MOON
Server: Apache
System: Linux smtp.modiva.org 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64
User: rtbrisc (1005)
PHP: 8.1.34
Disabled: NONE
Upload Files
File: //var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/CommandExecution.log
2025-10-16T17:07:52.472118Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Target handler state: enabled [etag_4554152926797883251]
2025-10-16T17:07:52.472953Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] [Enable] current handler state is: notinstalled
2025-10-16T17:07:52.648518Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Initializing extension Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8
2025-10-16T17:07:52.662958Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Update settings file: 0.settings
2025-10-16T17:07:52.663636Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Install extension [PythonRunner.sh src/MdeExtensionHandler.py install]
2025-10-16T17:07:52.664475Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/PythonRunner.sh src/MdeExtensionHandler.py install with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.8", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8", "ConfigSequenceNumber": "0", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-10-16T17:07:54.672747Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Command: PythonRunner.sh src/MdeExtensionHandler.py install
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-16 17:07:53,055, INFO - Start executing handler action: install
2025-10-16 17:07:53,055, INFO - MDE installation will occur in 'enable'
2025-10-16 17:07:53,055, INFO - End executing handler action: install
2025-10-16T17:07:54.675169Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Requested extension state: enabled
2025-10-16T17:07:54.675794Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-10-16T17:07:54.676706Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.8", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8", "ConfigSequenceNumber": "0", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-10-16T17:07:56.684560Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-16 17:07:54,845, INFO - Start executing handler action: enable
2025-10-16 17:07:54,862, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/status/0.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-10-16 17:07:54,902, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-10-16 17:07:54,902, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-10-16 17:07:54,902, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-10-16 17:07:54,902, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-10-16 17:07:54,908, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-16 17:07:55,085, INFO - Start executing installer wrapper
2025-10-16 17:07:55,085, INFO - proxy settings: {}
2025-10-16 17:07:55,085, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-10-16 17:07:55,168, INFO - Start to run the install command: src/mde_installer.latest.sh --debug --install --channel prod --passive-mode --tag SecurityWorkspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --tag AzureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-10-17T08:05:59.602505Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Target handler state: enabled [etag_8734165061382485280]
2025-10-17T08:05:59.604116Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] [Enable] current handler state is: enabled
2025-10-17T08:05:59.605030Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Update settings file: 0.settings
2025-10-17T08:05:59.606610Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Requested extension state: enabled
2025-10-17T08:05:59.607141Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-10-17T08:05:59.607987Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.8", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8", "ConfigSequenceNumber": "0", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-10-17T08:06:01.617496Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-17 08:05:59,922, INFO - Start executing handler action: enable
2025-10-17 08:05:59,941, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/status/0.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-10-17 08:05:59,982, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-10-17 08:05:59,982, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-10-17 08:05:59,983, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-10-17 08:05:59,983, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-10-17 08:05:59,989, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-17 08:06:00,178, INFO - Start executing installer wrapper
2025-10-17 08:06:00,179, INFO - proxy settings: {}
2025-10-17 08:06:00,179, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-10-17 08:06:00,254, INFO - MDE is installed
2025-10-17 08:06:00,255, INFO - Wait for MDE service to be available
2025-10-17 08:06:00,811, INFO - MDE is onboarded
2025-10-17 08:06:01,187, INFO - MDC tags in MDE are valid
2025-10-17 08:06:01,188, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-10-18T08:04:23.971283Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Target handler state: enabled [etag_7104099341544147222]
2025-10-18T08:04:23.973339Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] [Enable] current handler state is: enabled
2025-10-18T08:04:23.974577Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Update settings file: 0.settings
2025-10-18T08:04:23.976319Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Requested extension state: enabled
2025-10-18T08:04:23.976906Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-10-18T08:04:23.977905Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.8", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8", "ConfigSequenceNumber": "0", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-10-18T08:04:25.987279Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-18 08:04:24,299, INFO - Start executing handler action: enable
2025-10-18 08:04:24,319, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/status/0.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-10-18 08:04:24,358, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-10-18 08:04:24,358, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-10-18 08:04:24,358, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-10-18 08:04:24,358, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-10-18 08:04:24,363, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-18 08:04:24,539, INFO - Start executing installer wrapper
2025-10-18 08:04:24,541, INFO - proxy settings: {}
2025-10-18 08:04:24,541, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-10-18 08:04:24,617, INFO - MDE is installed
2025-10-18 08:04:24,618, INFO - Wait for MDE service to be available
2025-10-18 08:04:25,481, INFO - MDE is onboarded
2025-10-18 08:04:25,775, INFO - MDC tags in MDE are valid
2025-10-18 08:04:25,776, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-10-19T08:09:11.706485Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Target handler state: enabled [etag_1313244765304514346]
2025-10-19T08:09:11.708437Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] [Enable] current handler state is: enabled
2025-10-19T08:09:11.709078Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Update settings file: 0.settings
2025-10-19T08:09:11.709711Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Requested extension state: enabled
2025-10-19T08:09:11.710104Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-10-19T08:09:11.711562Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.8", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8", "ConfigSequenceNumber": "0", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-10-19T08:09:13.720882Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-19 08:09:12,030, INFO - Start executing handler action: enable
2025-10-19 08:09:12,049, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/status/0.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-10-19 08:09:12,100, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-10-19 08:09:12,101, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-10-19 08:09:12,101, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-10-19 08:09:12,101, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-10-19 08:09:12,106, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-19 08:09:12,287, INFO - Start executing installer wrapper
2025-10-19 08:09:12,288, INFO - proxy settings: {}
2025-10-19 08:09:12,288, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-10-19 08:09:12,364, INFO - MDE is installed
2025-10-19 08:09:12,364, INFO - Wait for MDE service to be available
2025-10-19 08:09:13,181, INFO - MDE is onboarded
2025-10-19 08:09:13,485, INFO - MDC tags in MDE are valid
2025-10-19 08:09:13,485, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-10-20T08:11:28.118758Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Target handler state: enabled [etag_11530508341657715941]
2025-10-20T08:11:28.120495Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] [Enable] current handler state is: enabled
2025-10-20T08:11:28.121123Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Update settings file: 0.settings
2025-10-20T08:11:28.122612Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Requested extension state: enabled
2025-10-20T08:11:28.123297Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-10-20T08:11:28.124380Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.8", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8", "ConfigSequenceNumber": "0", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-10-20T08:11:30.136926Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-20 08:11:28,474, INFO - Start executing handler action: enable
2025-10-20 08:11:28,492, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/status/0.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-10-20 08:11:28,533, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-10-20 08:11:28,533, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-10-20 08:11:28,534, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-10-20 08:11:28,534, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-10-20 08:11:28,538, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-20 08:11:28,723, INFO - Start executing installer wrapper
2025-10-20 08:11:28,724, INFO - proxy settings: {}
2025-10-20 08:11:28,724, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-10-20 08:11:28,798, INFO - MDE is installed
2025-10-20 08:11:28,798, INFO - Wait for MDE service to be available
2025-10-20 08:11:29,636, INFO - MDE is onboarded
2025-10-20 08:11:29,947, INFO - MDC tags in MDE are valid
2025-10-20 08:11:29,948, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-10-21T08:11:05.662694Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Target handler state: enabled [etag_1456140996093467016]
2025-10-21T08:11:05.664583Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] [Enable] current handler state is: enabled
2025-10-21T08:11:05.664785Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Update settings file: 0.settings
2025-10-21T08:11:05.673667Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Requested extension state: enabled
2025-10-21T08:11:05.674204Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-10-21T08:11:05.675092Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.8", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8", "ConfigSequenceNumber": "0", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-10-21T08:11:07.689932Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-21 08:11:06,083, INFO - Start executing handler action: enable
2025-10-21 08:11:06,116, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/status/0.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-10-21 08:11:06,156, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-10-21 08:11:06,157, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-10-21 08:11:06,157, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-10-21 08:11:06,157, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-10-21 08:11:06,166, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-21 08:11:06,395, INFO - Start executing installer wrapper
2025-10-21 08:11:06,396, INFO - proxy settings: {}
2025-10-21 08:11:06,396, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-10-21 08:11:06,467, INFO - MDE is installed
2025-10-21 08:11:06,467, INFO - Wait for MDE service to be available
2025-10-21 08:11:07,316, INFO - MDE is onboarded
2025-10-22T08:02:25.362183Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Target handler state: enabled [etag_4485823270797466864]
2025-10-22T08:02:25.363854Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] [Enable] current handler state is: enabled
2025-10-22T08:02:25.364099Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Update settings file: 0.settings
2025-10-22T08:02:25.364785Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Requested extension state: enabled
2025-10-22T08:02:25.365276Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-10-22T08:02:25.366138Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.8", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8", "ConfigSequenceNumber": "0", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-10-22T08:02:27.374233Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-22 08:02:25,703, INFO - Start executing handler action: enable
2025-10-22 08:02:25,725, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/status/0.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-10-22 08:02:25,762, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-10-22 08:02:25,762, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-10-22 08:02:25,762, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-10-22 08:02:25,763, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-10-22 08:02:25,768, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-22 08:02:25,957, INFO - Start executing installer wrapper
2025-10-22 08:02:25,958, INFO - proxy settings: {}
2025-10-22 08:02:25,958, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-10-22 08:02:26,037, INFO - MDE is installed
2025-10-22 08:02:26,038, INFO - Wait for MDE service to be available
2025-10-22 08:02:26,463, INFO - MDE is onboarded
2025-10-22 08:02:26,668, INFO - MDC tags in MDE are valid
2025-10-22 08:02:26,669, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-10-23T08:09:15.350771Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Target handler state: enabled [etag_921974003035940313]
2025-10-23T08:09:15.352399Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] [Enable] current handler state is: enabled
2025-10-23T08:09:15.352768Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Update settings file: 0.settings
2025-10-23T08:09:15.353420Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Requested extension state: enabled
2025-10-23T08:09:15.354051Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-10-23T08:09:15.354889Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.8", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8", "ConfigSequenceNumber": "0", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-10-23T08:09:17.365240Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-23 08:09:15,683, INFO - Start executing handler action: enable
2025-10-23 08:09:15,706, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/status/0.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-10-23 08:09:15,750, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-10-23 08:09:15,751, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-10-23 08:09:15,751, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-10-23 08:09:15,751, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-10-23 08:09:15,756, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-23 08:09:15,952, INFO - Start executing installer wrapper
2025-10-23 08:09:15,953, INFO - proxy settings: {}
2025-10-23 08:09:15,953, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-10-23 08:09:16,026, INFO - MDE is installed
2025-10-23 08:09:16,027, INFO - Wait for MDE service to be available
2025-10-23 08:09:17,153, INFO - MDE is onboarded
2025-10-23T17:42:57.130223Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_17726664646817348437]
2025-10-23T17:42:57.132265Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: notinstalled
2025-10-23T17:42:57.328253Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Initializing extension Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9
2025-10-23T17:42:57.343861Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 1.settings
2025-10-23T17:42:57.344920Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Disable extension: [PythonRunner.sh src/MdeExtensionHandler.py disable]
2025-10-23T17:42:57.345866Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/PythonRunner.sh src/MdeExtensionHandler.py disable with environment variables: {"AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.8", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8", "ConfigSequenceNumber": "1", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-10-23T17:42:59.355421Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Command: PythonRunner.sh src/MdeExtensionHandler.py disable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-23 17:42:57,591, INFO - Start executing handler action: disable
2025-10-23 17:42:57,592, ERROR - Microsoft Defender for Endpoint offboarding is not supported
2025-10-23 17:42:57,592, INFO - End executing handler action: disable
2025-10-23T17:42:59.358084Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Copy status files from old plugin to new
2025-10-23T17:42:59.359687Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update extension [PythonRunner.sh src/MdeExtensionHandler.py update]
2025-10-23T17:42:59.360808Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py update with environment variables: {"AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_DISABLE_CMD_EXIT_CODE": "0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "AZURE_GUEST_AGENT_UPDATING_FROM_VERSION": "1.0.8.8", "ConfigSequenceNumber": "1", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-10-23T17:43:01.371704Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py update
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-23 17:42:59,717, INFO - Start executing handler action: update
2025-10-23 17:42:59,718, WARNING - No operation for action: update
2025-10-23 17:42:59,718, INFO - End executing handler action: update
2025-10-23T17:43:01.374154Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Uninstall extension [PythonRunner.sh src/MdeExtensionHandler.py uninstall]
2025-10-23T17:43:01.375327Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/PythonRunner.sh src/MdeExtensionHandler.py uninstall with environment variables: {"AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.8", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8", "ConfigSequenceNumber": "1", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-10-23T17:43:03.387287Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Command: PythonRunner.sh src/MdeExtensionHandler.py uninstall
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-23 17:43:01,553, INFO - Start executing handler action: uninstall
2025-10-23 17:43:01,554, ERROR - Microsoft Defender for Endpoint offboarding is not supported
2025-10-23 17:43:01,554, INFO - End executing handler action: uninstall
2025-10-23T17:43:03.389331Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Remove extension handler directory: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8
2025-10-23T17:43:03.449873Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8] Remove the extension slice: Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.8
2025-10-23T17:43:03.450480Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Install extension [PythonRunner.sh src/MdeExtensionHandler.py install]
2025-10-23T17:43:03.451671Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py install with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "0", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "1", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-10-23T17:43:05.462429Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py install
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-23 17:43:03,619, INFO - Start executing handler action: install
2025-10-23 17:43:03,619, INFO - MDE installation will occur in 'enable'
2025-10-23 17:43:03,620, INFO - End executing handler action: install
2025-10-23T17:43:05.466010Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-10-23T17:43:05.466749Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-10-23T17:43:05.467786Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "0", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "1", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-10-23T17:43:07.475507Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-23 17:43:05,627, INFO - Start executing handler action: enable
2025-10-23 17:43:05,644, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/1.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-10-23 17:43:05,683, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-10-23 17:43:05,683, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-10-23 17:43:05,683, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-10-23 17:43:05,683, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-10-23 17:43:05,687, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-23 17:43:05,865, INFO - Start executing installer wrapper
2025-10-23 17:43:05,866, INFO - proxy settings: {}
2025-10-23 17:43:05,866, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-10-23 17:43:05,940, INFO - MDE is installed
2025-10-23 17:43:05,940, INFO - Wait for MDE service to be available
2025-10-23 17:43:06,452, INFO - MDE is onboarded
2025-10-23 17:43:06,747, INFO - MDC tags in MDE are valid
2025-10-23 17:43:06,748, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-10-24T08:03:52.869944Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_11536135150858184950]
2025-10-24T08:03:52.871684Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-10-24T08:03:52.871966Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 1.settings
2025-10-24T08:03:52.874228Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-10-24T08:03:52.874790Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-10-24T08:03:52.875569Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "1", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-10-24T08:03:54.884797Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-24 08:03:53,223, INFO - Start executing handler action: enable
2025-10-24 08:03:53,246, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/1.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-10-24 08:03:53,288, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-10-24 08:03:53,288, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-10-24 08:03:53,289, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-10-24 08:03:53,289, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-10-24 08:03:53,293, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-24 08:03:53,477, INFO - Start executing installer wrapper
2025-10-24 08:03:53,479, INFO - proxy settings: {}
2025-10-24 08:03:53,480, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-10-24 08:03:53,568, INFO - MDE is installed
2025-10-24 08:03:53,568, INFO - Wait for MDE service to be available
2025-10-24 08:03:54,311, INFO - MDE is onboarded
2025-10-24 08:03:54,692, INFO - MDC tags in MDE are valid
2025-10-24 08:03:54,692, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-10-25T08:11:05.489556Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_3980577666367470227]
2025-10-25T08:11:05.491201Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-10-25T08:11:05.491425Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 1.settings
2025-10-25T08:11:05.491958Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-10-25T08:11:05.492595Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-10-25T08:11:05.493535Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "1", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-10-25T08:11:07.503696Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-25 08:11:05,803, INFO - Start executing handler action: enable
