This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 8%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EQC%3C/text%3E%3C/svg%3E)
Hello, for only one of my Azure Linux VM I have the following recommendation from MS Defender for Cloud:
"Endpoint protection health issues should be resolved on your machines"
Under Security checks, we can read:
"Real time protection is off or partially configured"
The extension MDE is installed and working:
TypeMicrosoft.Azure.AzureDefenderForServers.MDE.Linux
Version1.0.3.13
Status: Provisioning succeeded
But how can I check in my Azure VM that the real time protection is off or partially configured?
Thanks
I wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
On Linux, you can ensure that real-time protection is enabled (denoted by a result of 1 from running the following command):
mdatp health --field real_time_protection_enabled
If it's not enabled you need to run:
mdatp config real-time-protection --value enabled
Hello @Quattrocchi, Calogero , let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.
Hi,
I have checked on two Linux Ubuntu systems and both machines are reporting the SAME output:
# mdatp health --field real_time_protection_enabled
false
But only one Ubuntu system is reporting the message:
"Real time protection is off or partially configured"
Anyway, I have executed the command you suggested on the Ubuntu system reporting that the real time protection is off.
# mdatp config real-time-protection --value enabled
Configuration property updated.
# mdatp health --field real_time_protection_enabled
true
Let's see after some time ( a few hours) if the recommendation disappears
Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 6%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
mdatp config real-time-protection --value enabled
This setting is managed by your organization
The "real-time protection" is a Windows Security setting. You can check for it by logging into the VM as an administrator and going to Windows Security > Virus & thread protection > Virus and thread protection settings > Manage settings > Real-time protection.
If Defender itself is not working and RealTimeProtectionEnabled is set to False, you will need to make sure that the VM is properly onboarded and try the troubleshooting steps.
I cannot officially recommend editing the registry, but one thing that has worked for some customers in this scenario is setting 'HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSecurityHealthService' to 2 in the registry and restarting the PC.
Additional resources:
https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/iaas-antimalware-windows
Hi, As written in my question: the OS of my Azure VM is LINUX (Ubuntu 20.04)
Thanks for feedback.
Regards