Microsoft releases Defender ATP for Linux

Which seems more unlikely to you? Dogs and cats living together in peace or Microsoft releasing a security program for Linux? Actually, both are true. On June 23, Microsoft released Microsoft Defender Advanced Threat Protection (ATP) for Linux for general use. 

But before you get excited while you could use this on a Linux desktop, this version of ATP is not meant for the desktop. It's to protect Linux servers from server and network threats. If you want protection for your standalone desktop, you're better off with a such as ClamAV or Sophos Antivirus for Linux.

For sysadmins and security pros, Microsoft Defender Security Center is now available for monitoring and managing security across the full spectrum of enterprise desktop and server platforms -- Android, Windows, Windows Server, macOS, and Linux.

The point of this new program, according to Moti Gindi, corporate vice president of Microsoft Threat Protection, is "to protect the modern workplace environment across everything that it is, being Microsoft or non-Microsoft. We're protecting endpoints across Mac and today we're extending this endpoint protection to Linux and to iOS and Android." 

This program is now available for Red Hat Enterprise Linux (RHEL) 7 or higher; CentOS Linux 7 or newer; Ubuntu 16.04 or higher LTS versions; SUSE Linux Enterprise Server (SLES) 12 or higher; Debian 9 or newer; and Oracle Enterprise Linux 7.2.

On these servers, you use its shell program to launch, configure and manage the Defender agent. Once it's running you can start scans and manage threats from it locally or remotely. You can also deploy and configure it using the DevOps tools Puppet, Ansible, or manually using Bash commands.

You can also use the ATP's client shell interface to initiate scans, and manage threats. Once set up, though, you'd usually monitor your servers with the Microsoft Defender Security Center.

Once installed, ATP reports the following information to the Microsoft Defender Security Center console:

Antivirus alert information:

SeverityScan typeDevice information (see below for details)
File information (name, path, size, and hash)
Threat information (name, type, and state)

Device information:

Machine identifierTenant identifier
App version
Hostname
OS type
OS version
Computer model
Processor architecture
Whether the device is a virtual machine

While it's been in beta since February, Microsoft knows full well this is a 1.0 release. Helen Allas, a Microsoft Principal Program Manager, wrote:

We are just at the beginning of our Linux journey and we are not stopping here! We are committed to the continuous expansion of our capabilities for Linux and will be bringing you enhancements in the coming months. We can't wait for you to become part of our Linux journey and try out new capabilities as they become available. Make sure to turn on preview features in Microsoft Defender Security Center to get the latest updates before anyone else and stay tuned to our blog and Twitter channel for the latest announcements.

Microsoft previews Microsoft Defender ATP for LinuxMicrosoft releases first public preview of its Defender antivirus on AndroidMicrosoft Defender ATP now scans Windows 10 PC firmware for hardware rootkit attacks