This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 0%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB7%3C/text%3E%3C/svg%3E)
Is there a list of features Microsoft Defender ATP for Linux supports, especially compared to Defender ATP for Windows? Besides the "PUA" and "Archive Bomb" mentions in the preferences document, there's no list of features or detection-types for the Linux agent that I could find.
For example, does it support both signature-based and behavioral analysis for Linux? Is the list of detected and prevented malware-types have parity with the Windows agent? This is important information to have while organizations are comparing anti-malware vendors.
Hi,
Just checking in to see if the information provided was helpful.
If the reply helped you, please remember to accept as answer.
If no, please reply and tell us the current situation in order to provide further help.
Hi,
We have not get information from you for several days.
Any update for your issue?
If the reply is useful for you, please accept as answer.
If you have any other confuse, please reply to us directly.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Apologies for the delay. The answer is not exactly helpful as that kind of list is critical for any enterprise that needs to evaluate using Microsoft Defender ATP for Linux versus another AV product. For example, Trend Micro and FireEye have detailed lists of features available for their antivirus agent on Window as compared to Linux (https://www.fireeye.com/content/dam/fireeye-www/products/pdfs/pf/ep/ds-endpoint-security-agent-sw.pdf, https://help.deepsecurity.trendmicro.com/20_0/on-premise/supported-features-by-platform.html). Is there any way to contact the Defender ATP team to get a comparable list of the features available based on operating systems?
I'm aware that Defender ATP on Linux is CLI-based. I mentioned the configuration file as an example of the only item I see even close to highlighting available detections on Linux.
Hi,
As far as I know, there is no such list.
All the information about Microsoft Defender ATP for Linux please refer to the following article:
https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux
Defender doesn't have a user interface on Linux -- it's all run from the command line, it works with the usual Linux-management tools like Ansible, Chef and Puppet, and configuration options are in a JSON file.
Hope above information can help you.
---Please Accept as answer if the reply is helpful---