Microsoft Defender for Endpoint now supports live response capabilities on macOS and Linux

News
By Sean Endicott
published

Microsoft Defender for Endpoint now helps analysts identify and remediate threats in real-time.

Macbook Pro Touch Bar Hero
Macbook Pro Touch Bar Hero (Image credit: Windows Central)

What you need to know

  • Live response capabilities are now available in preview for Defender for Endpoint on macOS and Linux.
  • Analysts can use live response to do in-depth investigative work and to take immediate actions in response to threats.
  • Microsoft also introduced new commands for Linux and macOS to trigger response action while investigating a device.

Microsoft Defender for Endpoint now supports live response capabilities for macOS and Linux. The functionality is in public preview, and it allows analysts to perform in-depth investigations of issues and to take action in real-time. Defender for Endpoint is an enterprise tool for detecting and responding to threats and vulnerabilities. Microsoft announced preview support for live response capabilities in a Tech Community post (via Bleeping Computer).

"With live response, you have the power to do in-depth investigative work and take immediate response actions to promptly contain identified threats -- in real-time," explains Microsoft.

The aim of live response is to enhance investigations by collecting data, running scripts, and sending suspicious entities for analysis. It also allows security experts to remediate threats and proactively hunt for emerging threats.

  • Live response for macOS and Linux allows analysts to do the following:
  • Run basic and advanced commands to investigate suspicious entities.
  • Collect files (such as malware samples, scripts output) for offline analysis.
  • New: Trigger response actions on the device.
  • Upload any Bash script to their live response library, and then run it on the device to collect forensics evidence and remediate malicious entities.

Microsoft also introduced new commands for the platforms, including enforcing network isolation, collecting an investigation package, and running an antivirus scan.

"Live response is designed to enhance investigations by enabling your security operations team to collect forensic data, run scripts, send suspicious entities for analysis, remediate threats, and proactively hunt for emerging threats," explains Microsoft's Israel Cohen-Pavon.

Sean Endicott
Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at sean.endicott@futurenet.com.