2025-10-25 08:11:05,820, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/1.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-10-25 08:11:05,859, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-10-25 08:11:05,859, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-10-25 08:11:05,859, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-10-25 08:11:05,859, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-10-25 08:11:05,864, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-25 08:11:06,041, INFO - Start executing installer wrapper
2025-10-25 08:11:06,044, INFO - proxy settings: {}
2025-10-25 08:11:06,044, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-10-25 08:11:06,118, INFO - MDE is installed
2025-10-25 08:11:06,118, INFO - Wait for MDE service to be available
2025-10-25 08:11:06,881, INFO - MDE is onboarded
2025-10-25 08:11:07,176, INFO - MDC tags in MDE are valid
2025-10-25 08:11:07,177, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-10-26T08:04:43.326612Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_8999036908667212026]
2025-10-26T08:04:43.328514Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-10-26T08:04:43.328969Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 1.settings
2025-10-26T08:04:43.331692Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-10-26T08:04:43.332281Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-10-26T08:04:43.334156Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "1", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-10-26T08:04:45.343431Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-26 08:04:43,696, INFO - Start executing handler action: enable
2025-10-26 08:04:43,717, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/1.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-10-26 08:04:43,757, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-10-26 08:04:43,757, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-10-26 08:04:43,757, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-10-26 08:04:43,758, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-10-26 08:04:43,764, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-26 08:04:43,952, INFO - Start executing installer wrapper
2025-10-26 08:04:43,953, INFO - proxy settings: {}
2025-10-26 08:04:43,953, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-10-26 08:04:44,030, INFO - MDE is installed
2025-10-26 08:04:44,030, INFO - Wait for MDE service to be available
2025-10-26 08:04:44,753, INFO - MDE is onboarded
2025-10-26 08:04:45,058, INFO - MDC tags in MDE are valid
2025-10-26 08:04:45,058, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-10-27T08:11:36.655591Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_14779000503383045263]
2025-10-27T08:11:36.657485Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-10-27T08:11:36.657732Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 1.settings
2025-10-27T08:11:36.658401Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-10-27T08:11:36.658893Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-10-27T08:11:36.659754Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "1", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-10-27T08:11:38.670409Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-27 08:11:37,007, INFO - Start executing handler action: enable
2025-10-27 08:11:37,029, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/1.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-10-27 08:11:37,072, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-10-27 08:11:37,073, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-10-27 08:11:37,074, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-10-27 08:11:37,075, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-10-27 08:11:37,080, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-27 08:11:37,277, INFO - Start executing installer wrapper
2025-10-27 08:11:37,278, INFO - proxy settings: {}
2025-10-27 08:11:37,278, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-10-27 08:11:37,353, INFO - MDE is installed
2025-10-27 08:11:37,353, INFO - Wait for MDE service to be available
2025-10-27 08:11:38,326, INFO - MDE is onboarded
2025-10-27 08:11:38,630, INFO - MDC tags in MDE are valid
2025-10-27 08:11:38,630, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-10-28T08:08:56.542130Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [incarnation_9]
2025-10-28T08:08:56.543841Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-10-28T08:08:56.544806Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 1.settings
2025-10-28T08:08:56.545455Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-10-28T08:08:56.545990Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-10-28T08:08:56.546793Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "1", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-10-28T08:08:58.556529Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-28 08:08:56,913, INFO - Start executing handler action: enable
2025-10-28 08:08:56,934, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/1.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-10-28 08:08:56,974, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-10-28 08:08:56,974, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-10-28 08:08:56,975, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-10-28 08:08:56,975, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-10-28 08:08:56,980, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-28 08:08:57,163, INFO - Start executing installer wrapper
2025-10-28 08:08:57,165, INFO - proxy settings: {}
2025-10-28 08:08:57,166, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-10-28 08:08:57,246, INFO - MDE is installed
2025-10-28 08:08:57,246, INFO - Wait for MDE service to be available
2025-10-28 08:08:57,925, INFO - MDE is onboarded
2025-10-28 08:08:58,229, INFO - MDC tags in MDE are valid
2025-10-28 08:08:58,229, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-10-29T08:02:51.926295Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_3460755855369230842]
2025-10-29T08:02:51.928108Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-10-29T08:02:51.928473Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 1.settings
2025-10-29T08:02:51.929716Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-10-29T08:02:51.930339Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-10-29T08:02:51.931331Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "1", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-10-29T08:02:53.940977Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-29 08:02:52,298, INFO - Start executing handler action: enable
2025-10-29 08:02:52,320, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/1.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-10-29 08:02:52,355, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-10-29 08:02:52,355, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-10-29 08:02:52,355, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-10-29 08:02:52,355, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-10-29 08:02:52,360, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-29 08:02:52,556, INFO - Start executing installer wrapper
2025-10-29 08:02:52,557, INFO - proxy settings: {}
2025-10-29 08:02:52,558, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-10-29 08:02:52,637, INFO - MDE is installed
2025-10-29 08:02:52,638, INFO - Wait for MDE service to be available
2025-10-29 08:02:53,568, INFO - MDE is onboarded
2025-10-29 08:02:53,875, INFO - MDC tags in MDE are valid
2025-10-29 08:02:53,875, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-10-30T08:03:09.433289Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_3951071281885146913]
2025-10-30T08:03:09.435710Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-10-30T08:03:09.435934Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 1.settings
2025-10-30T08:03:09.437492Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-10-30T08:03:09.438092Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-10-30T08:03:09.438847Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "1", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-10-30T08:03:11.447440Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-30 08:03:09,780, INFO - Start executing handler action: enable
2025-10-30 08:03:09,800, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/1.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-10-30 08:03:09,839, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-10-30 08:03:09,839, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-10-30 08:03:09,839, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-10-30 08:03:09,839, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-10-30 08:03:09,844, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-30 08:03:10,030, INFO - Start executing installer wrapper
2025-10-30 08:03:10,031, INFO - proxy settings: {}
2025-10-30 08:03:10,031, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-10-30 08:03:10,105, INFO - MDE is installed
2025-10-30 08:03:10,105, INFO - Wait for MDE service to be available
2025-10-30 08:03:11,175, INFO - MDE is onboarded
2025-10-30T23:43:07.185810Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_1785581579841215567]
2025-10-30T23:43:07.188236Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-10-30T23:43:07.190498Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 2.settings
2025-10-30T23:43:07.191212Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-10-30T23:43:07.191763Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-10-30T23:43:07.192719Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "2", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-10-30T23:43:09.203666Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-30 23:43:07,473, INFO - Start executing handler action: enable
2025-10-30 23:43:07,491, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/2.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-10-30 23:43:07,529, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-10-30 23:43:07,530, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-10-30 23:43:07,530, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-10-30 23:43:07,530, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-10-30 23:43:07,535, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-30 23:43:07,726, INFO - Start executing installer wrapper
2025-10-30 23:43:07,728, INFO - proxy settings: {}
2025-10-30 23:43:07,728, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-10-30 23:43:07,804, INFO - MDE is installed
2025-10-30 23:43:07,807, INFO - Wait for MDE service to be available
2025-10-30 23:43:08,567, INFO - MDE is onboarded
2025-10-30 23:43:08,869, INFO - MDC tags in MDE are valid
2025-10-30 23:43:08,869, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-10-31T08:09:30.948819Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_1453531116730397342]
2025-10-31T08:09:30.955082Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-10-31T08:09:30.955920Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 2.settings
2025-10-31T08:09:30.956616Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-10-31T08:09:30.957177Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-10-31T08:09:30.958200Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "2", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-10-31T08:09:32.965809Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-31 08:09:31,262, INFO - Start executing handler action: enable
2025-10-31 08:09:31,284, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/2.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-10-31 08:09:31,323, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-10-31 08:09:31,323, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-10-31 08:09:31,324, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-10-31 08:09:31,324, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-10-31 08:09:31,328, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-10-31 08:09:31,507, INFO - Start executing installer wrapper
2025-10-31 08:09:31,508, INFO - proxy settings: {}
2025-10-31 08:09:31,508, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-10-31 08:09:31,586, INFO - MDE is installed
2025-10-31 08:09:31,587, INFO - Wait for MDE service to be available
2025-10-31 08:09:32,064, INFO - MDE is onboarded
2025-10-31 08:09:32,340, INFO - MDC tags in MDE are valid
2025-10-31 08:09:32,341, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-01T08:06:32.790884Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_13404048285876910607]
2025-11-01T08:06:32.792809Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-01T08:06:32.793121Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 2.settings
2025-11-01T08:06:32.794631Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-01T08:06:32.795363Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-01T08:06:32.796296Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "2", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-01T08:06:34.804125Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-01 08:06:33,139, INFO - Start executing handler action: enable
2025-11-01 08:06:33,155, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/2.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-01 08:06:33,192, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-01 08:06:33,192, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-01 08:06:33,192, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-01 08:06:33,192, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-01 08:06:33,196, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-01 08:06:33,363, INFO - Start executing installer wrapper
2025-11-01 08:06:33,364, INFO - proxy settings: {}
2025-11-01 08:06:33,364, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-01 08:06:33,444, INFO - MDE is installed
2025-11-01 08:06:33,444, INFO - Wait for MDE service to be available
2025-11-01 08:06:34,409, INFO - MDE is onboarded
2025-11-01 08:06:34,705, INFO - MDC tags in MDE are valid
2025-11-01 08:06:34,705, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-02T08:08:27.422907Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_13261610418870287718]
2025-11-02T08:08:27.425870Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-02T08:08:27.426148Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 2.settings
2025-11-02T08:08:27.427772Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-02T08:08:27.428254Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-02T08:08:27.429001Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "2", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-02T08:08:29.437285Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-02 08:08:27,751, INFO - Start executing handler action: enable
2025-11-02 08:08:27,771, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/2.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-02 08:08:27,814, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-02 08:08:27,814, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-02 08:08:27,814, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-02 08:08:27,814, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-02 08:08:27,819, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-02 08:08:27,997, INFO - Start executing installer wrapper
2025-11-02 08:08:27,998, INFO - proxy settings: {}
2025-11-02 08:08:27,998, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-02 08:08:28,077, INFO - MDE is installed
2025-11-02 08:08:28,077, INFO - Wait for MDE service to be available
2025-11-02 08:08:28,738, INFO - MDE is onboarded
2025-11-02 08:08:29,039, INFO - MDC tags in MDE are valid
2025-11-02 08:08:29,039, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-03T08:07:51.412307Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_3770235457554634203]
2025-11-03T08:07:51.414170Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-03T08:07:51.414466Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 2.settings
2025-11-03T08:07:51.415929Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-03T08:07:51.416612Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-03T08:07:51.417556Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "2", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-03T08:07:53.425614Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-03 08:07:51,869, INFO - Start executing handler action: enable
2025-11-03 08:07:51,907, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/2.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-03 08:07:51,954, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-03 08:07:51,955, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-03 08:07:51,955, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-03 08:07:51,955, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-03 08:07:51,959, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-03 08:07:52,168, INFO - Start executing installer wrapper
2025-11-03 08:07:52,186, INFO - proxy settings: {}
2025-11-03 08:07:52,187, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-03 08:07:52,264, INFO - MDE is installed
2025-11-03 08:07:52,264, INFO - Wait for MDE service to be available
2025-11-03 08:07:53,328, INFO - MDE is onboarded
2025-11-04T08:08:43.213185Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_9330116788794824883]
2025-11-04T08:08:43.215167Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-04T08:08:43.215587Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 2.settings
2025-11-04T08:08:43.218049Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-04T08:08:43.218813Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-04T08:08:43.219877Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "2", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-04T08:08:45.228288Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-04 08:08:43,582, INFO - Start executing handler action: enable
2025-11-04 08:08:43,605, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/2.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-04 08:08:43,644, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-04 08:08:43,645, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-04 08:08:43,645, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-04 08:08:43,645, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-04 08:08:43,652, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-04 08:08:43,858, INFO - Start executing installer wrapper
2025-11-04 08:08:43,859, INFO - proxy settings: {}
2025-11-04 08:08:43,859, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-04 08:08:43,934, INFO - MDE is installed
2025-11-04 08:08:43,934, INFO - Wait for MDE service to be available
2025-11-04 08:08:44,689, INFO - MDE is onboarded
2025-11-04 08:08:44,988, INFO - MDC tags in MDE are valid
2025-11-04 08:08:44,989, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-05T08:02:16.036733Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_16935068711122477689]
2025-11-05T08:02:16.039425Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-05T08:02:16.039662Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 2.settings
2025-11-05T08:02:16.044130Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-05T08:02:16.044732Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-05T08:02:16.045680Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "2", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-05T08:02:18.054849Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-05 08:02:16,419, INFO - Start executing handler action: enable
2025-11-05 08:02:16,438, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/2.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-05 08:02:16,480, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-05 08:02:16,480, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-05 08:02:16,481, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-05 08:02:16,481, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-05 08:02:16,486, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-05 08:02:16,668, INFO - Start executing installer wrapper
2025-11-05 08:02:16,669, INFO - proxy settings: {}
2025-11-05 08:02:16,669, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-05 08:02:16,745, INFO - MDE is installed
2025-11-05 08:02:16,745, INFO - Wait for MDE service to be available
2025-11-05 08:02:17,640, INFO - MDE is onboarded
2025-11-05 08:02:18,022, INFO - MDC tags in MDE are valid
2025-11-05 08:02:18,023, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-06T08:08:46.438555Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_8650726910685520435]
2025-11-06T08:08:46.440536Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-06T08:08:46.441560Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 2.settings
2025-11-06T08:08:46.442316Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-06T08:08:46.442852Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-06T08:08:46.443894Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "2", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-06T08:08:48.457484Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-06 08:08:46,795, INFO - Start executing handler action: enable
2025-11-06 08:08:46,823, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/2.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-06 08:08:46,860, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-06 08:08:46,860, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-06 08:08:46,861, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-06 08:08:46,861, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-06 08:08:46,869, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-06 08:08:47,089, INFO - Start executing installer wrapper
2025-11-06 08:08:47,090, INFO - proxy settings: {}
2025-11-06 08:08:47,090, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-06 08:08:47,163, INFO - MDE is installed
2025-11-06 08:08:47,164, INFO - Wait for MDE service to be available
2025-11-06 08:08:47,566, INFO - MDE is onboarded
2025-11-06 08:08:47,851, INFO - MDC tags in MDE are valid
2025-11-06 08:08:47,852, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-07T05:43:14.436717Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_11319302387510894774]
2025-11-07T05:43:14.438630Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-07T05:43:14.439210Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 3.settings
2025-11-07T05:43:14.439883Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-07T05:43:14.440451Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-07T05:43:14.441234Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "3", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-07T05:43:16.450066Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-07 05:43:14,749, INFO - Start executing handler action: enable
2025-11-07 05:43:14,770, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/3.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-07 05:43:14,807, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-07 05:43:14,807, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-07 05:43:14,808, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-07 05:43:14,808, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-07 05:43:14,815, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-07 05:43:14,989, INFO - Start executing installer wrapper
2025-11-07 05:43:14,999, INFO - proxy settings: {}
2025-11-07 05:43:14,999, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-07 05:43:15,072, INFO - MDE is installed
2025-11-07 05:43:15,072, INFO - Wait for MDE service to be available
2025-11-07 05:43:16,006, INFO - MDE is onboarded
2025-11-07 05:43:16,413, INFO - MDC tags in MDE are valid
2025-11-07 05:43:16,413, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-07T08:11:12.149547Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_9657037466591516811]
2025-11-07T08:11:12.150697Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-07T08:11:12.150947Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 3.settings
