How to Install and Use Microsoft Defender in Linux

Defender On Linux Feature

While many Linux users outside of the enterprise may not understand the point of Microsoft tools on Linux, those on the inside will understand that they can be invaluable. The ability to integrate with Active Directory and much of the Microsoft ecosystem that has taken over the workplace is huge for desktop Linux, and it can make your favorite distro a more viable OS in the workplace. One of the most important parts of the enterprise is security. This tutorial shows you how to install and use Microsoft Defender on Linux to make sure your IT department can scan your machine for threats.

How to Install Microsoft Defender in Linux

In order to install Microsoft defender on Linux, the instructions differ from distro to distro. Microsoft hasn’t put their packages in the repository, so you’ll have to make sure the right dependencies are installed and add the repos.

RPM-Based Distros

You’ll need yum-utils or dnf-utils:

sudo dnf instll yum-utils
Defender On Linux Dnf Utils

To configure the Microsoft repos, the basic syntax of the Microsoft repos is as follows:[distro]/[version]/[channel].repo

You can explore this mirror to see what you’d want. I’m going to be using prod.repo for the sake of consistency, as all distros have prod.repo or prod.list available. So, for my Fedora system, that command will be the following:

sudo yum-config-manager --add-repo=
Defender On Linux Repo Add

For the CentOS system I’m using to model, the command would be the following:

sudo yum-config-manager --add-repo=

I’m using the yum command because it’s targeted at RHEL, CentOS, and Oracle Linux, but you could also use dnf. You’ll also need to import Microsoft’s GPG key using the following command:

sudo rpm --import
Defender On Linux Key Import

Run a quick update:

sudo yum update

After that, you should be able to just install the package. The name is mdatp, or Microsoft Defender Advanced Threat Protection.

sudo yum install mdatp
Defender On Linux Dnf Install

Debian/Ubuntu Systems

You’ll need a couple of additional dependencies:

sudo apt install curl libplist-utils

Then you can follow basically the same process:

curl -o microsoft.list
sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-prod.list
sudo apt install gpg
curl | sudo apt-key add -
sudo apt install apt-transport-https
sudo apt update
sudo apt install mdatp

Install the repo, GPG key, any dependencies, and mdatp.

Using Microsoft Defender on Linux

Running Scans

One of the main things that you probably want to do is scan your system for threats. To do that, you open the terminal and type the following command:

mdatp scan full
Defender On Linux Full Scan Complete

This will scan as many files as it has access to (in my case 329,812) and report on any threats it knows of. You can also run quick or custom scans. The custom option allows you to specify a directory or a file or to ignore any exclusions that you’ve set previously. You could run a scan like this:

mdatp scan custom --path /PATH/TO/DIRECTORY --ignore-exclusions

If you’ve set an exclusion like covered below, you could run the above scan.

Updating Signatures

To update the virus signatures on Microsoft Defender on Linux, update it just like any other package.

sudo yum update mdatp
sudo apt-get upgrade mdatp

Setting Exclusions

To create exclusions so that files that are known to be good aren’t reported, you can do that a few ways. To exclude a file type, you can use a command like the following:

mdatp exclusion extension add --name .png

This will take all .png files and put them on the exclusion list. I wouldn’t necessarily recommend this, but if you have a particular file type that you create that you know will never need to be scanned, you can use that command to do that.

To create an exclusion for a directory, you can use a very similar command:

mdatp exclusion folder add --path /PATH/TO/DIRECTORY/

Now, whatever directory you just told mdatp to exclude won’t be scanned. This is helpful if you have some security testing tools on your system, as those contain virus signatures that can trip up antivirus software.

I hope you enjoyed this guide on installing and using Microsoft Defender on Linux. If you are not keen on using Microsoft Defender on Linux, check out some other antivirus software for Linux or learn how to scan for rootkits and viruses in Linux.

John Perkins
John Perkins

John is a young technical professional with a passion for educating users on the best ways to use their technology. He holds technical certifications covering topics ranging from computer hardware to cybersecurity to Linux system administration.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox