Microsoft Defender for Endpoint now supports live response capabilities on macOS and Linux
Microsoft Defender for Endpoint now helps analysts identify and remediate threats in real-time.
What you need to know
- Live response capabilities are now available in preview for Defender for Endpoint on macOS and Linux.
- Analysts can use live response to do in-depth investigative work and to take immediate actions in response to threats.
- Microsoft also introduced new commands for Linux and macOS to trigger response action while investigating a device.
Microsoft Defender for Endpoint now supports live response capabilities for macOS and Linux. The functionality is in public preview, and it allows analysts to perform in-depth investigations of issues and to take action in real-time. Defender for Endpoint is an enterprise tool for detecting and responding to threats and vulnerabilities. Microsoft announced preview support for live response capabilities in a Tech Community post (via Bleeping Computer).
"With live response, you have the power to do in-depth investigative work and take immediate response actions to promptly contain identified threats -- in real-time," explains Microsoft.
The aim of live response is to enhance investigations by collecting data, running scripts, and sending suspicious entities for analysis. It also allows security experts to remediate threats and proactively hunt for emerging threats.
- Live response for macOS and Linux allows analysts to do the following:
- Run basic and advanced commands to investigate suspicious entities.
- Collect files (such as malware samples, scripts output) for offline analysis.
- New: Trigger response actions on the device.
- Upload any Bash script to their live response library, and then run it on the device to collect forensics evidence and remediate malicious entities.
Microsoft also introduced new commands for the platforms, including enforcing network isolation, collecting an investigation package, and running an antivirus scan.
"Live response is designed to enhance investigations by enabling your security operations team to collect forensic data, run scripts, send suspicious entities for analysis, remediate threats, and proactively hunt for emerging threats," explains Microsoft's Israel Cohen-Pavon.
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He's covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean's journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.