When Defender came to macOS as well as Windows, Microsoft announced that the name of the software was changing, from Windows Defender to Microsoft Defender. Hidden in the presentation was a hint about the future: a Linux laptop with a penguin sticker on. Now Microsoft Defender ATP for Linux in is in public preview for Red Hat Enterprise Linux 7+, CentOS Linux 7+, Ubuntu 16 LTS or higher, SLES 12+, Debian 9+, and Oracle Enterprise Linux 7. But what does it actually protect those OSes from?
Microsoft already has Linux malware detection in the Defender agents on Windows and Mac, because files get moved from one device to another and you want to catch malware wherever it is — ideally before it gets onto a vulnerable system. If you’re using WSL, Defender already protects you against threats like infected npm packages that try to install cryptominers.