MC1066159 - Microsoft Defender for Endpoint for Linux: Removing Netfilter dependency

Microsoft Defender for Endpoint (MDE) for Linux will no longer require external dependencies for MDE Netfilter and Libpcre in the mdatppackage. Instead, these dependencies will be bundled within the MDE package itself. This change aims to eliminate onboarding challenges caused by the need to install additional dependencies.

When this will happen:

General Availability (Worldwide): The rollout is scheduled for early-May 2025. The MDE version at the time will resemble 101.25032.xxxx (where the patch version "xxxx" may vary).

How this will affect your organization:

This update does not alter the functionality or behavior of MDE. All features will continue to work as they did previously.

Post-rollout, the following documentation will contain additional details:

• What's new in Microsoft Defender for Endpoint on Linux
• External Dependencies for Microsoft Defender for Endpoint on Linux

What you need to do to prepare:

Upgrade Considerations:

In upgrade scenarios, since the external MDE netfilter dependency will no longer be required after updating to the new version, it can be safely removed. Use the following commands to uninstall it based on your distribution:

• RHEL and variants (CentOS, Fedora, Oracle Linux, Amazon Linux 2, Rocky, and Alma)
  `sudo yum remove mde-netfilter`
• SLES and variants
  `sudo zypper remove mde-netfilter`
• Ubuntu and Debian
  `sudo apt remove mde-netfilter`
• Mariner
  ` sudo dnf remove mde-netfilter