2025-11-07T08:11:12.152636Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-07T08:11:12.153306Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-07T08:11:12.154183Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "3", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-07T08:11:14.165955Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-07 08:11:12,332, INFO - Start executing handler action: enable
2025-11-07 08:11:12,350, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/3.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-07 08:11:12,396, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-07 08:11:12,396, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-07 08:11:12,396, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-07 08:11:12,397, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-07 08:11:12,402, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-07 08:11:12,587, INFO - Start executing installer wrapper
2025-11-07 08:11:12,587, INFO - proxy settings: {}
2025-11-07 08:11:12,587, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-07 08:11:12,667, INFO - MDE is installed
2025-11-07 08:11:12,667, INFO - Wait for MDE service to be available
2025-11-07 08:11:13,212, INFO - MDE is onboarded
2025-11-07 08:11:13,591, INFO - MDC tags in MDE are valid
2025-11-07 08:11:13,591, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-08T08:10:41.072653Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_2670896644531402889]
2025-11-08T08:10:41.075952Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-08T08:10:41.076200Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 3.settings
2025-11-08T08:10:41.080148Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-08T08:10:41.083383Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-08T08:10:41.084208Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "3", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-08T08:10:43.094526Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-08 08:10:41,855, INFO - Start executing handler action: enable
2025-11-08 08:10:41,887, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/3.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-08 08:10:41,928, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-08 08:10:41,928, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-08 08:10:41,928, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-08 08:10:41,928, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-08 08:10:41,936, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-08 08:10:42,138, INFO - Start executing installer wrapper
2025-11-08 08:10:42,143, INFO - proxy settings: {}
2025-11-08 08:10:42,143, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-08 08:10:42,211, INFO - MDE is installed
2025-11-08 08:10:42,212, INFO - Wait for MDE service to be available
2025-11-09T08:09:20.556806Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_17718326084544923555]
2025-11-09T08:09:20.558767Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-09T08:09:20.558989Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 3.settings
2025-11-09T08:09:20.560948Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-09T08:09:20.561578Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-09T08:09:20.562437Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "3", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-09T08:09:22.571799Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-09 08:09:20,845, INFO - Start executing handler action: enable
2025-11-09 08:09:20,863, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/3.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-09 08:09:20,899, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-09 08:09:20,900, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-09 08:09:20,900, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-09 08:09:20,900, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-09 08:09:20,904, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-09 08:09:21,084, INFO - Start executing installer wrapper
2025-11-09 08:09:21,115, INFO - proxy settings: {}
2025-11-09 08:09:21,115, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-09 08:09:21,194, INFO - MDE is installed
2025-11-09 08:09:21,194, INFO - Wait for MDE service to be available
2025-11-09 08:09:21,602, INFO - MDE is onboarded
2025-11-09 08:09:21,811, INFO - MDC tags in MDE are valid
2025-11-09 08:09:21,811, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-10T08:02:35.916157Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_841316332993770886]
2025-11-10T08:02:35.918029Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-10T08:02:35.918293Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 3.settings
2025-11-10T08:02:35.919688Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-10T08:02:35.920503Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-10T08:02:35.921475Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "3", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-10T08:02:37.931533Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-10 08:02:36,260, INFO - Start executing handler action: enable
2025-11-10 08:02:36,278, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/3.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-10 08:02:36,317, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-10 08:02:36,317, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-10 08:02:36,317, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-10 08:02:36,317, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-10 08:02:36,322, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-10 08:02:36,512, INFO - Start executing installer wrapper
2025-11-10 08:02:36,513, INFO - proxy settings: {}
2025-11-10 08:02:36,513, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-10 08:02:36,585, INFO - MDE is installed
2025-11-10 08:02:36,586, INFO - Wait for MDE service to be available
2025-11-10 08:02:37,424, INFO - MDE is onboarded
2025-11-10 08:02:37,743, INFO - MDC tags in MDE are valid
2025-11-10 08:02:37,744, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-11T08:07:12.965808Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_7418808607304677329]
2025-11-11T08:07:12.968035Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-11T08:07:12.968321Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 3.settings
2025-11-11T08:07:12.974669Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-11T08:07:12.975266Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-11T08:07:12.976250Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "3", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-11T08:07:14.989115Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-11 08:07:13,332, INFO - Start executing handler action: enable
2025-11-11 08:07:13,353, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/3.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-11 08:07:13,405, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-11 08:07:13,406, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-11 08:07:13,406, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-11 08:07:13,406, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-11 08:07:13,411, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-11 08:07:13,593, INFO - Start executing installer wrapper
2025-11-11 08:07:13,595, INFO - proxy settings: {}
2025-11-11 08:07:13,595, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-11 08:07:13,676, INFO - MDE is installed
2025-11-11 08:07:13,676, INFO - Wait for MDE service to be available
2025-11-11 08:07:14,413, INFO - MDE is onboarded
2025-11-11 08:07:14,716, INFO - MDC tags in MDE are valid
2025-11-11 08:07:14,716, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-12T08:03:00.154844Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_2936165063841873519]
2025-11-12T08:03:00.157105Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-12T08:03:00.157318Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 3.settings
2025-11-12T08:03:00.159248Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-12T08:03:00.159896Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-12T08:03:00.160821Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "3", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-12T08:03:02.170303Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-12 08:03:00,520, INFO - Start executing handler action: enable
2025-11-12 08:03:00,542, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/3.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-12 08:03:00,585, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-12 08:03:00,585, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-12 08:03:00,585, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-12 08:03:00,585, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-12 08:03:00,592, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-12 08:03:00,793, INFO - Start executing installer wrapper
2025-11-12 08:03:00,794, INFO - proxy settings: {}
2025-11-12 08:03:00,794, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-12 08:03:00,869, INFO - MDE is installed
2025-11-12 08:03:00,869, INFO - Wait for MDE service to be available
2025-11-12 08:03:01,792, INFO - MDE is onboarded
2025-11-13T08:03:20.360362Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_5812272731152994066]
2025-11-13T08:03:20.362137Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-13T08:03:20.363128Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 3.settings
2025-11-13T08:03:20.364419Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-13T08:03:20.364979Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-13T08:03:20.365758Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "3", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-13T08:03:22.373485Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-13 08:03:20,710, INFO - Start executing handler action: enable
2025-11-13 08:03:20,732, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/3.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-13 08:03:20,771, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-13 08:03:20,772, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-13 08:03:20,772, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-13 08:03:20,772, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-13 08:03:20,777, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-13 08:03:20,975, INFO - Start executing installer wrapper
2025-11-13 08:03:20,977, INFO - proxy settings: {}
2025-11-13 08:03:20,977, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-13 08:03:21,047, INFO - MDE is installed
2025-11-13 08:03:21,047, INFO - Wait for MDE service to be available
2025-11-13 08:03:21,763, INFO - MDE is onboarded
2025-11-13 08:03:22,145, INFO - MDC tags in MDE are valid
2025-11-13 08:03:22,146, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-14T08:07:14.186636Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_17123822121443917455]
2025-11-14T08:07:14.188442Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-14T08:07:14.188880Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 3.settings
2025-11-14T08:07:14.189692Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-14T08:07:14.190223Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-14T08:07:14.191023Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "3", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-14T08:07:16.200831Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-14 08:07:14,486, INFO - Start executing handler action: enable
2025-11-14 08:07:14,506, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/3.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-14 08:07:14,550, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-14 08:07:14,550, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-14 08:07:14,550, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-14 08:07:14,550, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-14 08:07:14,555, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-14 08:07:14,739, INFO - Start executing installer wrapper
2025-11-14 08:07:14,740, INFO - proxy settings: {}
2025-11-14 08:07:14,740, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-14 08:07:14,826, INFO - MDE is installed
2025-11-14 08:07:14,826, INFO - Wait for MDE service to be available
2025-11-14 08:07:15,421, INFO - MDE is onboarded
2025-11-14 08:07:15,799, INFO - MDC tags in MDE are valid
2025-11-14 08:07:15,799, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-14T11:43:11.209356Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_9137297575012300014]
2025-11-14T11:43:11.210502Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-14T11:43:11.210803Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 4.settings
2025-11-14T11:43:11.211481Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-14T11:43:11.211966Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-14T11:43:11.212822Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "4", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-14T11:43:13.221459Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-14 11:43:11,389, INFO - Start executing handler action: enable
2025-11-14 11:43:11,406, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/4.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-14 11:43:11,444, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-14 11:43:11,444, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-14 11:43:11,444, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-14 11:43:11,444, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-14 11:43:11,449, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-14 11:43:11,645, INFO - Start executing installer wrapper
2025-11-14 11:43:11,645, INFO - proxy settings: {}
2025-11-14 11:43:11,645, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-14 11:43:11,719, INFO - MDE is installed
2025-11-14 11:43:11,719, INFO - Wait for MDE service to be available
2025-11-14 11:43:12,300, INFO - MDE is onboarded
2025-11-14 11:43:12,606, INFO - MDC tags in MDE are valid
2025-11-14 11:43:12,607, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-15T08:11:24.505958Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_10394428122433116853]
2025-11-15T08:11:24.508692Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-15T08:11:24.508989Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 4.settings
2025-11-15T08:11:24.510569Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-15T08:11:24.511118Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-15T08:11:24.511945Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "4", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-15T08:11:26.519775Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-15 08:11:24,843, INFO - Start executing handler action: enable
2025-11-15 08:11:24,862, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/4.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-15 08:11:24,908, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-15 08:11:24,908, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-15 08:11:24,908, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-15 08:11:24,909, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-15 08:11:24,913, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-15 08:11:25,094, INFO - Start executing installer wrapper
2025-11-15 08:11:25,096, INFO - proxy settings: {}
2025-11-15 08:11:25,096, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-15 08:11:25,173, INFO - MDE is installed
2025-11-15 08:11:25,173, INFO - Wait for MDE service to be available
2025-11-15 08:11:25,842, INFO - MDE is onboarded
2025-11-15 08:11:26,130, INFO - MDC tags in MDE are valid
2025-11-15 08:11:26,131, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-16T08:09:54.015910Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_8744462367804003426]
2025-11-16T08:09:54.017799Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-16T08:09:54.018002Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 4.settings
2025-11-16T08:09:54.024570Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-16T08:09:54.025106Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-16T08:09:54.025964Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "4", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-16T08:09:56.039140Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-16 08:09:54,416, INFO - Start executing handler action: enable
2025-11-16 08:09:54,434, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/4.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-16 08:09:54,475, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-16 08:09:54,476, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-16 08:09:54,476, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-16 08:09:54,476, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-16 08:09:54,481, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-16 08:09:54,664, INFO - Start executing installer wrapper
2025-11-16 08:09:54,683, INFO - proxy settings: {}
2025-11-16 08:09:54,683, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-16 08:09:54,759, INFO - MDE is installed
2025-11-16 08:09:54,760, INFO - Wait for MDE service to be available
2025-11-16 08:09:55,505, INFO - MDE is onboarded
2025-11-16 08:09:55,796, INFO - MDC tags in MDE are valid
2025-11-16 08:09:55,796, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-17T08:04:13.413227Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_15989783066098008549]
2025-11-17T08:04:13.415699Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-17T08:04:13.415952Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 4.settings
2025-11-17T08:04:13.417094Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-17T08:04:13.417632Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-17T08:04:13.418508Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "4", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-17T08:04:15.426084Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-17 08:04:13,731, INFO - Start executing handler action: enable
2025-11-17 08:04:13,753, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/4.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-17 08:04:13,794, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-17 08:04:13,795, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-17 08:04:13,795, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-17 08:04:13,795, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-17 08:04:13,800, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-17 08:04:13,976, INFO - Start executing installer wrapper
2025-11-17 08:04:13,978, INFO - proxy settings: {}
2025-11-17 08:04:13,978, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-17 08:04:14,050, INFO - MDE is installed
2025-11-17 08:04:14,051, INFO - Wait for MDE service to be available
2025-11-17 08:04:15,056, INFO - MDE is onboarded
2025-11-17 08:04:15,364, INFO - MDC tags in MDE are valid
2025-11-17 08:04:15,364, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-18T08:08:02.941641Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_2998583878245143409]
2025-11-18T08:08:02.943270Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-18T08:08:02.943466Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 4.settings
2025-11-18T08:08:02.946672Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-18T08:08:02.947270Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-18T08:08:02.948251Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "4", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-18T08:08:04.961135Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-18 08:08:03,313, INFO - Start executing handler action: enable
2025-11-18 08:08:03,334, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/4.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-18 08:08:03,374, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-18 08:08:03,375, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-18 08:08:03,375, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-18 08:08:03,375, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-18 08:08:03,379, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-18 08:08:03,562, INFO - Start executing installer wrapper
2025-11-18 08:08:03,563, INFO - proxy settings: {}
2025-11-18 08:08:03,563, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-18 08:08:03,728, INFO - MDE is installed
2025-11-18 08:08:03,729, INFO - Wait for MDE service to be available
2025-11-18 08:08:04,521, INFO - MDE is onboarded
2025-11-18 08:08:04,818, INFO - MDC tags in MDE are valid
2025-11-18 08:08:04,819, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-19T08:09:18.946479Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_6350970672058909423]
2025-11-19T08:09:18.948345Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-19T08:09:18.948601Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 4.settings
2025-11-19T08:09:18.950175Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-19T08:09:18.950893Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-19T08:09:18.951798Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "4", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-19T08:09:20.960260Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-19 08:09:19,284, INFO - Start executing handler action: enable
2025-11-19 08:09:19,303, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/4.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-19 08:09:19,344, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-19 08:09:19,345, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-19 08:09:19,345, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-19 08:09:19,345, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-19 08:09:19,349, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-19 08:09:19,523, INFO - Start executing installer wrapper
2025-11-19 08:09:19,525, INFO - proxy settings: {}
2025-11-19 08:09:19,525, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-19 08:09:19,597, INFO - MDE is installed
2025-11-19 08:09:19,597, INFO - Wait for MDE service to be available
2025-11-19 08:09:20,420, INFO - MDE is onboarded
2025-11-19 08:09:20,717, INFO - MDC tags in MDE are valid
2025-11-19 08:09:20,717, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-20T08:02:20.764281Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_1605873635271624163]
2025-11-20T08:02:20.766132Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-20T08:02:20.766323Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 4.settings
2025-11-20T08:02:20.773379Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-20T08:02:20.773922Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-20T08:02:20.775272Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "4", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-20T08:02:22.787826Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-20 08:02:21,103, INFO - Start executing handler action: enable
2025-11-20 08:02:21,130, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/4.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-20 08:02:21,172, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-20 08:02:21,172, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-20 08:02:21,172, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-20 08:02:21,173, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-20 08:02:21,181, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-20 08:02:21,359, INFO - Start executing installer wrapper
2025-11-20 08:02:21,363, INFO - proxy settings: {}
2025-11-20 08:02:21,363, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-20 08:02:21,439, INFO - MDE is installed
2025-11-20 08:02:21,439, INFO - Wait for MDE service to be available
2025-11-20 08:02:22,574, INFO - MDE is onboarded
2025-11-21T08:03:20.916437Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_10073508223710585551]
2025-11-21T08:03:20.918845Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-21T08:03:20.919384Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 4.settings
2025-11-21T08:03:20.920734Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-21T08:03:20.921426Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-21T08:03:20.922346Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "4", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-21T08:03:22.929681Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-21 08:03:21,232, INFO - Start executing handler action: enable
