I know it's still hard for some of you to wrap your minds around it, but Microsoft really does support Linux these days. A case in point: Back in June, Microsoft released Microsoft Defender Advanced Threat Protection (ATP) for Linux for general use[1]. Now, Microsoft has improved the Linux version of Defender, by adding a public preview of endpoint detection and response (EDR) capabilities[2].
This is still not a version of Microsoft Defender you can run on a standalone Linux desktop. Its primary job remains to protect Linux servers from server and network threats. If you want protection for your standalone desktop, use such programs as ClamAV[3] or Sophos Antivirus for Linux[4].
For businesses, though, with workers from home now using their Macs and Windows PCs here, there, and everywhere, it's a different story. While based on Linux servers, you'll be able to use it to protect PCs running macOS, Windows 8.1, and Windows 10[5].
With these new EDR capabilities, Linux Defender users can detect advanced attacks that involve Linux servers, utilize rich experiences, and quickly remediate threats. This builds on the existing preventative antivirus capabilities[6] and centralized reporting available via the Microsoft Defender Security Center.
Specifically, it includes:
- Rich investigation experience, which includes machine timeline, process creation, file creation, network connections, login events, and advanced hunting.
- Optimized performance-enhanced CPU utilization in compilation procedures and large software deployments.
- In-context AV detection. Just like with the Windows edition, you'll get insight into where a threat came from and how the malicious process or activity was created.
To run the updated program, you'll need one of the following Linux servers: RHEL 7.2+; CentOS Linux 7.2+; Ubuntu 16.04 or higher LTS; SLES 12+; Debian or