• Install & Activate
  • Troubleshooting
BEST Antivirus KBS : Largest Anti-Malware Knowlegde Base and Support
  • Install & Activate
  • Troubleshooting

Troubleshoot issues for Microsoft Defender for Endpoint on Linux RHEL6

/Troubleshoot Problems / Troubleshooting Microsoft / Troubleshoot Problems / Troubleshooting Microsoft / Troubleshooting Microsoft Endpoint / Troubleshoot issues for Microsoft Defender for Endpoint on Linux RHEL6
  • December 23, 2021
  • BEST Antivirus Staff 2
  • Troubleshooting Microsoft / Troubleshooting Microsoft Endpoint

Contents

  1. Check the service health
  2. Verify that the service is running
  3. Verify the distribution and kernel version
  4. Check if mdatp audisp process is running
  5. Check TALPA modules
  6. Check TALPA status
    1. Source : Official Microsoft Brand Editor by : BEST Antivirus KBS Team
0
(0)

 Important

Some information relates to prereleased product which may be substantially modified before it’s commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Want to experience Defender for Endpoint? Sign up for a free trial.

This article provides guidance on how to troubleshoot issues you might encounter with Microsoft Defender for Linux on Red Hat Linux 6 (RHEL 6) or higher.

After the package (mdatp_XXX.XX.XX.XX.x86_64.rpm) is installed, take actions provided to verify that the installation was successful.

Check the service health

Use the following command to check the service health:

Bash

mdatp health

Verify that the service is running

Use the following command to verify that the service is running:

Bash

service mdatp status

Expected output: mdatp start/running, process 4517

Verify the distribution and kernel version

The distribution and kernel versions should be on the supported list.

Use the following command to get the distribution version:

Bash

cat /etc/redhat-release (or /etc/system-release)

Use the following command to get the kernel version:

Bash

uname -r

Check if mdatp audisp process is running

The expected output is that the process is running.

Use the following command to check:

Bash

pidof mdatp_audisp_plugin

Check TALPA modules

There should be nine modules loaded.

Use the following command to check:

Bash

lsmod | grep talpa

Expected output: Enabled

Bash

talpa_pedconnector       878  0 

talpa_pedevice          5189  2 talpa_pedconnector 

talpa_vfshook          32300  1 

talpa_vcdevice          4947  1 

talpa_syscall           9127  0 

talpa_core             90699  4 talpa_vfshook,talpa_vcdevice,talpa_syscall 

talpa_linux            29424  5 talpa_vfshook,talpa_vcdevice,talpa_syscall,talpa_core 

talpa_syscallhookprobe      882  0 

talpa_syscallhook      14987  2 talpa_vfshook,talpa_syscallhookprobe
Bash

lsmod | grep talpa | wc -l

Expected output: 9

Check TALPA status

Bash

cat /proc/sys/talpa/interceptors/VFSHookInterceptor/status

Debug log files (apart from the ‘mdatp diagnostic create’ bundle)

Bash

/var/log/audit/audit.log 

/var/log/messages 

semanage fcontext -l > selinux.log

Performance and Memory

Bash

top -p <wdavdaemon pid>      

pmap -x <wdavdaemon pid>

Where <wdavdaemon pid> can be found using pidof wdavdaemon.

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 28 times, 1 visits today)
Tagged: Fix MicrosoftFix Microsoft for Endpoint

Related Articles

  • All about Microsoft

  • Microsoft Defender for Business (preview) troubleshooting

  • Support and troubleshooting Microsoft Defender for Cloud Apps

  • Troubleshooting – What is *.cas.ms, *.mcas.ms, or *.mcas-gov.us? (Microsoft)

  • Troubleshooting access and session controls (Microsoft)

  • Troubleshooting the SIEM agent (Microsoft)

ask or enter a search term

Top Rated Posts

5 (1)

Activate code Avast on Windows PC

5 (1)

[KB5699] Set the PIN in ESET Parental Control for Android

5 (2)

Getting started (app) (ESET)

5 (1)

[KB3239] How do I uninstall or reinstall ESET Cyber Security or ESET Cyber Security Pro?

5 (2)

[KB6842] Upgrade to ESET Cyber Security and ESET Cyber Security Pro version 6.6 fails on previous versions of macOS (10.6 – 10.8)

About

We are BEST Antivirus , Trusted Comparison and Cheap Antivirus Software 2020. KBS is Knowledge Base and Support : This page was created to guide customers through the installation and to resolve all the common errors of anti-virus software.

Partners

› Avast
› AVG
› BitDefender
› ESET
› Trend Micro
› All Partners

Resources

› Store
› Advertise
› Brand Reviews
› Review Platforms
› Contact Page
› Knowledge Base

  • Install & Activate
  • Troubleshooting
© Copyright by BEST Antivirus by SSG Limited