在 macOS 上使用 Microsoft Defender for Endpoint 排程掃描Schedule scans with Microsoft Defender for Endpoint on macOS

適用於:Applies to:

想要體驗適用於端點的 Microsoft Defender 嗎?Want to experience Microsoft Defender for Endpoint? 注册免費試用版。Sign up for a free trial.

雖然您可以在任何時候使用 Microsoft Defender for Endpoint 開始進行威脅掃描,但您的企業可能會受益于排程或定時掃描。While you can start a threat scan at any time with Microsoft Defender for Endpoint, your enterprise might benefit from scheduled or timed scans. 例如,您可以在每個 workday 或每週開始排程掃描,以執行。For example, you can schedule a scan to run at the beginning of every workday or week.

使用 launchd 排程掃描Schedule a scan with launchd

您可以使用 macOS 裝置上的 launchd 幕後程式建立掃描排程。You can create a scanning schedule using the launchd daemon on a macOS device.

  1. 下列程式碼會顯示您需要用來排程掃描的架構。The following code shows the schema you need to use to schedule a scan. 開啟文字編輯器,並使用此範例做為您自己的排程掃描檔案的指南。Open a text editor and use this example as a guide for your own scheduled scan file.

    如需此處所用之 plist 檔案格式的詳細資訊,請參閱官方 Apple 開發人員網站上的 About Information Property List FilesFor more information on the .plist file format used here, see About Information Property List Files at the official Apple developer website.

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
      "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
        <key>Label</key>
        <string>com.microsoft.wdav.schedquickscan</string>
        <key>ProgramArguments</key>
        <array>
            <string>sh</string>
            <string>-c</string>
            <string>/usr/local/bin/mdatp scan quick</string>
        </array>
        <key>RunAtLoad</key>
        <true/>
        <key>StartCalendarInterval</key>
        <dict>
            <key>Day</key>
            <integer>3</integer>
            <key>Hour</key>
            <integer>2</integer>
            <key>Minute</key>
            <integer>0</integer>
            <key>Weekday</key>
            <integer>5</integer>
        </dict>
        <key>WorkingDirectory</key>
        <string>/usr/local/bin/</string>
    </dict>
    </plist>
    
  2. 將檔案儲存為 wdav schedquickscanSave the file as com.microsoft.wdav.schedquickscan.plist.

    提示

    若要執行完整掃描而非快速掃描,請變更行12, <string>/usr/local/bin/mdatp scan quick</string> 以使用選項, full 而不是 quick (,例如 <string>/usr/local/bin/mdatp scan full</string>) 並將檔案儲存為 wdav (wdav)。 plist,而非. 已計畫的 快速 掃描。 plist。 **To run a full scan instead of a quick scan, change line 12, <string>/usr/local/bin/mdatp scan quick</string>, to use the full option instead of quick (i.e. <string>/usr/local/bin/mdatp scan full</string>) and save the file as com.microsoft.wdav.sched full scan.plist instead of com.microsoft.wdav.sched quick scan.plist.

  3. 開啟 終端Open Terminal.

  4. 輸入下列命令以載入檔案:Enter the following commands to load your file:

    launchctl load /Library/LaunchDaemons/<your file name.plist>
    launchctl start <your file name>
    
  5. 您排程的掃描會在您于 p-清單中所定義的日期、時間及頻率執行。Your scheduled scan will run at the date, time, and frequency you defined in your p-list. 在此範例中,掃描會于每星期五的 2:00 AM 執行。In the example, the scan runs at 2:00 AM every Friday.

    WeekdayStartCalendarInterval 使用整數來表示一周的第五天或星期五。The Weekday value of StartCalendarInterval uses an integer to indicate the fifth day of the week, or Friday.

重要

launchd 執行的代理程式不會在裝置休眠時于排程的時間執行。Agents executed with launchd will not run at the scheduled time while the device is asleep. 當裝置從睡眠模式中恢復後,就會立即執行。They will instead run once the device resumes from sleep mode.

如果裝置關閉,則掃描會在下一個排程的掃描時間執行。If the device is turned off, the scan will run at the next scheduled scan time.

使用 Intune 排程掃描Schedule a scan with Intune

您也可以使用 Microsoft Intune 排程掃描。You can also schedule scans with Microsoft Intune. 當裝置從睡眠模式繼續時,可在Microsoft Defender For Endpoint 的腳本中使用的runMDATPQuickScan.sh命令介面腳本將會保留。The runMDATPQuickScan.sh shell script available at Scripts for Microsoft Defender for Endpoint will persist when the device resumes from sleep mode.

如需如何在您的企業中使用此腳本的詳細指示,請參閱 在 Intune 中的 macOS 裝置上使用命令介面腳本See Use shell scripts on macOS devices in Intune for more detailed instructions on how to use this script in your enterprise.