使用 Microsoft Defender for Endpoint for Linux 检测并阻止可能不需要的应用程序Detect and block potentially unwanted applications with Microsoft Defender for Endpoint for Linux

适用于:Applies to:

想要体验适用于终结点的 Defender?Want to experience Defender for Endpoint? 注册免费试用版。Sign up for a free trial.

适用于 Linux 的 Defender (PUA) 保护功能中可能不需要的应用程序可以检测和阻止网络中终结点上的 PUA 文件。The potentially unwanted application (PUA) protection feature in Defender for Endpoint for Linux can detect and block PUA files on endpoints in your network.

这些应用程序不被视为病毒、恶意软件或其他类型的威胁,但可能会对终结点执行对性能或使用产生不利影响的操作。These applications are not considered viruses, malware, or other types of threats, but might perform actions on endpoints that adversely affect their performance or use. PUA 还可以指信誉不佳的应用程序。PUA can also refer to applications that are considered to have poor reputation.

这些应用程序会增加网络受到恶意软件感染的风险,导致恶意软件感染更难识别,并且可能会浪费 IT 资源来清理应用程序。These applications can increase the risk of your network being infected with malware, cause malware infections to be harder to identify, and can waste IT resources in cleaning up the applications.

运作方式How it works

适用于 Linux 的 Defender for Endpoint 可以检测和报告 PUA 文件。Defender for Endpoint for Linux can detect and report PUA files. 在阻止模式下配置时,PUA 文件将移动到隔离区。When configured in blocking mode, PUA files are moved to the quarantine.

在终结点上检测到 PUA 时,Linux 的 Defender for Endpoint 会记录威胁历史记录中的感染情况。When a PUA is detected on an endpoint, Defender for Endpoint for Linux keeps a record of the infection in the threat history. 可以从 Microsoft Defender 安全中心门户或命令行工具可视化 mdatp 历史记录。The history can be visualized from the Microsoft Defender Security Center portal or through the mdatp command-line tool. 威胁名称将包含单词"Application"。The threat name will contain the word "Application".

配置 PUA 保护Configure PUA protection

可通过以下方法之一配置适用于 Linux 的 Defender 终结点中的 PUA 保护:PUA protection in Defender for Endpoint for Linux can be configured in one of the following ways:

  • 关闭:PUA 保护已禁用。Off: PUA protection is disabled.
  • 审核:PUA 文件在产品日志中报告,但不在 Microsoft Defender 安全中心中报告。Audit: PUA files are reported in the product logs, but not in Microsoft Defender Security Center. 威胁历史记录中未存储任何感染记录,产品不采取措施。No record of the infection is stored in the threat history and no action is taken by the product.
  • 阻止:PUA 文件在产品日志和 Microsoft Defender 安全中心中报告。Block: PUA files are reported in the product logs and in Microsoft Defender Security Center. 感染的记录存储在威胁历史记录中,产品会采取措施。A record of the infection is stored in the threat history and action is taken by the product.

警告

默认情况下,PUA 保护在 审核模式下配置By default, PUA protection is configured in Audit mode.

你可以配置从命令行或管理控制台处理 PUA 文件的方式。You can configure how PUA files are handled from the command line or from the management console.

使用命令行工具配置 PUA 保护:Use the command-line tool to configure PUA protection:

在终端中,执行以下命令以配置 PUA 保护:In Terminal, execute the following command to configure PUA protection:

mdatp threat policy set --type potentially_unwanted_application --action [off|audit|block]

使用管理控制台配置 PUA 保护:Use the management console to configure PUA protection:

在企业中,你可以配置管理控制台(如"小数"或"Ansible")的 PUA 保护,这类似于配置其他产品设置的方式。In your enterprise, you can configure PUA protection from a management console, such as Puppet or Ansible, similarly to how other product settings are configured. 有关详细信息,请参阅设置适用于Linux 的 Defender终结点的首选项文章的威胁类型设置部分。For more information, see the Threat type settings section of the Set preferences for Defender for Endpoint for Linux article.