On Linux, you can ensure that real-time protection is enabled (denoted by a result of 1
from running the following command):
mdatp health --field real_time_protection_enabled
If it's not enabled you need to run:
mdatp config real-time-protection --value enabled