2025-11-21 08:03:21,251, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/4.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-21 08:03:21,293, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-21 08:03:21,293, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-21 08:03:21,293, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-21 08:03:21,293, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-21 08:03:21,298, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-21 08:03:21,468, INFO - Start executing installer wrapper
2025-11-21 08:03:21,470, INFO - proxy settings: {}
2025-11-21 08:03:21,471, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-21 08:03:21,563, INFO - MDE is installed
2025-11-21 08:03:21,564, INFO - Wait for MDE service to be available
2025-11-21 08:03:22,497, INFO - MDE is onboarded
2025-11-21 08:03:22,789, INFO - MDC tags in MDE are valid
2025-11-21 08:03:22,790, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-21T17:43:19.127572Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_2591359520151425291]
2025-11-21T17:43:19.129330Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-21T17:43:19.129570Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 5.settings
2025-11-21T17:43:19.130632Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-21T17:43:19.131162Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-21T17:43:19.131933Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "5", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-21T17:43:21.138725Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-21 17:43:19,300, INFO - Start executing handler action: enable
2025-11-21 17:43:19,316, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/5.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-21 17:43:19,352, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-21 17:43:19,352, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-21 17:43:19,352, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-21 17:43:19,352, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-21 17:43:19,356, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-21 17:43:19,529, INFO - Start executing installer wrapper
2025-11-21 17:43:19,530, INFO - proxy settings: {}
2025-11-21 17:43:19,530, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-21 17:43:19,606, INFO - MDE is installed
2025-11-21 17:43:19,606, INFO - Wait for MDE service to be available
2025-11-21 17:43:20,093, INFO - MDE is onboarded
2025-11-21 17:43:20,389, INFO - MDC tags in MDE are valid
2025-11-21 17:43:20,389, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-22T08:08:31.238040Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_8463706212937569652]
2025-11-22T08:08:31.242286Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-22T08:08:31.242505Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 5.settings
2025-11-22T08:08:31.247103Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-22T08:08:31.247641Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-22T08:08:31.248617Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "5", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-22T08:08:33.255577Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-22 08:08:31,575, INFO - Start executing handler action: enable
2025-11-22 08:08:31,611, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/5.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-22 08:08:31,649, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-22 08:08:31,650, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-22 08:08:31,650, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-22 08:08:31,650, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-22 08:08:31,653, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-22 08:08:31,797, INFO - Start executing installer wrapper
2025-11-22 08:08:31,808, INFO - proxy settings: {}
2025-11-22 08:08:31,809, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-22 08:08:31,880, INFO - MDE is installed
2025-11-22 08:08:31,881, INFO - Wait for MDE service to be available
2025-11-22 08:08:32,525, INFO - MDE is onboarded
2025-11-22 08:08:32,747, INFO - MDC tags in MDE are valid
2025-11-22 08:08:32,747, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-23T08:02:44.205476Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_5765194207202068946]
2025-11-23T08:02:44.207466Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-23T08:02:44.207793Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 5.settings
2025-11-23T08:02:44.209131Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-23T08:02:44.209734Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-23T08:02:44.210562Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "5", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-23T08:02:46.218025Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-23 08:02:44,537, INFO - Start executing handler action: enable
2025-11-23 08:02:44,556, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/5.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-23 08:02:45,158, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-23 08:02:45,159, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-23 08:02:45,159, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-23 08:02:45,159, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-23 08:02:45,163, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-23 08:02:45,339, INFO - Start executing installer wrapper
2025-11-23 08:02:45,341, INFO - proxy settings: {}
2025-11-23 08:02:45,342, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-23 08:02:45,412, INFO - MDE is installed
2025-11-23 08:02:45,412, INFO - Wait for MDE service to be available
2025-11-24T08:06:29.969084Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_8382433217303704526]
2025-11-24T08:06:29.970986Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-24T08:06:29.971704Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 5.settings
2025-11-24T08:06:29.973214Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-24T08:06:29.973758Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-24T08:06:29.974693Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "5", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-24T08:06:31.982498Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-24 08:06:30,287, INFO - Start executing handler action: enable
2025-11-24 08:06:30,305, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/5.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-24 08:06:30,344, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-24 08:06:30,344, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-24 08:06:30,344, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-24 08:06:30,344, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-24 08:06:30,348, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-24 08:06:30,517, INFO - Start executing installer wrapper
2025-11-24 08:06:30,519, INFO - proxy settings: {}
2025-11-24 08:06:30,519, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-24 08:06:30,591, INFO - MDE is installed
2025-11-24 08:06:30,591, INFO - Wait for MDE service to be available
2025-11-24 08:06:31,434, INFO - MDE is onboarded
2025-11-24 08:06:31,731, INFO - MDC tags in MDE are valid
2025-11-24 08:06:31,731, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-25T08:04:20.160343Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_3072843569582052533]
2025-11-25T08:04:20.162547Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-25T08:04:20.163071Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 5.settings
2025-11-25T08:04:20.167492Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-25T08:04:20.168122Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-25T08:04:20.168904Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "5", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-25T08:04:22.177672Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-25 08:04:20,511, INFO - Start executing handler action: enable
2025-11-25 08:04:20,529, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/5.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-25 08:04:20,571, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-25 08:04:20,572, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-25 08:04:20,572, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-25 08:04:20,572, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-25 08:04:20,576, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-25 08:04:20,743, INFO - Start executing installer wrapper
2025-11-25 08:04:20,745, INFO - proxy settings: {}
2025-11-25 08:04:20,746, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-25 08:04:20,820, INFO - MDE is installed
2025-11-25 08:04:20,820, INFO - Wait for MDE service to be available
2025-11-25 08:04:21,739, INFO - MDE is onboarded
2025-11-25 08:04:22,040, INFO - MDC tags in MDE are valid
2025-11-25 08:04:22,041, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-26T08:04:59.285684Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_10313073536085473033]
2025-11-26T08:04:59.288097Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-26T08:04:59.288327Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 5.settings
2025-11-26T08:04:59.289019Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-26T08:04:59.289581Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-26T08:04:59.290491Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "5", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-26T08:05:01.300164Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-26 08:04:59,606, INFO - Start executing handler action: enable
2025-11-26 08:04:59,628, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/5.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-26 08:04:59,666, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-26 08:04:59,667, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-26 08:04:59,667, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-26 08:04:59,667, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-26 08:04:59,671, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-26 08:04:59,853, INFO - Start executing installer wrapper
2025-11-26 08:04:59,855, INFO - proxy settings: {}
2025-11-26 08:04:59,856, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-26 08:04:59,940, INFO - MDE is installed
2025-11-26 08:04:59,940, INFO - Wait for MDE service to be available
2025-11-26 08:05:00,353, INFO - MDE is onboarded
2025-11-26 08:05:00,557, INFO - MDC tags in MDE are valid
2025-11-26 08:05:00,558, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-27T08:12:52.144961Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_4179797930186267356]
2025-11-27T08:12:52.147594Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-27T08:12:52.147823Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 5.settings
2025-11-27T08:12:52.149329Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-27T08:12:52.149952Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-27T08:12:52.151661Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "5", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-27T08:12:54.160859Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-27 08:12:52,462, INFO - Start executing handler action: enable
2025-11-27 08:12:52,479, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/5.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-27 08:12:52,518, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-27 08:12:52,518, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-27 08:12:52,519, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-27 08:12:52,519, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-27 08:12:52,523, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-27 08:12:52,691, INFO - Start executing installer wrapper
2025-11-27 08:12:52,694, INFO - proxy settings: {}
2025-11-27 08:12:52,694, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-27 08:12:52,768, INFO - MDE is installed
2025-11-27 08:12:52,768, INFO - Wait for MDE service to be available
2025-11-27 08:12:53,595, INFO - MDE is onboarded
2025-11-27 08:12:53,886, INFO - MDC tags in MDE are valid
2025-11-27 08:12:53,887, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-28T08:07:58.019066Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_12848628066570164258]
2025-11-28T08:07:58.021717Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-28T08:07:58.022308Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 5.settings
2025-11-28T08:07:58.023793Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-28T08:07:58.024322Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-28T08:07:58.025114Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "5", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-28T08:08:00.034175Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-28 08:07:58,377, INFO - Start executing handler action: enable
2025-11-28 08:07:58,397, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/5.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-28 08:07:58,438, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-28 08:07:58,439, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-28 08:07:58,439, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-28 08:07:58,439, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-28 08:07:58,444, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-28 08:07:58,619, INFO - Start executing installer wrapper
2025-11-28 08:07:58,649, INFO - proxy settings: {}
2025-11-28 08:07:58,649, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-28 08:07:58,723, INFO - MDE is installed
2025-11-28 08:07:58,723, INFO - Wait for MDE service to be available
2025-11-28 08:07:59,320, INFO - MDE is onboarded
2025-11-28 08:07:59,521, INFO - MDC tags in MDE are valid
2025-11-28 08:07:59,521, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-28T23:43:08.514920Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_3447896313269059757]
2025-11-28T23:43:08.517480Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-28T23:43:08.517714Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 6.settings
2025-11-28T23:43:08.518382Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-28T23:43:08.518821Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-28T23:43:08.519521Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "6", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-28T23:43:10.526506Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-28 23:43:08,817, INFO - Start executing handler action: enable
2025-11-28 23:43:08,836, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/6.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-28 23:43:08,879, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-28 23:43:08,879, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-28 23:43:08,879, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-28 23:43:08,879, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-28 23:43:08,883, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-28 23:43:09,076, INFO - Start executing installer wrapper
2025-11-28 23:43:09,078, INFO - proxy settings: {}
2025-11-28 23:43:09,078, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-28 23:43:09,170, INFO - MDE is installed
2025-11-28 23:43:09,170, INFO - Wait for MDE service to be available
2025-11-28 23:43:09,566, INFO - MDE is onboarded
2025-11-28 23:43:09,769, INFO - MDC tags in MDE are valid
2025-11-28 23:43:09,770, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-29T08:10:13.192507Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_7095483645328380351]
2025-11-29T08:10:13.195559Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-29T08:10:13.195948Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 6.settings
2025-11-29T08:10:13.196594Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-29T08:10:13.197179Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-29T08:10:13.197851Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "6", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-29T08:10:15.206637Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-29 08:10:13,488, INFO - Start executing handler action: enable
2025-11-29 08:10:13,507, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/6.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-29 08:10:13,546, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-29 08:10:13,546, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-29 08:10:13,547, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-29 08:10:13,547, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-29 08:10:13,551, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-29 08:10:13,711, INFO - Start executing installer wrapper
2025-11-29 08:10:13,737, INFO - proxy settings: {}
2025-11-29 08:10:13,737, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-29 08:10:13,808, INFO - MDE is installed
2025-11-29 08:10:13,809, INFO - Wait for MDE service to be available
2025-11-29 08:10:14,172, INFO - MDE is onboarded
2025-11-29 08:10:14,374, INFO - MDC tags in MDE are valid
2025-11-29 08:10:14,375, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-11-30T08:07:39.873481Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_8593249517284199054]
2025-11-30T08:07:39.876672Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-11-30T08:07:39.877073Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 6.settings
2025-11-30T08:07:39.879408Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-11-30T08:07:39.879924Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-11-30T08:07:39.880669Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "6", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-11-30T08:07:41.890068Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-30 08:07:40,291, INFO - Start executing handler action: enable
2025-11-30 08:07:40,321, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/6.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-11-30 08:07:40,369, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-11-30 08:07:40,369, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-11-30 08:07:40,369, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-11-30 08:07:40,369, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-11-30 08:07:40,377, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-11-30 08:07:40,590, INFO - Start executing installer wrapper
2025-11-30 08:07:40,601, INFO - proxy settings: {}
2025-11-30 08:07:40,602, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-11-30 08:07:40,677, INFO - MDE is installed
2025-11-30 08:07:40,678, INFO - Wait for MDE service to be available
2025-11-30 08:07:41,259, INFO - MDE is onboarded
2025-11-30 08:07:41,577, INFO - MDC tags in MDE are valid
2025-11-30 08:07:41,577, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-01T08:08:28.518760Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_11215677447356553006]
2025-12-01T08:08:28.520993Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-01T08:08:28.521296Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 6.settings
2025-12-01T08:08:28.522716Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-01T08:08:28.523192Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-01T08:08:28.524045Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "6", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-01T08:08:30.533957Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-01 08:08:28,856, INFO - Start executing handler action: enable
2025-12-01 08:08:28,877, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/6.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-01 08:08:28,918, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-01 08:08:28,918, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-01 08:08:28,918, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-01 08:08:28,918, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-01 08:08:28,923, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-01 08:08:29,105, INFO - Start executing installer wrapper
2025-12-01 08:08:29,108, INFO - proxy settings: {}
2025-12-01 08:08:29,108, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-01 08:08:29,186, INFO - MDE is installed
2025-12-01 08:08:29,186, INFO - Wait for MDE service to be available
2025-12-01 08:08:29,995, INFO - MDE is onboarded
2025-12-01 08:08:30,302, INFO - MDC tags in MDE are valid
2025-12-01 08:08:30,303, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-02T08:07:15.565542Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_305733882460197669]
2025-12-02T08:07:15.572395Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-02T08:07:15.572600Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 6.settings
2025-12-02T08:07:15.573335Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-02T08:07:15.575678Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-02T08:07:15.576522Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "6", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-02T08:07:17.592982Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-02 08:07:15,856, INFO - Start executing handler action: enable
2025-12-02 08:07:15,876, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/6.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-02 08:07:15,910, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-02 08:07:15,911, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-02 08:07:15,911, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-02 08:07:15,911, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-02 08:07:15,916, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-02 08:07:16,105, INFO - Start executing installer wrapper
2025-12-02 08:07:16,107, INFO - proxy settings: {}
2025-12-02 08:07:16,107, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-02 08:07:16,183, INFO - MDE is installed
2025-12-02 08:07:16,183, INFO - Wait for MDE service to be available
2025-12-02 08:07:16,647, INFO - MDE is onboarded
2025-12-02 08:07:16,850, INFO - MDC tags in MDE are valid
2025-12-02 08:07:16,851, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-03T08:10:52.253944Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_650726092203252041]
2025-12-03T08:10:52.256806Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-03T08:10:52.257036Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 6.settings
2025-12-03T08:10:52.257834Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-03T08:10:52.258384Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-03T08:10:52.259262Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "6", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-03T08:10:54.268385Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-03 08:10:52,527, INFO - Start executing handler action: enable
2025-12-03 08:10:52,545, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/6.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-03 08:10:52,584, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-03 08:10:52,584, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-03 08:10:52,584, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-03 08:10:52,585, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-03 08:10:52,588, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-03 08:10:52,756, INFO - Start executing installer wrapper
2025-12-03 08:10:52,757, INFO - proxy settings: {}
2025-12-03 08:10:52,757, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-03 08:10:52,839, INFO - MDE is installed
2025-12-03 08:10:52,839, INFO - Wait for MDE service to be available
2025-12-03 08:10:53,194, INFO - MDE is onboarded
2025-12-03 08:10:53,392, INFO - MDC tags in MDE are valid
2025-12-03 08:10:53,393, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-04T08:08:23.744243Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_15262139897677968976]
2025-12-04T08:08:23.747153Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-04T08:08:23.747411Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 6.settings
