This message is a continued reminder (previously MC399488 July ’22) about the enhanced anti-malware Engine for Linux and macOS that we have been rolling out. A few months back we announced the general availability and gradual roll-out of our enhanced anti-malware engine for Linux and macOS.
The new engine has been deployed across thousands of systems already and has been running successfully! You can verify whether you are running the enhanced engine by checking the engine_version from the output of “mdatp health”. If the engine_version starts with”1.x” you are already on the new version.
As a reminder, to ensure Microsoft Defender Antivirus cloud-delivered protection works properly with the new engine, your security/IT team must configure your network/proxy/internet settings to allow connections between your endpoints and certain Microsoft URLs. To support the new Microsoft Defender for Endpoint on Linux and macOS anti-malware engine enhancements, you must allow-list within the proxy ecosystem in your environment the following URL endpoints:
- go.microsoft.com
- definitionupdates.microsoft.com
- https://www.microsoft.com/security/encyclopedia/adlpackages.aspx
- *.wdcp.microsoft.com
- *.wd.microsoft.com
Please note that access to these URLs is *required* to ensure uninterrupted cloud-delivered protection on your Linux and macOS systems behind a proxy. Organizations that do not allow-list access to the above-mentioned URLs will be unable to download threat definition updates required for effective anti-malware protection.
Further info is available at our documentation and also on our blog.
Note: No action is required, if the above steps have been taken already based on our announcements and previous communications.
Timeline and Version Requirements: We began rolling out the enhanced anti-malware engine in June and this activity is scheduled to complete by the last week of September.
Minimum version requirements to enable a smooth transition:
- The minimum Microsoft Defender for Endpoint version number must be 101.62.64 Feb 2022 build. However, we recommend upgrading to the latest and greatest version available at the point in time for most updated capabilities.
- Soon after migration begins, versions older than 101.62.64 will stop getting protection updates.
Note:
- Additionally, to support definitions storage in non-standard locations (outside of /var) for definition updates please ensure that you are at least on version 101.71.18.
- If you are running builds that are older than 101.62.64, please update defender to continue to stay protected.
- If you notice any issues or need any assistance during the course of this roll-out, please do contact Microsoft through our regular support channels.
Learn more
- Enable access to Microsoft Defender for Endpoint service URLs in the proxy server
- Enhanced antimalware engine capabilities for Linux and macOS
- Configure device proxy and Internet connectivity settings
Message ID: MC427157
Published: 06 September 2022
Updated: 06 September 2022
Platform: Linux, Mac, World tenant
Alex Lim
Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook
