Skip to Content

MC427157: Reminder – Enhanced antimalware Engine capabilities for Linux: Validate to ensure continued protection

This message is a continued reminder (previously MC399488 July ’22) about the enhanced anti-malware Engine for Linux and macOS that we have been rolling out. A few months back we announced the general availability and gradual roll-out of our enhanced anti-malware engine for Linux and macOS.

MC427157: Reminder - Enhanced antimalware Engine capabilities for Linux: Validate to ensure continued protection

The new engine has been deployed across thousands of systems already and has been running successfully! You can verify whether you are running the enhanced engine by checking the engine_version from the output of “mdatp health”. If the engine_version starts with”1.x” you are already on the new version.

As a reminder, to ensure Microsoft Defender Antivirus cloud-delivered protection works properly with the new engine, your security/IT team must configure your network/proxy/internet settings to allow connections between your endpoints and certain Microsoft URLs. To support the new Microsoft Defender for Endpoint on Linux and macOS anti-malware engine enhancements, you must allow-list within the proxy ecosystem in your environment the following URL endpoints:

  • *
  • *

Please note that access to these URLs is *required* to ensure uninterrupted cloud-delivered protection on your Linux and macOS systems behind a proxy. Organizations that do not allow-list access to the above-mentioned URLs will be unable to download threat definition updates required for effective anti-malware protection.

Further info is available at our documentation and also on our blog.

Note: No action is required, if the above steps have been taken already based on our announcements and previous communications.

Timeline and Version Requirements: We began rolling out the enhanced anti-malware engine in June and this activity is scheduled to complete by the last week of September.

Minimum version requirements to enable a smooth transition:

  1. The minimum Microsoft Defender for Endpoint version number must be 101.62.64 Feb 2022 build. However, we recommend upgrading to the latest and greatest version available at the point in time for most updated capabilities.
  2. Soon after migration begins, versions older than 101.62.64 will stop getting protection updates.


  • Additionally, to support definitions storage in non-standard locations (outside of /var) for definition updates please ensure that you are at least on version 101.71.18.
  • If you are running builds that are older than 101.62.64, please update defender to continue to stay protected.
  • If you notice any issues or need any assistance during the course of this roll-out, please do contact Microsoft through our regular support channels.

Learn more

Message ID: MC427157
Published: 06 September 2022
Updated: 06 September 2022
Platform: Linux, Mac, World tenant

    Ads Blocker Image Powered by Code Help Pro

    It looks like you are using an adblocker.

    Ads keep our content free. Please consider supporting us by allowing ads on