2025-12-04T08:08:23.750383Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-04T08:08:23.751120Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-04T08:08:23.752241Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "6", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-04T08:08:25.760516Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-04 08:08:24,086, INFO - Start executing handler action: enable
2025-12-04 08:08:24,105, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/6.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-04 08:08:24,146, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-04 08:08:24,146, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-04 08:08:24,147, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-04 08:08:24,147, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-04 08:08:24,151, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-04 08:08:24,328, INFO - Start executing installer wrapper
2025-12-04 08:08:24,329, INFO - proxy settings: {}
2025-12-04 08:08:24,330, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-04 08:08:24,423, INFO - MDE is installed
2025-12-04 08:08:24,423, INFO - Wait for MDE service to be available
2025-12-04 08:08:25,186, INFO - MDE is onboarded
2025-12-04 08:08:25,408, INFO - MDC tags in MDE are valid
2025-12-04 08:08:25,408, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-05T08:03:48.807635Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_16177066095101708292]
2025-12-05T08:03:48.809460Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-05T08:03:48.809887Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 6.settings
2025-12-05T08:03:48.811684Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-05T08:03:48.812240Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-05T08:03:48.813210Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "6", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-05T08:03:50.821449Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-05 08:03:49,146, INFO - Start executing handler action: enable
2025-12-05 08:03:49,170, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/6.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-05 08:03:49,215, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-05 08:03:49,216, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-05 08:03:49,216, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-05 08:03:49,216, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-05 08:03:49,221, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-05 08:03:49,404, INFO - Start executing installer wrapper
2025-12-05 08:03:49,406, INFO - proxy settings: {}
2025-12-05 08:03:49,406, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-05 08:03:49,485, INFO - MDE is installed
2025-12-05 08:03:49,486, INFO - Wait for MDE service to be available
2025-12-05 08:03:50,415, INFO - MDE is onboarded
2025-12-05 08:03:50,719, INFO - MDC tags in MDE are valid
2025-12-05 08:03:50,720, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-06T05:43:18.604945Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_8802052343877149290]
2025-12-06T05:43:18.608195Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-06T05:43:18.608492Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 7.settings
2025-12-06T05:43:18.609190Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-06T05:43:18.609618Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-06T05:43:18.611560Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "7", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-06T05:43:20.636765Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-06 05:43:18,950, INFO - Start executing handler action: enable
2025-12-06 05:43:18,978, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/7.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-06 05:43:19,019, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-06 05:43:19,020, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-06 05:43:19,020, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-06 05:43:19,020, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-06 05:43:19,029, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-06 05:43:19,208, INFO - Start executing installer wrapper
2025-12-06 05:43:19,210, INFO - proxy settings: {}
2025-12-06 05:43:19,210, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-06 05:43:19,288, INFO - MDE is installed
2025-12-06 05:43:19,289, INFO - Wait for MDE service to be available
2025-12-06 05:43:19,898, INFO - MDE is onboarded
2025-12-06 05:43:20,207, INFO - MDC tags in MDE are valid
2025-12-06 05:43:20,207, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-06T08:07:26.571794Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_13753500723500488360]
2025-12-06T08:07:26.573270Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-06T08:07:26.573465Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 7.settings
2025-12-06T08:07:26.575702Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-06T08:07:26.576344Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-06T08:07:26.577843Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "7", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-06T08:07:28.584176Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-06 08:07:26,744, INFO - Start executing handler action: enable
2025-12-06 08:07:26,760, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/7.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-06 08:07:26,795, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-06 08:07:26,795, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-06 08:07:26,796, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-06 08:07:26,796, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-06 08:07:26,801, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-06 08:07:26,957, INFO - Start executing installer wrapper
2025-12-06 08:07:26,957, INFO - proxy settings: {}
2025-12-06 08:07:26,957, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-06 08:07:27,035, INFO - MDE is installed
2025-12-06 08:07:27,035, INFO - Wait for MDE service to be available
2025-12-06 08:07:27,578, INFO - MDE is onboarded
2025-12-06 08:07:27,878, INFO - MDC tags in MDE are valid
2025-12-06 08:07:27,878, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-07T08:03:56.072948Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_17884142758125363238]
2025-12-07T08:03:56.075771Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-07T08:03:56.076084Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 7.settings
2025-12-07T08:03:56.076833Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-07T08:03:56.077321Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-07T08:03:56.078082Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "7", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-07T08:03:58.085693Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-07 08:03:56,365, INFO - Start executing handler action: enable
2025-12-07 08:03:56,383, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/7.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-07 08:03:56,427, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-07 08:03:56,427, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-07 08:03:56,427, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-07 08:03:56,427, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-07 08:03:56,432, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-07 08:03:56,603, INFO - Start executing installer wrapper
2025-12-07 08:03:56,605, INFO - proxy settings: {}
2025-12-07 08:03:56,605, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-07 08:03:56,680, INFO - MDE is installed
2025-12-07 08:03:56,680, INFO - Wait for MDE service to be available
2025-12-07 08:03:57,295, INFO - MDE is onboarded
2025-12-07 08:03:57,515, INFO - MDC tags in MDE are valid
2025-12-07 08:03:57,515, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-08T08:08:14.217875Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_7682540174775836494]
2025-12-08T08:08:14.219869Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-08T08:08:14.220073Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 7.settings
2025-12-08T08:08:14.222574Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-08T08:08:14.223011Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-08T08:08:14.226873Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "7", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-08T08:08:16.239078Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-08 08:08:14,672, INFO - Start executing handler action: enable
2025-12-08 08:08:14,699, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/7.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-08 08:08:14,750, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-08 08:08:14,751, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-08 08:08:14,751, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-08 08:08:14,751, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-08 08:08:14,756, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-08 08:08:14,938, INFO - Start executing installer wrapper
2025-12-08 08:08:14,942, INFO - proxy settings: {}
2025-12-08 08:08:14,943, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-08 08:08:15,026, INFO - MDE is installed
2025-12-08 08:08:15,026, INFO - Wait for MDE service to be available
2025-12-08 08:08:15,701, INFO - MDE is onboarded
2025-12-08 08:08:15,992, INFO - MDC tags in MDE are valid
2025-12-08 08:08:15,992, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-09T08:07:19.228799Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_17536085533081219237]
2025-12-09T08:07:19.230426Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-09T08:07:19.230625Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 7.settings
2025-12-09T08:07:19.234023Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-09T08:07:19.234942Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-09T08:07:19.235875Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "7", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-09T08:07:21.246805Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-09 08:07:19,561, INFO - Start executing handler action: enable
2025-12-09 08:07:19,580, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/7.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-09 08:07:19,620, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-09 08:07:19,620, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-09 08:07:19,620, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-09 08:07:19,621, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-09 08:07:19,624, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-09 08:07:19,785, INFO - Start executing installer wrapper
2025-12-09 08:07:19,787, INFO - proxy settings: {}
2025-12-09 08:07:19,787, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-09 08:07:19,877, INFO - MDE is installed
2025-12-09 08:07:19,878, INFO - Wait for MDE service to be available
2025-12-09 08:07:20,645, INFO - MDE is onboarded
2025-12-09 08:07:20,866, INFO - MDC tags in MDE are valid
2025-12-09 08:07:20,866, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-10T08:03:25.704453Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_1527089567635547328]
2025-12-10T08:03:25.706643Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-10T08:03:25.706929Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 7.settings
2025-12-10T08:03:25.708513Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-10T08:03:25.709176Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-10T08:03:25.709982Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "7", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-10T08:03:27.720424Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-10 08:03:26,065, INFO - Start executing handler action: enable
2025-12-10 08:03:26,091, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/7.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-10 08:03:26,133, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-10 08:03:26,133, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-10 08:03:26,133, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-10 08:03:26,134, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-10 08:03:26,140, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-10 08:03:26,356, INFO - Start executing installer wrapper
2025-12-10 08:03:26,359, INFO - proxy settings: {}
2025-12-10 08:03:26,360, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-10 08:03:26,434, INFO - MDE is installed
2025-12-10 08:03:26,434, INFO - Wait for MDE service to be available
2025-12-10 08:03:27,134, INFO - MDE is onboarded
2025-12-10 08:03:27,437, INFO - MDC tags in MDE are valid
2025-12-10 08:03:27,437, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-11T08:05:17.219836Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_17528349024889551150]
2025-12-11T08:05:17.221616Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-11T08:05:17.222012Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 7.settings
2025-12-11T08:05:17.223603Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-11T08:05:17.224142Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-11T08:05:17.225032Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "7", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-11T08:05:19.233832Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-11 08:05:17,552, INFO - Start executing handler action: enable
2025-12-11 08:05:17,576, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/7.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-11 08:05:17,625, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-11 08:05:17,626, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-11 08:05:17,626, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-11 08:05:17,626, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-11 08:05:17,630, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-11 08:05:17,842, INFO - Start executing installer wrapper
2025-12-11 08:05:17,845, INFO - proxy settings: {}
2025-12-11 08:05:17,845, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-11 08:05:17,920, INFO - MDE is installed
2025-12-11 08:05:17,920, INFO - Wait for MDE service to be available
2025-12-11 08:05:18,869, INFO - MDE is onboarded
2025-12-11 08:05:19,180, INFO - MDC tags in MDE are valid
2025-12-11 08:05:19,180, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-12T08:11:32.593470Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_13862739738841990908]
2025-12-12T08:11:32.596908Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-12T08:11:32.597175Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 7.settings
2025-12-12T08:11:32.598958Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-12T08:11:32.599591Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-12T08:11:32.600501Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "7", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-12T08:11:34.608497Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-12 08:11:33,021, INFO - Start executing handler action: enable
2025-12-12 08:11:33,056, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/7.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-12 08:11:33,096, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-12 08:11:33,096, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-12 08:11:33,096, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-12 08:11:33,096, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-12 08:11:33,104, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-12 08:11:33,319, INFO - Start executing installer wrapper
2025-12-12 08:11:33,322, INFO - proxy settings: {}
2025-12-12 08:11:33,323, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-12 08:11:33,399, INFO - MDE is installed
2025-12-12 08:11:33,400, INFO - Wait for MDE service to be available
2025-12-12 08:11:34,239, INFO - MDE is onboarded
2025-12-12 08:11:34,542, INFO - MDC tags in MDE are valid
2025-12-12 08:11:34,542, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-13T08:02:43.817856Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_8339946423986753287]
2025-12-13T08:02:43.819442Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-13T08:02:43.820430Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 7.settings
2025-12-13T08:02:43.821075Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-13T08:02:43.821555Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-13T08:02:43.822811Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "7", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-13T08:02:45.834931Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-13 08:02:44,182, INFO - Start executing handler action: enable
2025-12-13 08:02:44,209, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/7.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-13 08:02:44,250, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-13 08:02:44,250, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-13 08:02:44,250, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-13 08:02:44,251, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-13 08:02:44,258, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-13 08:02:44,444, INFO - Start executing installer wrapper
2025-12-13 08:02:44,446, INFO - proxy settings: {}
2025-12-13 08:02:44,447, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-13 08:02:44,523, INFO - MDE is installed
2025-12-13 08:02:44,523, INFO - Wait for MDE service to be available
2025-12-13 08:02:45,227, INFO - MDE is onboarded
2025-12-13 08:02:45,531, INFO - MDC tags in MDE are valid
2025-12-13 08:02:45,532, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-13T11:43:10.524980Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_17088153003267801746]
2025-12-13T11:43:10.526395Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-13T11:43:10.526673Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 8.settings
2025-12-13T11:43:10.527340Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-13T11:43:10.527794Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-13T11:43:10.528602Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "8", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-13T11:43:12.537835Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-13 11:43:10,693, INFO - Start executing handler action: enable
2025-12-13 11:43:10,711, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/8.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-13 11:43:10,744, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-13 11:43:10,744, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-13 11:43:10,744, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-13 11:43:10,744, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-13 11:43:10,749, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-13 11:43:10,913, INFO - Start executing installer wrapper
2025-12-13 11:43:10,914, INFO - proxy settings: {}
2025-12-13 11:43:10,914, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-13 11:43:10,988, INFO - MDE is installed
2025-12-13 11:43:10,988, INFO - Wait for MDE service to be available
2025-12-13 11:43:11,619, INFO - MDE is onboarded
2025-12-13 11:43:11,919, INFO - MDC tags in MDE are valid
2025-12-13 11:43:11,920, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-14T08:09:24.918552Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_3171496215313545513]
2025-12-14T08:09:24.920695Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-14T08:09:24.921013Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 8.settings
2025-12-14T08:09:24.922687Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-14T08:09:24.923439Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-14T08:09:24.924583Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "8", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-14T08:09:26.932357Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-14 08:09:25,248, INFO - Start executing handler action: enable
2025-12-14 08:09:25,289, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/8.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-14 08:09:25,328, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-14 08:09:25,328, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-14 08:09:25,328, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-14 08:09:25,328, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-14 08:09:25,334, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-14 08:09:25,526, INFO - Start executing installer wrapper
2025-12-14 08:09:25,528, INFO - proxy settings: {}
2025-12-14 08:09:25,528, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-14 08:09:25,600, INFO - MDE is installed
2025-12-14 08:09:25,600, INFO - Wait for MDE service to be available
2025-12-14 08:09:26,421, INFO - MDE is onboarded
2025-12-14 08:09:26,723, INFO - MDC tags in MDE are valid
2025-12-14 08:09:26,724, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-15T08:07:18.202423Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_11777825104429609315]
2025-12-15T08:07:18.204051Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-15T08:07:18.204596Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 8.settings
2025-12-15T08:07:18.205945Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-15T08:07:18.206462Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-15T08:07:18.207278Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "8", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-15T08:07:20.220560Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-15 08:07:18,531, INFO - Start executing handler action: enable
2025-12-15 08:07:18,551, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/8.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-15 08:07:18,589, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-15 08:07:18,589, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-15 08:07:18,589, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-15 08:07:18,589, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-15 08:07:18,593, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-15 08:07:18,774, INFO - Start executing installer wrapper
2025-12-15 08:07:18,780, INFO - proxy settings: {}
2025-12-15 08:07:18,780, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-15 08:07:18,856, INFO - MDE is installed
2025-12-15 08:07:18,856, INFO - Wait for MDE service to be available
2025-12-15 08:07:19,743, INFO - MDE is onboarded
2025-12-15 08:07:20,051, INFO - MDC tags in MDE are valid
2025-12-15 08:07:20,051, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-16T08:06:29.734592Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_16990353881146113514]
2025-12-16T08:06:29.736897Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-16T08:06:29.737152Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 8.settings
2025-12-16T08:06:29.738242Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-16T08:06:29.738755Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-16T08:06:29.739580Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "8", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-16T08:06:31.748649Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-16 08:06:30,052, INFO - Start executing handler action: enable
2025-12-16 08:06:30,074, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/8.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-16 08:06:30,112, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-16 08:06:30,112, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-16 08:06:30,112, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-16 08:06:30,112, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-16 08:06:30,117, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-16 08:06:30,293, INFO - Start executing installer wrapper
2025-12-16 08:06:30,295, INFO - proxy settings: {}
2025-12-16 08:06:30,295, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-16 08:06:30,367, INFO - MDE is installed
2025-12-16 08:06:30,367, INFO - Wait for MDE service to be available
2025-12-16 08:06:31,240, INFO - MDE is onboarded
2025-12-16 08:06:31,619, INFO - MDC tags in MDE are valid
2025-12-16 08:06:31,620, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-17T08:08:42.422980Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_17604743526809274243]
2025-12-17T08:08:42.424825Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-17T08:08:42.425105Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 8.settings
