linux server and investigate the situation:

Verify that the Linux server that is present is present in the Microsoft Defender Security Center. If this is the first time the machine is online, it may take up to 20 minutes to appear.

Download and extract the script file from aka.ms/LinuxDIY to the existing Linux server and run the following command:. / mde_linux_edr_diy.sh.

In a few minutes, an alarm should be issued at the Microsoft Defender Security Center.

View alert details, machine timeline, and perform typical investigation steps.

Thank you for reading! This is the end of the article on "what protection Microsoft added to the Linux server". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.