-->
Applies to:
Office for Mac. Microsoft au daemon是干什么用的? 使用Macbook,发现进程里常有个叫Microsoft AU Daemon,却不知干什么用的。.
Collecting diagnostic information
If you can reproduce a problem, please increase the logging level, run the system for some time, and restore the logging level to the default.
Increase logging level:
Reproduce the problem
Run
sudo mdatp --diagnostic --createto backup Microsoft Defender ATP's logs. The files will be stored inside of a .zip archive. This command will also print out the file path to the backup after the operation succeeds.Restore logging level:
- 2017-12-12 Why is my Office 2016 for Mac suddenly opening with 'Microsoft AU Daemon.app'? Then closed Excel and reopened, did not get the UA app message. I expect the Daemon AU app will not pop up again. Dec 5, 2017 1:05 AM. Why is my Office 2016 for Mac suddenly opening with 'Microsoft AU Daemon.app'?
- Recommended: Before Installing any Office update or use backup software: Quit any applications that are running, including virus-protection applications, all Office applications, Microsoft Messenger for Mac, and Office Notifications (Microsoft Database daemon) See how to quit daemon.
Logging installation issues
If an error occurs during installation, the installer will only report a general failure.
The detailed log will be saved to /Library/Logs/Microsoft/mdatp/install.log. If you experience issues during installation, send us this file so we can help diagnose the cause.
Microsoft Au Daemon Mac Message
Au Daemon
Uninstalling
There are several ways to uninstall Microsoft Defender ATP for Mac. Please note that while centrally managed uninstall is available on JAMF, it is not yet available for Microsoft Intune.
Interactive uninstallation
- Open Finder > Applications. Right click on Microsoft Defender ATP > Move to Trash.
From the command line
sudo rm -rf '/Applications/Microsoft Defender ATP.app'sudo rm -rf '/Library/Application Support/Microsoft/Defender/'
Configuring from the command line
Important tasks, such as controlling product settings and triggering on-demand scans, can be done from the command line:
| Group | Scenario | Command |
|---|---|---|
| Configuration | Turn on/off real-time protection | mdatp --config realTimeProtectionEnabled [true/false] |
| Configuration | Turn on/off cloud protection | mdatp --config cloudEnabled [true/false] |
| Configuration | Turn on/off product diagnostics | mdatp --config cloudDiagnosticEnabled [true/false] |
| Configuration | Turn on/off automatic sample submission | mdatp --config cloudAutomaticSampleSubmission [true/false] |
| Configuration | Turn on PUA protection | mdatp --threat --type-handling potentially_unwanted_application block |
| Configuration | Turn off PUA protection | mdatp --threat --type-handling potentially_unwanted_application off |
| Configuration | Turn on audit mode for PUA protection | mdatp --threat --type-handling potentially_unwanted_application audit |
| Diagnostics | Change the log level | mdatp --log-level [error/warning/info/verbose] |
| Diagnostics | Generate diagnostic logs | mdatp --diagnostic --create |
| Health | Check the product's health | mdatp --health |
| Protection | Scan a path | mdatp --scan --path [path] |
| Protection | Do a quick scan | mdatp --scan --quick |
| Protection | Do a full scan | mdatp --scan --full |
| Protection | Cancel an ongoing on-demand scan | mdatp --scan --cancel |
| Protection | Request a security intelligence update | mdatp --definition-update |
| EDR | Turn on/off EDR preview for Mac | mdatp --edr --early-preview [true/false] OR mdatp --edr --earlyPreview [true/false] for versions earlier than 100.78.0 |
| EDR | Add group tag to machine. EDR tags are used for managing machine groups. For more information, please visit https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups | mdatp --edr --set-tag GROUP [name] |
| EDR | Remove group tag from machine | mdatp --edr --remove-tag [name] |
Client Microsoft Defender ATP quarantine directory
/Library/Application Support/Microsoft/Defender/quarantine/ contains the files quarantined by mdatp. The files are named after the threat trackingId. The current trackingIds is shown with mdatp --threat --list --pretty.
Microsoft Defender ATP portal information
Mac Message Microsoft Au Daemon Para Que Sirve
This blog provides detailed guidance on what to expect in Microsoft Defender ATP Security Center.