Microsoft is bringing its Windows Defender anti-malware application to macOS—and more platforms in the future—as it expands the reach of its Defender Advanced Threat Protection (ATP) platform. To reflect the new cross-platform nature, the suite is also being renamed to Microsoft Defender ATP, with the individual clients being labelled 'for Mac' or 'for Windows.'

  1. Remove Mac Defender
  2. Defender Mac Os
  3. House Defender Mac Os X

With the release of Windows Defender for Mac by the Microsoft virus protection team, Apple’s built-in software got themselves a match, or even a formidable rival. At the moment, it’s only available as a preview for enterprise users, but the Windows Defender download will be rolling out to individuals later this year, packaged into the. Shop for PC and Mac software including downloads, Small Business Software, Software for Students, Academic Courseware, Computer Security, Education & Reference, Illustration & Design, Operating Systems, and more. Oct 17, 2019 It’s even being trialled for macOS under the name Microsoft Defender Advanced Threat Protection (ATP) for Mac, although the focus there is primarily to serve mixed-OS business environments. Bitdefender Antivirus for Mac: Security and privacy features. Bitdefender Antivirus for Mac includes the company's VPN client software, and users get up to 200MB of VPN-data traffic a day per device. The user is then offered Mac Defender 'anti-virus' software to solve the issue. This “anti-virus” software is malware (i.e. Malicious software). Its ultimate goal is to get the user's credit card information which may be used for fraudulent purposes. The most common names for this malware are MacDefender, MacProtector and MacSecurity.

MojavemacOS malware is still something of a rarity, but it's not completely unheard of. Ransomware for the platform was found in 2016, and in-the-wild outbreaks of other malicious software continue to be found. Apple has integrated some malware protection into macOS, but we've heard from developers on the platform that Mac users aren't always very good at keeping their systems on the latest point release. This situation is particularly acute in corporate environments; while Windows has a range of tools to ensure that systems are kept up-to-date and alert administrators if they fall behind, a similar ecosystem hasn't been developed for macOS.

One would hope that Defender for Mac will also trap Windows malware to prevent Mac users from spreading malware to their Windows colleagues.

The initial preview of Defender for Mac will focus on signature-based malware detection. This is just the start, however. Defender ATP for Windows tracks various system behaviors and reports them to the ATP cloud service, which can be used to detect threats even without identifying any specific piece of malware. For example, if a system is iteratively opening and overwriting all its documents, there's a good chance that it's running some kind of ransomware process that's systematically encrypting the user's files. ATP can alert administrators that this is happening. The Mac client should over time grow to include similar reporting capabilities. Microsoft is also integrating it into other cloud services, such as Intune device management.

Advertisement

Those cloud services are growing ever more capable, too. Microsoft's system-management software can already report on systems that are using insecure configurations or running out-of-date software, but Defender ATP's new Threat & Vulnerability Management will expand this. The various risk factors will be prioritized according to the current threat landscape—for example, updating systems running insecure software versions becomes more pressing if there's active exploitation in the wild—so that administrators can focus on the software updates and configuration changes that offer the most bang for their buck in terms of improving their exposure to risks.

Further, TVM will integrate with Intune and System Center Configuration Manager to push the recommended fixes to machines that need them. TVM can then track the progress of these remediation activities as they're rolled out.

Microsoft hasn't said explicitly which other platforms will be Defender's next targets. However, its video promotion for Defender for Mac sports a surprising number of penguins, making Linux a likely candidate.

-->

Applies to:

Want to experience Defender for Endpoint? Sign up for a free trial.

This topic describes how to deploy Microsoft Defender for Endpoint on macOS manually. A successful deployment requires the completion of all of the following steps:

Prerequisites and system requirements

Before you get started, see the main Microsoft Defender for Endpoint on macOS page for a description of prerequisites and system requirements for the current software version.

Download installation and onboarding packages

Download the installation and onboarding packages from Microsoft Defender Security Center:

  1. In Microsoft Defender Security Center, go to Settings > Device Management > Onboarding.

  2. In Section 1 of the page, set operating system to macOS and Deployment method to Local script.

  3. In Section 2 of the page, select Download installation package. Save it as wdav.pkg to a local directory.

  4. In Section 2 of the page, select Download onboarding package. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.

  5. From a command prompt, verify that you have the two files.

Application installation (macOS 10.15 and older versions)

To complete this process, you must have admin privileges on the device.

  1. Navigate to the downloaded wdav.pkg in Finder and open it.

  2. Select Continue, agree with the License terms, and enter the password when prompted.

    Important

    You will be prompted to allow a driver from Microsoft to be installed (either 'System Extension Blocked' or 'Installation is on hold' or both. The driver must be allowed to be installed.