2025-12-17T08:08:42.426456Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-17T08:08:42.427049Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-17T08:08:42.427941Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "8", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-17T08:08:44.436605Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-17 08:08:42,780, INFO - Start executing handler action: enable
2025-12-17 08:08:42,799, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/8.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-17 08:08:42,844, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-17 08:08:42,844, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-17 08:08:42,844, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-17 08:08:42,845, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-17 08:08:42,851, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-17 08:08:43,027, INFO - Start executing installer wrapper
2025-12-17 08:08:43,028, INFO - proxy settings: {}
2025-12-17 08:08:43,028, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-17 08:08:43,106, INFO - MDE is installed
2025-12-17 08:08:43,106, INFO - Wait for MDE service to be available
2025-12-17 08:08:44,149, INFO - MDE is onboarded
2025-12-18T08:07:38.736435Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_16576926624760296115]
2025-12-18T08:07:38.739268Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-18T08:07:38.739675Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 8.settings
2025-12-18T08:07:38.740835Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-18T08:07:38.741390Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-18T08:07:38.742271Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "8", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-18T08:07:40.751759Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-18 08:07:39,081, INFO - Start executing handler action: enable
2025-12-18 08:07:39,102, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/8.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-18 08:07:39,145, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-18 08:07:39,145, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-18 08:07:39,146, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-18 08:07:39,146, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-18 08:07:39,151, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-18 08:07:39,341, INFO - Start executing installer wrapper
2025-12-18 08:07:39,343, INFO - proxy settings: {}
2025-12-18 08:07:39,343, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-18 08:07:39,419, INFO - MDE is installed
2025-12-18 08:07:39,419, INFO - Wait for MDE service to be available
2025-12-18 08:07:40,191, INFO - MDE is onboarded
2025-12-18 08:07:40,492, INFO - MDC tags in MDE are valid
2025-12-18 08:07:40,492, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-19T08:04:27.109907Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_12422715186025173557]
2025-12-19T08:04:27.112851Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-19T08:04:27.113108Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 8.settings
2025-12-19T08:04:27.113795Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-19T08:04:27.114255Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-19T08:04:27.115202Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "8", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-19T08:04:29.123223Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-19 08:04:27,402, INFO - Start executing handler action: enable
2025-12-19 08:04:27,422, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/8.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-19 08:04:27,460, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-19 08:04:27,461, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-19 08:04:27,461, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-19 08:04:27,461, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-19 08:04:27,466, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-19 08:04:27,665, INFO - Start executing installer wrapper
2025-12-19 08:04:27,667, INFO - proxy settings: {}
2025-12-19 08:04:27,667, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-19 08:04:27,749, INFO - MDE is installed
2025-12-19 08:04:27,750, INFO - Wait for MDE service to be available
2025-12-19 08:04:28,220, INFO - MDE is onboarded
2025-12-19 08:04:28,431, INFO - MDC tags in MDE are valid
2025-12-19 08:04:28,432, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-20T08:06:59.574806Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_14833339250531985742]
2025-12-20T08:06:59.580991Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-20T08:06:59.581224Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 8.settings
2025-12-20T08:06:59.584766Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-20T08:06:59.592234Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-20T08:06:59.593184Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "8", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-20T08:07:01.603467Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-20 08:07:00,335, INFO - Start executing handler action: enable
2025-12-20 08:07:00,370, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/8.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-20 08:07:00,413, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-20 08:07:00,413, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-20 08:07:00,414, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-20 08:07:00,414, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-20 08:07:00,420, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-20 08:07:00,642, INFO - Start executing installer wrapper
2025-12-20 08:07:00,644, INFO - proxy settings: {}
2025-12-20 08:07:00,645, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-20 08:07:00,724, INFO - MDE is installed
2025-12-20 08:07:00,724, INFO - Wait for MDE service to be available
2025-12-20 08:07:01,424, INFO - MDE is onboarded
2025-12-20T17:43:01.892954Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_10198673534178563279]
2025-12-20T17:43:01.896266Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-20T17:43:01.896452Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 9.settings
2025-12-20T17:43:01.897099Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-20T17:43:01.897851Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-20T17:43:01.900327Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "9", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-20T17:43:03.913037Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-20 17:43:02,234, INFO - Start executing handler action: enable
2025-12-20 17:43:02,263, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/9.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-20 17:43:02,306, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-20 17:43:02,306, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-20 17:43:02,307, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-20 17:43:02,307, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-20 17:43:02,317, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-20 17:43:02,527, INFO - Start executing installer wrapper
2025-12-20 17:43:02,530, INFO - proxy settings: {}
2025-12-20 17:43:02,530, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-20 17:43:02,604, INFO - MDE is installed
2025-12-20 17:43:02,605, INFO - Wait for MDE service to be available
2025-12-20 17:43:03,139, INFO - MDE is onboarded
2025-12-20 17:43:03,435, INFO - MDC tags in MDE are valid
2025-12-20 17:43:03,436, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-21T08:04:06.024275Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_861551172214218157]
2025-12-21T08:04:06.027460Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-21T08:04:06.027736Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 9.settings
2025-12-21T08:04:06.028563Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-21T08:04:06.029185Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-21T08:04:06.030051Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "9", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-21T08:04:08.041254Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-21 08:04:06,381, INFO - Start executing handler action: enable
2025-12-21 08:04:06,402, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/9.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-21 08:04:06,440, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-21 08:04:06,441, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-21 08:04:06,441, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-21 08:04:06,441, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-21 08:04:06,446, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-21 08:04:06,622, INFO - Start executing installer wrapper
2025-12-21 08:04:06,635, INFO - proxy settings: {}
2025-12-21 08:04:06,635, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-21 08:04:06,714, INFO - MDE is installed
2025-12-21 08:04:06,715, INFO - Wait for MDE service to be available
2025-12-21 08:04:07,620, INFO - MDE is onboarded
2025-12-21 08:04:07,999, INFO - MDC tags in MDE are valid
2025-12-21 08:04:08,000, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-22T08:06:29.558644Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_12691655823482890787]
2025-12-22T08:06:29.560604Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-22T08:06:29.560898Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 9.settings
2025-12-22T08:06:29.562268Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-22T08:06:29.562812Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-22T08:06:29.563744Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "9", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-22T08:06:31.571898Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-22 08:06:29,935, INFO - Start executing handler action: enable
2025-12-22 08:06:29,960, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/9.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-22 08:06:30,005, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-22 08:06:30,005, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-22 08:06:30,005, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-22 08:06:30,006, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-22 08:06:30,012, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-22 08:06:30,206, INFO - Start executing installer wrapper
2025-12-22 08:06:30,208, INFO - proxy settings: {}
2025-12-22 08:06:30,208, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-22 08:06:30,284, INFO - MDE is installed
2025-12-22 08:06:30,284, INFO - Wait for MDE service to be available
2025-12-22 08:06:31,127, INFO - MDE is onboarded
2025-12-22 08:06:31,430, INFO - MDC tags in MDE are valid
2025-12-22 08:06:31,431, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-23T08:02:53.245531Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_6211697873382670201]
2025-12-23T08:02:53.248060Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-23T08:02:53.248400Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 9.settings
2025-12-23T08:02:53.249088Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-23T08:02:53.249667Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-23T08:02:53.250656Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "9", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-23T08:02:55.261662Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-23 08:02:53,537, INFO - Start executing handler action: enable
2025-12-23 08:02:53,563, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/9.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-23 08:02:53,602, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-23 08:02:53,602, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-23 08:02:53,602, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-23 08:02:53,603, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-23 08:02:53,607, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-23 08:02:53,791, INFO - Start executing installer wrapper
2025-12-23 08:02:53,793, INFO - proxy settings: {}
2025-12-23 08:02:53,793, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-23 08:02:53,863, INFO - MDE is installed
2025-12-23 08:02:53,863, INFO - Wait for MDE service to be available
2025-12-23 08:02:54,369, INFO - MDE is onboarded
2025-12-23 08:02:54,658, INFO - MDC tags in MDE are valid
2025-12-23 08:02:54,658, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-24T08:07:46.394425Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_7288201324262158647]
2025-12-24T08:07:46.396155Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-24T08:07:46.396382Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 9.settings
2025-12-24T08:07:46.398920Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-24T08:07:46.399572Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-24T08:07:46.400379Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "9", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-24T08:07:48.414942Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-24 08:07:46,836, INFO - Start executing handler action: enable
2025-12-24 08:07:46,860, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/9.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-24 08:07:46,904, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-24 08:07:46,904, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-24 08:07:46,904, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-24 08:07:46,904, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-24 08:07:46,910, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-24 08:07:47,140, INFO - Start executing installer wrapper
2025-12-24 08:07:47,142, INFO - proxy settings: {}
2025-12-24 08:07:47,142, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-24 08:07:47,235, INFO - MDE is installed
2025-12-24 08:07:47,235, INFO - Wait for MDE service to be available
2025-12-24 08:07:48,157, INFO - MDE is onboarded
2025-12-25T08:03:45.336758Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_6995164264256830787]
2025-12-25T08:03:45.352414Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-25T08:03:45.352663Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 9.settings
2025-12-25T08:03:45.354238Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-25T08:03:45.354843Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-25T08:03:45.355850Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "9", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-25T08:03:47.365533Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-25 08:03:45,663, INFO - Start executing handler action: enable
2025-12-25 08:03:45,684, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/9.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-25 08:03:45,726, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-25 08:03:45,726, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-25 08:03:45,726, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-25 08:03:45,726, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-25 08:03:45,730, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-25 08:03:45,904, INFO - Start executing installer wrapper
2025-12-25 08:03:45,906, INFO - proxy settings: {}
2025-12-25 08:03:45,906, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-25 08:03:45,979, INFO - MDE is installed
2025-12-25 08:03:45,979, INFO - Wait for MDE service to be available
2025-12-25 08:03:46,603, INFO - MDE is onboarded
2025-12-25 08:03:46,911, INFO - MDC tags in MDE are valid
2025-12-25 08:03:46,911, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-26T08:12:34.333135Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_13985713385998015624]
2025-12-26T08:12:34.335638Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-26T08:12:34.337803Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 9.settings
2025-12-26T08:12:34.340033Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-26T08:12:34.340669Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-26T08:12:34.341584Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "9", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-26T08:12:36.350795Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-26 08:12:34,675, INFO - Start executing handler action: enable
2025-12-26 08:12:34,698, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/9.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-26 08:12:34,741, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-26 08:12:34,741, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-26 08:12:34,742, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-26 08:12:34,742, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-26 08:12:34,747, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-26 08:12:34,930, INFO - Start executing installer wrapper
2025-12-26 08:12:34,932, INFO - proxy settings: {}
2025-12-26 08:12:34,932, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-26 08:12:35,041, INFO - MDE is installed
2025-12-26 08:12:35,041, INFO - Wait for MDE service to be available
2025-12-26 08:12:35,693, INFO - MDE is onboarded
2025-12-26 08:12:35,993, INFO - MDC tags in MDE are valid
2025-12-26 08:12:35,993, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-27T08:04:38.546734Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_1539461145040379113]
2025-12-27T08:04:38.551362Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-27T08:04:38.551726Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 9.settings
2025-12-27T08:04:38.552830Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-27T08:04:38.553768Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-27T08:04:38.554633Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "9", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-27T08:04:40.563599Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-27 08:04:38,879, INFO - Start executing handler action: enable
2025-12-27 08:04:38,903, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/9.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-27 08:04:38,941, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-27 08:04:38,942, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-27 08:04:38,942, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-27 08:04:38,942, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-27 08:04:38,946, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-27 08:04:39,124, INFO - Start executing installer wrapper
2025-12-27 08:04:39,128, INFO - proxy settings: {}
2025-12-27 08:04:39,128, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-27 08:04:39,202, INFO - MDE is installed
2025-12-27 08:04:39,203, INFO - Wait for MDE service to be available
2025-12-27 08:04:39,762, INFO - MDE is onboarded
2025-12-27 08:04:40,061, INFO - MDC tags in MDE are valid
2025-12-27 08:04:40,062, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-27T22:33:41.782665Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_14080622285242101938]
2025-12-27T22:33:41.786652Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-27T22:33:41.786862Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 10.settings
2025-12-27T22:33:41.787585Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-27T22:33:41.788121Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-27T22:33:41.789017Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "10", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-27T22:33:43.805410Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-27 22:33:42,127, INFO - Start executing handler action: enable
2025-12-27 22:33:42,154, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/10.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-27 22:33:42,197, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-27 22:33:42,197, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-27 22:33:42,198, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-27 22:33:42,198, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-27 22:33:42,205, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-27 22:33:42,470, INFO - Start executing installer wrapper
2025-12-27 22:33:42,477, INFO - proxy settings: {}
2025-12-27 22:33:42,478, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-27 22:33:42,554, INFO - MDE is installed
2025-12-27 22:33:42,554, INFO - Wait for MDE service to be available
2025-12-27 22:33:43,172, INFO - MDE is onboarded
2025-12-27 22:33:43,483, INFO - MDC tags in MDE are valid
2025-12-27 22:33:43,483, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-28T08:13:16.023645Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_6529682170284977918]
2025-12-28T08:13:16.026038Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-28T08:13:16.026244Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 10.settings
2025-12-28T08:13:16.026879Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-28T08:13:16.027335Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-28T08:13:16.028232Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "10", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-28T08:13:18.036281Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-28 08:13:16,338, INFO - Start executing handler action: enable
2025-12-28 08:13:16,367, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/10.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-28 08:13:16,407, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-28 08:13:16,407, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-28 08:13:16,408, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-28 08:13:16,408, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-28 08:13:16,414, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-28 08:13:16,627, INFO - Start executing installer wrapper
2025-12-28 08:13:16,629, INFO - proxy settings: {}
2025-12-28 08:13:16,629, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-28 08:13:16,710, INFO - MDE is installed
2025-12-28 08:13:16,710, INFO - Wait for MDE service to be available
2025-12-28 08:13:17,466, INFO - MDE is onboarded
2025-12-28 08:13:17,775, INFO - MDC tags in MDE are valid
2025-12-28 08:13:17,776, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-29T08:11:53.063673Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_14876735672459409870]
2025-12-29T08:11:53.067527Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-29T08:11:53.067713Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 10.settings
2025-12-29T08:11:53.074680Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-29T08:11:53.075117Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-29T08:11:53.075857Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "10", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-29T08:11:55.088692Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-29 08:11:53,494, INFO - Start executing handler action: enable
2025-12-29 08:11:53,513, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/10.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-29 08:11:53,555, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-29 08:11:53,556, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-29 08:11:53,556, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-29 08:11:53,556, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-29 08:11:53,561, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-29 08:11:53,752, INFO - Start executing installer wrapper
2025-12-29 08:11:53,753, INFO - proxy settings: {}
2025-12-29 08:11:53,754, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-29 08:11:53,829, INFO - MDE is installed
2025-12-29 08:11:53,829, INFO - Wait for MDE service to be available
2025-12-29 08:11:54,524, INFO - MDE is onboarded
2025-12-29 08:11:54,824, INFO - MDC tags in MDE are valid
2025-12-29 08:11:54,825, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2025-12-30T08:05:08.563202Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_3790754506142734851]
2025-12-30T08:05:08.573337Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-30T08:05:08.573544Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 10.settings
