While many Linux users outside of the enterprise may not understand the point of Microsoft tools on Linux, those on the inside will understand that they can be invaluable. The ability to integrate with Active Directory and much of the Microsoft ecosystem that has taken over the workplace is huge for desktop Linux, and it can make your favorite distro a more viable OS in the workplace. One of the most important parts of the enterprise is security. This tutorial shows you how to install and use Microsoft Defender on Linux to make sure your IT department can scan your machine for threats.
How to Install Microsoft Defender in Linux
In order to install Microsoft defender on Linux, the instructions differ from distro to distro. Microsoft hasn’t put their packages in the repository, so you’ll have to make sure the right dependencies are installed and add the repos.
RPM-Based Distros
You’ll need yum-utils or dnf-utils:
sudo dnf instll yum-utils
To configure the Microsoft repos, the basic syntax of the Microsoft repos is as follows:
https://packages.microsoft.com/config/[distro]/[version]/[channel].repo
You can explore this mirror to see what you’d want. I’m going to be using prod.repo for the sake of consistency, as all distros have prod.repo or prod.list available. So, for my Fedora system, that command will be the following:
sudo yum-config-manager --add-repo=https://packages.microsoft.com/config/fedora/33/prod.repo
For the CentOS system I’m using to model, the command would be the following:
sudo yum-config-manager --add-repo=https://packages.microsoft.com/config/centos/8/prod.repo
I’m using the yum command because it’s targeted at RHEL, CentOS, and Oracle Linux, but you could also use dnf. You’ll also need to import Microsoft’s GPG key using the following command:
sudo rpm --import http://packages.microsoft.com/keys/microsoft.asc
Run a quick update:
sudo yum update
After that, you should be able to just install the package. The name is mdatp, or Microsoft Defender Advanced Threat Protection.
sudo yum install mdatp
Debian/Ubuntu Systems
You’ll need a couple of additional dependencies:
sudo apt install curl libplist-utils
Then you can follow basically the same process:
curl -o microsoft.list https://packages.microsoft.com/config/ubuntu/20.04/prod.list sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-prod.list sudo apt install gpg curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add - sudo apt install apt-transport-https sudo apt update sudo apt install mdatp
Install the repo, GPG key, any dependencies, and mdatp.
Using Microsoft Defender on Linux
Running Scans
One of the main things that you probably want to do is scan your system for threats. To do that, you open the terminal and type the following command:
mdatp scan full
This will scan as many files as it has access to (in my case 329,812) and report on any threats it knows of. You can also run quick or custom scans. The custom option allows you to specify a directory or a file or to ignore any exclusions that you’ve set previously. You could run a scan like this:
mdatp scan custom --path /PATH/TO/DIRECTORY --ignore-exclusions
If you’ve set an exclusion like covered below, you could run the above scan.
Updating Signatures
To update the virus signatures on Microsoft Defender on Linux, update it just like any other package.
sudo yum update mdatp sudo apt-get upgrade mdatp
Setting Exclusions
To create exclusions so that files that are known to be good aren’t reported, you can do that a few ways. To exclude a file type, you can use a command like the following:
mdatp exclusion extension add --name .pngThis will take all .png files and put them on the exclusion list. I wouldn’t necessarily recommend this, but if you have a particular file type that you create that you know will never need to be scanned, you can use that command to do that.
To create an exclusion for a directory, you can use a very similar command:
mdatp exclusion folder add --path /PATH/TO/DIRECTORY/
Now, whatever directory you just told mdatp to exclude won’t be scanned. This is helpful if you have some security testing tools on your system, as those contain virus signatures that can trip up antivirus software.
I hope you enjoyed this guide on installing and using Microsoft Defender on Linux. If you are not keen on using Microsoft Defender on Linux, check out some other antivirus software for Linux or learn how to scan for rootkits and viruses in Linux.
Our latest tutorials delivered straight to your inbox