  3. Select Open Security Preferences or Open System Preferences > Security & Privacy. Select Allow:

    The installation proceeds.

    Caution

    If you don't select Allow, the installation will proceed after 5 minutes. Microsoft Defender for Endpoint will be loaded, but some features, such as real-time protection, will be disabled. See Troubleshoot kernel extension issues for information on how to resolve this.

Note

macOS may request to reboot the device upon the first installation of Microsoft Defender for Endpoint. Real-time protection will not be available until the device is rebooted.

Application installation (macOS 11 and newer versions)

Remove Mac Defender

To complete this process, you must have admin privileges on the device.

Defender Mac Os

  1. Navigate to the downloaded wdav.pkg in Finder and open it.

  2. Select Continue, agree with the License terms, and enter the password when prompted.

  3. At the end of the installation process, you'll be promoted to approve the system extensions used by the product. Select Open Security Preferences.

  4. From the Security & Privacy window, select Allow.

  5. Repeat steps 3 & 4 for all system extensions distributed with Microsoft Defender for Endpoint on Mac.

  6. As part of the Endpoint Detection and Response capabilities, Microsoft Defender for Endpoint on Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. When prompted to grant Microsoft Defender for Endpoint permissions to filter network traffic, select Allow.

  7. Open System Preferences > Security & Privacy and navigate to the Privacy tab. Grant Full Disk Access permission to Microsoft Defender ATP and Microsoft Defender ATP Endpoint Security Extension.

Client configuration

House Defender Mac Os X

  1. Copy wdav.pkg and MicrosoftDefenderATPOnboardingMacOs.py to the device where you deploy Microsoft Defender for Endpoint on macOS.

    The client device isn't associated with org_id. Note that the org_id attribute is blank.

  2. Run the Python script to install the configuration file:

  3. Verify that the device is now associated with your organization and reports a valid org ID:

    After installation, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner.

How to Allow Full Disk Access

House Defender Mac OS

Caution

macOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Microsoft Defender for Endpoint is not able to fully protect your device.

  1. To grant consent, open System Preferences > Security & Privacy > Privacy > Full Disk Access. Click the lock icon to make changes (bottom of the dialog box). Select Microsoft Defender for Endpoint.

  2. Run an AV detection test to verify that the device is properly onboarded and reporting to the service. Perform the following steps on the newly onboarded device:

    1. Ensure that real-time protection is enabled (denoted by a result of 1 from running the following command):

    2. Open a Terminal window. Copy and execute the following command:

    3. The file should have been quarantined by Defender for Endpoint on Mac. Use the following command to list all the detected threats:

  3. Run an EDR detection test to verify that the device is properly onboarded and reporting to the service. Perform the following steps on the newly onboarded device:

    1. In your browser such as Microsoft Edge for Mac or Safari.

    2. Download MDATP MacOS DIY.zip from https://aka.ms/mdatpmacosdiy and extract.

      You may be prompted:

      Do you want to allow downloads on 'mdatpclientanalyzer.blob.core.windows.net'?
      You can change which websites can download files in Websites Preferences.

  4. Click Allow.

  5. Open Downloads.

  6. You should see MDATP MacOS DIY.

    Tip

    If you double-click, you will get the following message:

    'MDATP MacOS DIY' cannot be opened because the developer cannot be verifier.
    macOS cannot verify that this app is free from malware.
    [Move to Trash][Cancel]

  7. Click Cancel.

  8. Right-click MDATP MacOS DIY, and then click Open.

    The system should display the following message:

    macOS cannot verify the developer of MDATP MacOS DIY. Are you sure you want to open it?
    By opening this app, you will be overriding system security which can expose your computer and personal information to malware that may harm your Mac or compromise your privacy.

  9. Click Open.

    The system should display the following message:

    Microsoft Defender for Endpoint - macOS EDR DIY test file
    Corresponding alert will be available in the MDATP portal.

  10. Click Open.

    In a few minutes an alert named 'macOS EDR Test Alert' should be raised.

  11. Go to Microsoft Defender Security Center (https://SecurityCenter.microsoft.com).

  12. Go to the Alert Queue.

    Look at the alert details and the device timeline, and perform the regular investigation steps.

Logging installation issues

See Logging installation issues for more information on how to find the automatically generated log that is created by the installer when an error occurs.

Uninstallation

See Uninstalling for details on how to remove Microsoft Defender for Endpoint on macOS from client devices.