Search

MC427157 – Reminder – Enhanced antimalware Engine capabilities for Linux: Validate to ensure continued protection (archived)

cloudscout.one Icon

check before: 2022-09-21

Product:

Defender, Defender for Endpoint, Microsoft 365 Defender

Platform:

Linux, Mac, World tenant

Status:

Change type:

Admin impact

Links:

MC399488

Details:

This message is a continued reminder (previously MC399488 Jully '22) about the enhanced anti-malware Engine for Linux and macOS that we have been rolling out. A few months back we announced the general availability and gradual roll-out of our enhanced anti-malware engine for Linux and macOS.

The new engine has been deployed across thousands of systems already and has been running successfully! You can verify whether you are running the enhanced engine by checking the engine_version from the output of "mdatp health". If the engine_version starts with"1.x" you are already on the new version.
As a reminder, to ensure Microsoft Defender Antivirus cloud-delivered protection works properly with the new engine, your security/IT team must configure your network/proxy/internet settings to allow connections between your endpoints and certain Microsoft URLs. To support the new Microsoft Defender for Endpoint on Linux and macOS anti-malware engine enhancements, you must allow-list within the proxy ecosystem in your environment the following URL endpoints:
go.microsoft.com
definitionupdates.microsoft.com
https://www.microsoft.com/security/encyclopedia/adlpackages.aspx
*.wdcp.microsoft.com
*.wd.microsoft.com
Please note that access to these URLs is *required* to ensure uninterrupted cloud-delivered protection on your Linux and macOS systems behind a proxy. Organizations that do not allow-list access to the above-mentioned URLs will be unable to download threat definition updates required for effective anti-malware protection.
Further info is available at our documentation and also on our blog.
Note: No action is required, if the above steps have been taken already based on our announcements and previous communications.
Timeline and Version Requirements: We began rolling out the enhanced anti-malware engine in June and this activity is scheduled to complete by the last week of September.
Minimum version requirements to enable a smooth transition:
The minimum Microsoft Defender for Endpoint version number must be 101.62.64 [Feb 2022 build]. However, we recommend upgrading to the latest and greatest version available at the point in time for most updated capabilities.
Soon after migration begins, versions older than 101.62.64 will stop getting protection updates .
Note:
Additionally, to support definitions storage in non-standard locations (outside of /var) for definition updates please ensure that you are at least on version 101.71.18.
If you are running builds that are older than 101.62.64, please update defender to continue to stay protected.
If you notice any issues or need any assistance during the course of this roll-out, please do contact Microsoft through our regular support channels.
Refer to our blog for more information.

Change Category:
XXXXXXX ...

Scope:
XXXXXXX ...

Release Phase:

Created:
2022-09-07

updated:
2022-09-15

the free basic plan is required to see all details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.


changes*

DatePropertyoldnew
2022-09-15MC prepareps://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-proxy-internet?view=o365-worldwide#enable-access-to-microsoft-defender-for-endpoint-service-urls-in-the-proxy-serhttps://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-proxy-internet?view=o365-worldwide#enable-access-to-microsoft-defender-for-endpoint-service-urls-in-the-proxy-server

*starting April 2022

Last updated 11 months ago

Share to MS Teams

Login to your account

Welcome Back, We Missed You!