2025-12-30T08:05:08.582095Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-30T08:05:08.582631Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-30T08:05:08.583499Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "10", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-30T08:05:13.665750Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-30 08:05:11,530, INFO - Start executing handler action: enable
2025-12-30 08:05:11,666, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/10.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-30 08:05:11,744, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-30 08:05:11,745, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-30 08:05:11,745, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-30 08:05:11,745, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-30 08:05:11,794, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-30 08:05:13,246, INFO - Start executing installer wrapper
2025-12-30 08:05:13,265, INFO - proxy settings: {}
2025-12-30 08:05:13,265, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-30 08:05:13,521, INFO - MDE is installed
2025-12-30 08:05:13,521, INFO - Wait for MDE service to be available
2025-12-31T08:04:44.068480Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_13167458914974383872]
2025-12-31T08:04:44.087353Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2025-12-31T08:04:44.087545Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 10.settings
2025-12-31T08:04:44.088159Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2025-12-31T08:04:44.102303Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2025-12-31T08:04:44.103176Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "10", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2025-12-31T08:04:49.185204Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-31 08:04:47,015, INFO - Start executing handler action: enable
2025-12-31 08:04:47,200, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/10.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2025-12-31 08:04:47,374, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2025-12-31 08:04:47,374, INFO - Successfully retrieved autoUpdate from extension public settings: True
2025-12-31 08:04:47,374, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2025-12-31 08:04:47,374, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2025-12-31 08:04:47,414, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2025-12-31 08:04:48,833, INFO - Start executing installer wrapper
2025-12-31 08:04:48,851, INFO - proxy settings: {}
2025-12-31 08:04:48,851, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2025-12-31 08:04:49,087, INFO - MDE is installed
2025-12-31 08:04:49,087, INFO - Wait for MDE service to be available
2026-01-01T08:07:50.536317Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_10488366082698609365]
2026-01-01T08:07:50.564917Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2026-01-01T08:07:50.565183Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 10.settings
2026-01-01T08:07:50.580229Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2026-01-01T08:07:50.580841Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-01T08:07:50.588896Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "10", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-01T08:07:55.680222Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-01 08:07:53,196, INFO - Start executing handler action: enable
2026-01-01 08:07:53,377, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/10.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-01 08:07:53,532, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-01 08:07:53,532, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-01 08:07:53,532, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-01 08:07:53,532, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-01 08:07:53,571, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-01 08:07:55,018, INFO - Start executing installer wrapper
2026-01-01 08:07:55,037, INFO - proxy settings: {}
2026-01-01 08:07:55,037, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-01 08:07:55,252, INFO - MDE is installed
2026-01-01 08:07:55,252, INFO - Wait for MDE service to be available
2026-01-02T08:11:20.509293Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_12803432604922816460]
2026-01-02T08:11:20.528761Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2026-01-02T08:11:20.529000Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 10.settings
2026-01-02T08:11:20.546805Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2026-01-02T08:11:20.547533Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-02T08:11:20.556078Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "10", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-02T08:11:25.639258Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-02 08:11:23,180, INFO - Start executing handler action: enable
2026-01-02 08:11:23,371, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/10.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-02 08:11:23,516, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-02 08:11:23,517, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-02 08:11:23,517, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-02 08:11:23,517, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-02 08:11:23,553, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-02 08:11:24,922, INFO - Start executing installer wrapper
2026-01-02 08:11:24,940, INFO - proxy settings: {}
2026-01-02 08:11:24,940, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-02 08:11:25,151, INFO - MDE is installed
2026-01-02 08:11:25,151, INFO - Wait for MDE service to be available
2026-01-03T07:52:51.791844Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_12803432604922816460]
2026-01-03T07:52:51.810745Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2026-01-03T07:52:51.811091Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 10.settings
2026-01-03T07:52:51.828667Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2026-01-03T07:52:51.829883Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-03T07:52:51.840097Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "10", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-03T07:52:56.947514Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-03 07:52:54,256, INFO - Start executing handler action: enable
2026-01-03 07:52:54,438, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/10.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-03 07:52:54,582, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-03 07:52:54,583, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-03 07:52:54,583, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-03 07:52:54,583, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-03 07:52:54,622, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-03 07:52:56,129, INFO - Start executing installer wrapper
2026-01-03 07:52:56,147, INFO - proxy settings: {}
2026-01-03 07:52:56,147, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-03 07:52:56,900, INFO - MDE is installed
2026-01-03 07:52:56,901, INFO - Wait for MDE service to be available
2026-01-03T08:04:21.102861Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_6052399876401709995]
2026-01-03T08:04:21.121642Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2026-01-03T08:04:21.121828Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 10.settings
2026-01-03T08:04:21.122599Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2026-01-03T08:04:21.135364Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-03T08:04:21.136208Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "10", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-03T08:04:24.244687Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-03 08:04:22,560, INFO - Start executing handler action: enable
2026-01-03 08:04:22,695, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/10.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-03 08:04:22,821, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-03 08:04:22,821, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-03 08:04:22,838, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-03 08:04:22,838, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-03 08:04:22,868, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-03T23:43:19.118130Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_8410567143067365314]
2026-01-03T23:43:19.129221Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2026-01-03T23:43:19.129598Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 11.settings
2026-01-03T23:43:19.137764Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2026-01-03T23:43:19.138311Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-03T23:43:19.147224Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "11", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-03T23:43:24.232946Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-03 23:43:21,597, INFO - Start executing handler action: enable
2026-01-03 23:43:21,793, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/11.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-03 23:43:21,936, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-03 23:43:21,937, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-03 23:43:21,937, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-03 23:43:21,937, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-03 23:43:21,968, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-03 23:43:23,225, INFO - Start executing installer wrapper
2026-01-03 23:43:23,234, INFO - proxy settings: {}
2026-01-03 23:43:23,234, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-03 23:43:23,453, INFO - MDE is installed
2026-01-03 23:43:23,453, INFO - Wait for MDE service to be available
2026-01-04T08:10:22.425961Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_13890363274182690614]
2026-01-04T08:10:22.445570Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2026-01-04T08:10:22.455819Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 11.settings
2026-01-04T08:10:22.464655Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2026-01-04T08:10:22.465163Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-04T08:10:22.473972Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "11", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-04T08:10:27.553234Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-04 08:10:24,950, INFO - Start executing handler action: enable
2026-01-04 08:10:25,148, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/11.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-04 08:10:25,282, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-04 08:10:25,282, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-04 08:10:25,282, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-04 08:10:25,282, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-04 08:10:25,321, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-04 08:10:26,721, INFO - Start executing installer wrapper
2026-01-04 08:10:26,731, INFO - proxy settings: {}
2026-01-04 08:10:26,732, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-04 08:10:26,988, INFO - MDE is installed
2026-01-04 08:10:26,989, INFO - Wait for MDE service to be available
2026-01-05T08:07:55.460037Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_3056461505677164096]
2026-01-05T08:07:55.479712Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2026-01-05T08:07:55.480078Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 11.settings
2026-01-05T08:07:55.506449Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2026-01-05T08:07:55.507014Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-05T08:07:55.507845Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "11", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-05T08:08:00.588232Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-05 08:07:58,575, INFO - Start executing handler action: enable
2026-01-05 08:07:58,777, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/11.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-05 08:07:58,921, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-05 08:07:58,921, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-05 08:07:58,921, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-05 08:07:58,921, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-05 08:07:58,970, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-05 08:08:00,520, INFO - Start executing installer wrapper
2026-01-05 08:08:00,539, INFO - proxy settings: {}
2026-01-05 08:08:00,539, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-06T08:11:47.447557Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_9385532612682263844]
2026-01-06T08:11:47.451046Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2026-01-06T08:11:47.451430Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 11.settings
2026-01-06T08:11:47.452954Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2026-01-06T08:11:47.453657Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-06T08:11:47.454601Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "11", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-06T08:11:49.462857Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-06 08:11:47,788, INFO - Start executing handler action: enable
2026-01-06 08:11:47,809, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/11.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-06 08:11:47,844, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-06 08:11:47,845, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-06 08:11:47,845, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-06 08:11:47,845, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-06 08:11:47,850, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-06 08:11:48,017, INFO - Start executing installer wrapper
2026-01-06 08:11:48,019, INFO - proxy settings: {}
2026-01-06 08:11:48,019, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-06 08:11:48,097, INFO - MDE is installed
2026-01-06 08:11:48,097, INFO - Wait for MDE service to be available
2026-01-06 08:11:48,918, INFO - MDE is onboarded
2026-01-06 08:11:49,299, INFO - MDC tags in MDE are valid
2026-01-06 08:11:49,299, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-01-07T08:10:01.821395Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_18081884097646217512]
2026-01-07T08:10:01.823080Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2026-01-07T08:10:01.823340Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 11.settings
2026-01-07T08:10:01.824697Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2026-01-07T08:10:01.825237Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-07T08:10:01.826163Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "11", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-07T08:10:03.842092Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-07 08:10:02,422, INFO - Start executing handler action: enable
2026-01-07 08:10:02,469, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/11.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-07 08:10:02,517, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-07 08:10:02,517, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-07 08:10:02,517, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-07 08:10:02,518, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-07 08:10:02,524, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-07 08:10:02,758, INFO - Start executing installer wrapper
2026-01-07 08:10:02,763, INFO - proxy settings: {}
2026-01-07 08:10:02,763, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-07 08:10:02,847, INFO - MDE is installed
2026-01-07 08:10:02,847, INFO - Wait for MDE service to be available
2026-01-07 08:10:03,812, INFO - MDE is onboarded
2026-01-08T08:02:42.745758Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_14361909923105701814]
2026-01-08T08:02:42.748164Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2026-01-08T08:02:42.748694Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 11.settings
2026-01-08T08:02:42.750343Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2026-01-08T08:02:42.751900Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-08T08:02:42.753007Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "11", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-08T08:02:44.764443Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-08 08:02:43,075, INFO - Start executing handler action: enable
2026-01-08 08:02:43,097, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/11.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-08 08:02:43,138, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-08 08:02:43,138, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-08 08:02:43,138, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-08 08:02:43,139, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-08 08:02:43,143, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-08 08:02:43,327, INFO - Start executing installer wrapper
2026-01-08 08:02:43,329, INFO - proxy settings: {}
2026-01-08 08:02:43,329, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-08 08:02:43,406, INFO - MDE is installed
2026-01-08 08:02:43,407, INFO - Wait for MDE service to be available
2026-01-08 08:02:44,096, INFO - MDE is onboarded
2026-01-08 08:02:44,404, INFO - MDC tags in MDE are valid
2026-01-08 08:02:44,404, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-01-09T08:07:23.944460Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_6778312413380751636]
2026-01-09T08:07:23.946779Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2026-01-09T08:07:23.947158Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 11.settings
2026-01-09T08:07:23.948826Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2026-01-09T08:07:23.949330Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-09T08:07:23.950113Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "11", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-09T08:07:25.957588Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-09 08:07:24,272, INFO - Start executing handler action: enable
2026-01-09 08:07:24,291, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/11.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-09 08:07:24,333, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-09 08:07:24,334, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-09 08:07:24,334, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-09 08:07:24,334, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-09 08:07:24,339, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-09 08:07:24,500, INFO - Start executing installer wrapper
2026-01-09 08:07:24,501, INFO - proxy settings: {}
2026-01-09 08:07:24,501, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-09 08:07:24,576, INFO - MDE is installed
2026-01-09 08:07:24,576, INFO - Wait for MDE service to be available
2026-01-09 08:07:25,403, INFO - MDE is onboarded
2026-01-09 08:07:25,699, INFO - MDC tags in MDE are valid
2026-01-09 08:07:25,700, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-01-10T08:08:15.992799Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Target handler state: enabled [etag_4586275131755783770]
2026-01-10T08:08:15.995157Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] [Enable] current handler state is: enabled
2026-01-10T08:08:15.995474Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Update settings file: 11.settings
2026-01-10T08:08:15.997229Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Requested extension state: enabled
2026-01-10T08:08:15.997905Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-10T08:08:15.998891Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "11", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-10T08:08:18.006277Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-10 08:08:16,348, INFO - Start executing handler action: enable
2026-01-10 08:08:16,370, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status/11.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-10 08:08:16,411, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-10 08:08:16,411, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-10 08:08:16,411, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-10 08:08:16,412, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-10 08:08:16,416, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-10 08:08:16,595, INFO - Start executing installer wrapper
2026-01-10 08:08:16,596, INFO - proxy settings: {}
2026-01-10 08:08:16,596, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-10 08:08:16,672, INFO - MDE is installed
2026-01-10 08:08:16,672, INFO - Wait for MDE service to be available
2026-01-10 08:08:17,336, INFO - MDE is onboarded
2026-01-10 08:08:17,638, INFO - MDC tags in MDE are valid
2026-01-10 08:08:17,638, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-01-11T05:43:21.974875Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_4433462117766657639]
2026-01-11T05:43:21.976615Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: notinstalled
2026-01-11T05:43:22.181759Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Initializing extension Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0
2026-01-11T05:43:22.196603Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 12.settings
2026-01-11T05:43:22.197729Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Disable extension: [PythonRunner.sh src/MdeExtensionHandler.py disable]
2026-01-11T05:43:22.201006Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py disable with environment variables: {"AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "12", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-11T05:43:24.210338Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py disable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-11 05:43:22,563, INFO - Start executing handler action: disable
2026-01-11 05:43:22,565, ERROR - Microsoft Defender for Endpoint offboarding is not supported
2026-01-11 05:43:22,565, INFO - End executing handler action: disable
2026-01-11T05:43:24.212646Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Copy status files from old plugin to new
2026-01-11T05:43:24.236506Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update extension [PythonRunner.sh src/MdeExtensionHandler.py update]
2026-01-11T05:43:24.237573Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py update with environment variables: {"AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_DISABLE_CMD_EXIT_CODE": "0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "AZURE_GUEST_AGENT_UPDATING_FROM_VERSION": "1.0.8.9", "ConfigSequenceNumber": "12", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-11T05:43:26.245269Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py update
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-11 05:43:24,560, INFO - Start executing handler action: update
2026-01-11 05:43:24,560, WARNING - No operation for action: update
2026-01-11 05:43:24,560, INFO - End executing handler action: update
2026-01-11T05:43:26.247544Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Uninstall extension [PythonRunner.sh src/MdeExtensionHandler.py uninstall]
2026-01-11T05:43:26.248878Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/PythonRunner.sh src/MdeExtensionHandler.py uninstall with environment variables: {"AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.8.9", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9", "ConfigSequenceNumber": "12", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-11T05:43:28.257188Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Command: PythonRunner.sh src/MdeExtensionHandler.py uninstall
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-11 05:43:26,418, INFO - Start executing handler action: uninstall
2026-01-11 05:43:26,419, ERROR - Microsoft Defender for Endpoint offboarding is not supported
2026-01-11 05:43:26,419, INFO - End executing handler action: uninstall
2026-01-11T05:43:28.259160Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Remove extension handler directory: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9
2026-01-11T05:43:28.325332Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9] Remove the extension slice: Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.8.9
