• Install & Activate
  • Troubleshooting
  • EN
  • ES
  • FR
  • AR
Best Antivirus KBS
  • Install & Activate
  • Troubleshooting
  • EN
  • ES
  • FR
  • AR

Troubleshoot installation issues for Microsoft Defender for Endpoint on Linux

/Troubleshoot Problems / Troubleshooting Microsoft / Troubleshoot Problems / Troubleshooting Microsoft / Troubleshooting Microsoft Endpoint / Troubleshoot installation issues for Microsoft Defender for Endpoint on Linux
  • December 23, 2021
  • BEST Antivirus Staff 2
  • Troubleshooting Microsoft / Troubleshooting Microsoft Endpoint
0
()

Contents

  • Verify that the installation succeeded
  • Make sure you have the correct package
  • Installation failed
  • Steps to troubleshoot if the mdatp service isn’t running
  • If the Defender for Endpoint service is running, but the EICAR text file detection doesn’t work
  • Command-line tool “mdatp” isn’t working
    • Source : Official Microsoft Brand Editor by : BEST Antivirus KBS Team

Verify that the installation succeeded

An error in installation may or may not result in a meaningful error message by the package manager. To verify if the installation succeeded, obtain and check the installation logs using:

Bash

 sudo journalctl --no-pager|grep 'microsoft-mdatp' > installation.log
Bash

 grep 'postinstall end' installation.log
Output

 microsoft-mdatp-installer[102243]: postinstall end [2020-03-26 07:04:43OURCE +0000] 102216

An output from the previous command with correct date and time of installation indicates success.

Also check the Client configuration to verify the health of the product and detect the EICAR text file.

Make sure you have the correct package

Verify that the package you are installing matches the host distribution and version.

MAKE SURE YOU HAVE THE CORRECT PACKAGE
package distribution
mdatp-rhel8.Linux.x86_64.rpm Oracle, RHEL, and CentOS 8.x
mdatp-sles12.Linux.x86_64.rpm SUSE Linux Enterprise Server 12.x
mdatp-sles15.Linux.x86_64.rpm SUSE Linux Enterprise Server 15.x
mdatp.Linux.x86_64.rpm Oracle, RHEL, and CentOS 7.x
mdatp.Linux.x86_64.deb Debian and Ubuntu 16.04, 18.04 and 20.04

For manual deployment, make sure the correct distro and version had been chosen.

Installation failed

Check if the Defender for Endpoint service is running:

Bash

service mdatp status
Output

 ● mdatp.service - Microsoft Defender for Endpoint
   Loaded: loaded (/lib/systemd/system/mdatp.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2020-03-26 10:37:30 IST; 23h ago
 Main PID: 1966 (wdavdaemon)
    Tasks: 105 (limit: 4915)
   CGroup: /system.slice/mdatp.service
           ├─1966 /opt/microsoft/mdatp/sbin/wdavdaemon
           ├─1967 /opt/microsoft/mdatp/sbin/wdavdaemon
           └─1968 /opt/microsoft/mdatp/sbin/wdavdaemon

Steps to troubleshoot if the mdatp service isn’t running

  1. Check if “mdatp” user exists:
    Bash

    id "mdatp"

    If there’s no output, run

    Bash

    sudo useradd --system --no-create-home --user-group --shell /usr/sbin/nologin mdatp
  2. Try enabling and restarting the service using:
    Bash

    sudo service mdatp start
    Bash

    sudo service mdatp restart
  3. If mdatp.service isn’t found upon running the previous command, run:
    Bash

    sudo cp /opt/microsoft/mdatp/conf/mdatp.service <systemd_path>

    where <systemd_path> is /lib/systemd/system for Ubuntu and Debian distributions and /usr/lib/systemd/system` for Rhel, CentOS, Oracle and SLES. Then rerun step 2.

  4. If the above steps don’t work, check if SELinux is installed and in enforcing mode. If so, try setting it to permissive (preferably) or disabled mode. It can be done by setting the parameter SELINUX to “permissive” or “disabled” in /etc/selinux/config file, followed by reboot. Check the man-page of selinux for more details. Now try restarting the mdatp service using step 2. Revert the configuration change immediately though for security reasons after trying it and reboot.
  5. If /opt directory is a symbolic link, create a bind mount for /opt/microsoft.
  6. Ensure that the daemon has executable permission.
    Bash

    ls -l /opt/microsoft/mdatp/sbin/wdavdaemon
    Output

    -rwxr-xr-x 2 root root 15502160 Mar  3 04:47 /opt/microsoft/mdatp/sbin/wdavdaemon

    If the daemon doesn’t have executable permissions, make it executable using:

    Bash

    sudo chmod 0755 /opt/microsoft/mdatp/sbin/wdavdaemon

    and retry running step 2.

  7. Ensure that the file system containing wdavdaemon isn’t mounted with “noexec”.

If the Defender for Endpoint service is running, but the EICAR text file detection doesn’t work

  1. Check the file system type using:
    Bash

    findmnt -T <path_of_EICAR_file>

    Currently supported file systems for on-access activity are listed here. Any files outside these file systems won’t be scanned.

Command-line tool “mdatp” isn’t working

  1. If running the command-line tool mdatp gives an error command not found, run the following command:
    Bash

    sudo ln -sf /opt/microsoft/mdatp/sbin/wdavdaemonclient /usr/bin/mdatp

    and try again.

    If none of the above steps help, collect the diagnostic logs:

    Bash

    sudo mdatp diagnostic create
    Output

    Diagnostic file created: <path to file>

    Path to a zip file that contains the logs will be displayed as an output. Reach out to our customer support with these logs.

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count:

No votes so far! Be the first to rate this post.

(Visited 1 times, 1 visits today)
Discover More help  Troubleshooting Microsoft Defender for Identity Known Issues
Tagged: Fix MicrosoftFix Microsoft for Endpoint

Related Articles

  • All about Microsoft

  • Microsoft Defender for Business (preview) troubleshooting

  • Support and troubleshooting Microsoft Defender for Cloud Apps

  • Troubleshooting – What is *.cas.ms, *.mcas.ms, or *.mcas-gov.us? (Microsoft)

  • Troubleshooting access and session controls (Microsoft)

  • Troubleshooting the SIEM agent (Microsoft)

ask or enter a search term

Download, Install & Active

  • AVAST
    • Avast Home
    • Avast Business
    • Avast Endpoint
  • AVG
    • AVG Home
    • AVG Business
    • AVG Endpoint
  • Avira
    • Avira Home
    • Avira Business
    • Avira Endpoint
  • BitDefender
    • BitDefender Home
    • BitDefender Business
    • BitDefender Endpoint
  • BullGuard
    • BullGuard Home
    • BullGuard Business
    • BullGuard Endpoint
  • ESET
    • ESET Home
    • ESET Business
    • ESET Endpoint
  • Norton
    • Norton Home
    • Norton Business
    • Norton Endpoint

Top Rated Posts

5 (1)

Download and install or reinstall Microsoft 365 or Office 2021 on a PC or Mac

5 (1)

Watchdog Anti-Malware

5 (1)

McAfee Installation error on Windows: Error code 0

5 (1)

Getting started (app) (ESET)

5 (1)

All about Norton

Troubleshoot Problems

  • Troubleshooting Avast
    • Troubleshooting Avast Home
    • Troubleshooting Avast Business
    • Troubleshooting Avast Endpoint
  • Troubleshooting AVG
    • Troubleshooting AVG Home
    • Troubleshooting AVG Business
    • Troubleshooting AVG Endpoint
  • Troubleshooting Avira
    • Troubleshooting Avira Home
    • Troubleshooting Avira Business
    • Troubleshooting Avira Endpoint
  • Troubleshooting BitDefender
    • Troubleshooting BitDefender Home
    • Troubleshooting BitDefender Business
    • Troubleshooting BitDefender Endpoint
  • Troubleshooting BullGuard
    • Troubleshooting BullGuard Home
    • Troubleshooting BullGuard Business
    • Troubleshooting BullGuard Endpoint
  • Troubleshooting ESET
    • Troubleshooting ESET Home
    • Troubleshooting ESET Business
    • Troubleshooting ESET Endpoint
  • Troubleshooting Norton
    • Troubleshooting Norton Home
    • Troubleshooting Norton Business
    • Troubleshooting Norton Endpoint

Top 10 Guides

  • [KB3592] Is my ESET product supported? ESET End of… July 21, 2021 (285)
  • [KB3580] Upgrade ESET business products July 21, 2021 (246)
  • [KB2885] Download and install ESET offline or… July 21, 2021 (229)
  • Installing missing Microsoft Knowledge Base packages… July 20, 2021 (203)
  • [KB3152] Open the main program window of ESET… July 21, 2021 (165)
  • How to open a Kaspersky application August 20, 2021 (154)
  • [KB5552] Enable or Disable ESET LiveGrid® July 21, 2021 (141)
  • You have exceeded the maximum number of activations… August 22, 2021 (95)
  • [KB3403] Configure my authentication endpoint for… August 11, 2021 (87)
  • [KB3695] Open the ESET Remote Administrator Web… July 21, 2021 (85)

Cloud Tags

Microsoft kaspersky for home eset for business trend micro avira for windows Microsoft for Business avg antivirus F-Secure for Android bitdefender for business F-Secure for windows malwarebytes for business malwarebytes trend micro for home avg business Microsoft for home malwarebytes for home F-Secure for IOS F-Secure for Home Sophos for Business avg avira for home avira norton for business F-Secure for Business kaspersky for business F-Secure for MAC bitdefender K7 Computing for home bitdefender for home Sophos for Home ESET Sophos avira for business kaspersky trend micro for business avg home norton Microsoft for Endpoint K7 Computing for Business norton for home malwarebytes for windows F-Secure eset for home eset for windows K7 Computing

About

We are BEST Antivirus , Trusted Comparison and Cheap Antivirus Software 2020. KBS is Knowledge Base and Support : This page was created to guide customers through the installation and to resolve all the common errors of anti-virus software.

Partners

› Avast
› AVG
› BitDefender
› ESET
› Trend Micro
› All Partners

Resources

› Store
› Advertise
› Brand Reviews
› Review Platforms
› Contact Page
› Knowledge Base

  • Install & Activate
  • Troubleshooting
  • EN
  • ES
  • FR
  • AR
© Copyright, A SSG Limited