2026-01-11T05:43:28.326076Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Install extension [PythonRunner.sh src/MdeExtensionHandler.py install]
2026-01-11T05:43:28.326865Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py install with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "0", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "12", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-11T05:43:30.335416Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py install
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-11 05:43:28,493, INFO - Start executing handler action: install
2026-01-11 05:43:28,494, INFO - MDE installation will occur in 'enable'
2026-01-11 05:43:28,494, INFO - End executing handler action: install
2026-01-11T05:43:30.339074Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-01-11T05:43:30.340050Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-11T05:43:30.341051Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "0", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "12", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-11T05:43:32.349077Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-11 05:43:30,509, INFO - Start executing handler action: enable
2026-01-11 05:43:30,526, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/12.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-11 05:43:30,549, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-01-11 05:43:30,574, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-11 05:43:30,574, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-11 05:43:30,574, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-11 05:43:30,574, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-11 05:43:30,579, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-11 05:43:30,735, INFO - Start executing installer wrapper
2026-01-11 05:43:30,738, INFO - proxy settings: {}
2026-01-11 05:43:30,738, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-11 05:43:30,815, INFO - MDE is installed
2026-01-11 05:43:30,816, INFO - Wait for MDE service to be available
2026-01-11 05:43:31,672, INFO - MDE is onboarded
2026-01-11 05:43:31,975, INFO - MDC tags in MDE are valid
2026-01-11 05:43:31,975, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-01-11T08:09:52.373477Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_17385042793509403038]
2026-01-11T08:09:52.375168Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-01-11T08:09:52.375544Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 12.settings
2026-01-11T08:09:52.376324Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-01-11T08:09:52.376771Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-11T08:09:52.377594Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "12", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-11T08:09:54.384681Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-11 08:09:52,559, INFO - Start executing handler action: enable
2026-01-11 08:09:52,577, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/12.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-11 08:09:52,588, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-01-11 08:09:52,614, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-11 08:09:52,614, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-11 08:09:52,614, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-11 08:09:52,614, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-11 08:09:52,619, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-11 08:09:52,781, INFO - Start executing installer wrapper
2026-01-11 08:09:52,782, INFO - proxy settings: {}
2026-01-11 08:09:52,782, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-11 08:09:52,857, INFO - MDE is installed
2026-01-11 08:09:52,858, INFO - Wait for MDE service to be available
2026-01-11 08:09:53,453, INFO - MDE is onboarded
2026-01-11 08:09:53,676, INFO - MDC tags in MDE are valid
2026-01-11 08:09:53,676, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-01-12T08:03:26.974857Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_9392568353570009495]
2026-01-12T08:03:26.977289Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-01-12T08:03:26.977898Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 12.settings
2026-01-12T08:03:26.979359Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-01-12T08:03:26.979879Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-12T08:03:26.980930Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "12", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-12T08:03:28.989940Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-12 08:03:27,288, INFO - Start executing handler action: enable
2026-01-12 08:03:27,308, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/12.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-12 08:03:27,323, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-01-12 08:03:27,352, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-12 08:03:27,352, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-12 08:03:27,352, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-12 08:03:27,353, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-12 08:03:27,357, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-12 08:03:27,542, INFO - Start executing installer wrapper
2026-01-12 08:03:27,544, INFO - proxy settings: {}
2026-01-12 08:03:27,544, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-12 08:03:27,616, INFO - MDE is installed
2026-01-12 08:03:27,616, INFO - Wait for MDE service to be available
2026-01-12 08:03:28,487, INFO - MDE is onboarded
2026-01-12 08:03:28,796, INFO - MDC tags in MDE are valid
2026-01-12 08:03:28,796, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-01-13T08:13:20.472636Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_10692388778728444241]
2026-01-13T08:13:20.474252Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-01-13T08:13:20.474594Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 12.settings
2026-01-13T08:13:20.476097Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-01-13T08:13:20.476708Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-13T08:13:20.477562Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "12", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-13T08:13:22.484816Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-13 08:13:20,780, INFO - Start executing handler action: enable
2026-01-13 08:13:20,799, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/12.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-13 08:13:20,813, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-01-13 08:13:20,840, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-13 08:13:20,840, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-13 08:13:20,840, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-13 08:13:20,840, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-13 08:13:20,844, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-13 08:13:21,005, INFO - Start executing installer wrapper
2026-01-13 08:13:21,006, INFO - proxy settings: {}
2026-01-13 08:13:21,007, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-13 08:13:21,083, INFO - MDE is installed
2026-01-13 08:13:21,083, INFO - Wait for MDE service to be available
2026-01-13 08:13:21,701, INFO - MDE is onboarded
2026-01-13 08:13:21,994, INFO - MDC tags in MDE are valid
2026-01-13 08:13:21,995, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-01-14T08:06:32.512590Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_14889945887441715884]
2026-01-14T08:06:32.516682Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-01-14T08:06:32.516935Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 12.settings
2026-01-14T08:06:32.518623Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-01-14T08:06:32.519098Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-14T08:06:32.519970Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "12", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-14T08:06:34.527226Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-14 08:06:32,845, INFO - Start executing handler action: enable
2026-01-14 08:06:32,865, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/12.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-14 08:06:32,883, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-01-14 08:06:32,912, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-14 08:06:32,912, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-14 08:06:32,913, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-14 08:06:32,913, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-14 08:06:32,918, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-14 08:06:33,089, INFO - Start executing installer wrapper
2026-01-14 08:06:33,091, INFO - proxy settings: {}
2026-01-14 08:06:33,091, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-14 08:06:33,167, INFO - MDE is installed
2026-01-14 08:06:33,167, INFO - Wait for MDE service to be available
2026-01-14 08:06:34,033, INFO - MDE is onboarded
2026-01-14 08:06:34,328, INFO - MDC tags in MDE are valid
2026-01-14 08:06:34,329, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-01-15T08:03:40.449210Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_14214776074362802376]
2026-01-15T08:03:40.451353Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-01-15T08:03:40.451609Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 12.settings
2026-01-15T08:03:40.453399Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-01-15T08:03:40.453939Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-15T08:03:40.454789Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "12", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-15T08:03:42.469002Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-15 08:03:40,796, INFO - Start executing handler action: enable
2026-01-15 08:03:40,818, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/12.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-15 08:03:40,835, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-01-15 08:03:40,863, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-15 08:03:40,863, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-15 08:03:40,863, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-15 08:03:40,863, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-15 08:03:40,869, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-15 08:03:41,050, INFO - Start executing installer wrapper
2026-01-15 08:03:41,052, INFO - proxy settings: {}
2026-01-15 08:03:41,052, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-15 08:03:41,127, INFO - MDE is installed
2026-01-15 08:03:41,127, INFO - Wait for MDE service to be available
2026-01-15 08:03:42,029, INFO - MDE is onboarded
2026-01-15 08:03:42,336, INFO - MDC tags in MDE are valid
2026-01-15 08:03:42,336, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-01-16T08:07:57.427917Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_2165146086915864118]
2026-01-16T08:07:57.430097Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-01-16T08:07:57.430474Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 12.settings
2026-01-16T08:07:57.431090Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-01-16T08:07:57.431697Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-16T08:07:57.432432Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "12", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-16T08:07:59.439655Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-16 08:07:57,739, INFO - Start executing handler action: enable
2026-01-16 08:07:57,759, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/12.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-16 08:07:57,775, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-01-16 08:07:57,802, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-16 08:07:57,802, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-16 08:07:57,803, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-16 08:07:57,803, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-16 08:07:57,809, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-16 08:07:58,001, INFO - Start executing installer wrapper
2026-01-16 08:07:58,002, INFO - proxy settings: {}
2026-01-16 08:07:58,002, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-16 08:07:58,082, INFO - MDE is installed
2026-01-16 08:07:58,083, INFO - Wait for MDE service to be available
2026-01-16 08:07:58,757, INFO - MDE is onboarded
2026-01-16 08:07:59,064, INFO - MDC tags in MDE are valid
2026-01-16 08:07:59,065, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-01-17T08:04:40.750057Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_375813167309407003]
2026-01-17T08:04:40.752273Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-01-17T08:04:40.753082Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 12.settings
2026-01-17T08:04:40.754637Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-01-17T08:04:40.755226Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-17T08:04:40.756142Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "12", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-17T08:04:42.764166Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-17 08:04:41,071, INFO - Start executing handler action: enable
2026-01-17 08:04:41,091, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/12.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-17 08:04:41,107, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-01-17 08:04:41,135, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-17 08:04:41,135, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-17 08:04:41,135, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-17 08:04:41,135, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-17 08:04:41,140, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-17 08:04:41,311, INFO - Start executing installer wrapper
2026-01-17 08:04:41,312, INFO - proxy settings: {}
2026-01-17 08:04:41,312, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-17 08:04:41,390, INFO - MDE is installed
2026-01-17 08:04:41,390, INFO - Wait for MDE service to be available
2026-01-17 08:04:42,169, INFO - MDE is onboarded
2026-01-17 08:04:42,469, INFO - MDC tags in MDE are valid
2026-01-17 08:04:42,469, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-01-18T08:07:34.905985Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_18400804932744646997]
2026-01-18T08:07:34.907436Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-01-18T08:07:34.907624Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 12.settings
2026-01-18T08:07:34.908380Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-01-18T08:07:34.909174Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-18T08:07:34.910203Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "12", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-18T08:07:36.922638Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-18 08:07:35,236, INFO - Start executing handler action: enable
2026-01-18 08:07:35,261, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/12.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-18 08:07:35,278, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-01-18 08:07:35,303, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-18 08:07:35,303, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-18 08:07:35,303, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-18 08:07:35,303, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-18 08:07:35,309, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-18 08:07:35,514, INFO - Start executing installer wrapper
2026-01-18 08:07:35,517, INFO - proxy settings: {}
2026-01-18 08:07:35,517, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-18 08:07:35,592, INFO - MDE is installed
2026-01-18 08:07:35,592, INFO - Wait for MDE service to be available
2026-01-18 08:07:36,180, INFO - MDE is onboarded
2026-01-18 08:07:36,483, INFO - MDC tags in MDE are valid
2026-01-18 08:07:36,484, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-01-18T11:43:38.997869Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_2368095458060287438]
2026-01-18T11:43:39.004806Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-01-18T11:43:39.005028Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 13.settings
2026-01-18T11:43:39.005728Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-01-18T11:43:39.006174Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-18T11:43:39.006910Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "13", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-18T11:43:41.015353Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-18 11:43:39,481, INFO - Start executing handler action: enable
2026-01-18 11:43:39,497, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/13.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-18 11:43:39,526, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-01-18 11:43:39,554, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-18 11:43:39,554, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-18 11:43:39,554, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-18 11:43:39,554, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-18 11:43:39,561, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-18 11:43:39,734, INFO - Start executing installer wrapper
2026-01-18 11:43:39,734, INFO - proxy settings: {}
2026-01-18 11:43:39,734, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-18 11:43:39,823, INFO - MDE is installed
2026-01-18 11:43:39,823, INFO - Wait for MDE service to be available
2026-01-18 11:43:40,385, INFO - MDE is onboarded
2026-01-18 11:43:40,684, INFO - MDC tags in MDE are valid
2026-01-18 11:43:40,684, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-01-19T08:02:37.648057Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_15909027299735471811]
2026-01-19T08:02:37.650162Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-01-19T08:02:37.650453Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 13.settings
2026-01-19T08:02:37.652239Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-01-19T08:02:37.652790Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-19T08:02:37.653609Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "13", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-19T08:02:39.660628Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-19 08:02:37,962, INFO - Start executing handler action: enable
2026-01-19 08:02:37,987, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/13.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-19 08:02:38,006, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-01-19 08:02:38,036, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-19 08:02:38,037, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-19 08:02:38,037, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-19 08:02:38,037, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-19 08:02:38,041, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-19 08:02:38,218, INFO - Start executing installer wrapper
2026-01-19 08:02:38,220, INFO - proxy settings: {}
2026-01-19 08:02:38,220, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-19 08:02:38,295, INFO - MDE is installed
2026-01-19 08:02:38,296, INFO - Wait for MDE service to be available
2026-01-19 08:02:39,154, INFO - MDE is onboarded
2026-01-19 08:02:39,457, INFO - MDC tags in MDE are valid
2026-01-19 08:02:39,458, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-01-20T08:02:09.249880Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_11487943658065027618]
2026-01-20T08:02:09.252162Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-01-20T08:02:09.252461Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 13.settings
2026-01-20T08:02:09.253800Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-01-20T08:02:09.254458Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-20T08:02:09.255280Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "13", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-20T08:02:11.265104Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-20 08:02:09,579, INFO - Start executing handler action: enable
2026-01-20 08:02:09,600, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/13.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-20 08:02:09,619, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-01-20 08:02:09,643, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-20 08:02:09,644, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-20 08:02:09,644, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-20 08:02:09,644, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-20 08:02:09,649, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-20 08:02:09,831, INFO - Start executing installer wrapper
2026-01-20 08:02:09,833, INFO - proxy settings: {}
2026-01-20 08:02:09,833, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-20 08:02:09,906, INFO - MDE is installed
2026-01-20 08:02:09,906, INFO - Wait for MDE service to be available
2026-01-20 08:02:10,935, INFO - MDE is onboarded
2026-01-20 08:02:11,240, INFO - MDC tags in MDE are valid
2026-01-20 08:02:11,240, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-01-21T08:06:13.839551Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_1369381346339371050]
2026-01-21T08:06:13.841420Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-01-21T08:06:13.841670Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 13.settings
2026-01-21T08:06:13.843333Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-01-21T08:06:13.843928Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-21T08:06:13.844737Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "13", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-21T08:06:15.853808Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-21 08:06:14,126, INFO - Start executing handler action: enable
2026-01-21 08:06:14,146, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/13.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-21 08:06:14,163, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-01-21 08:06:14,192, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-21 08:06:14,192, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-21 08:06:14,193, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-21 08:06:14,193, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-21 08:06:14,197, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-21 08:06:14,379, INFO - Start executing installer wrapper
2026-01-21 08:06:14,380, INFO - proxy settings: {}
2026-01-21 08:06:14,381, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-21 08:06:14,458, INFO - MDE is installed
2026-01-21 08:06:14,459, INFO - Wait for MDE service to be available
2026-01-21 08:06:15,539, INFO - MDE is onboarded
2026-01-21 08:06:15,838, INFO - MDC tags in MDE are valid
2026-01-21 08:06:15,838, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-01-22T08:07:07.544268Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_10581458245891383124]
2026-01-22T08:07:07.546963Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-01-22T08:07:07.547213Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 13.settings
2026-01-22T08:07:07.548533Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-01-22T08:07:07.549188Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-22T08:07:07.550060Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "13", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-22T08:07:09.557715Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-22 08:07:07,852, INFO - Start executing handler action: enable
2026-01-22 08:07:07,872, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/13.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-22 08:07:07,886, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-01-22 08:07:07,913, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-22 08:07:07,913, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-22 08:07:07,913, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-22 08:07:07,913, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-22 08:07:07,917, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-22 08:07:08,087, INFO - Start executing installer wrapper
2026-01-22 08:07:08,089, INFO - proxy settings: {}
2026-01-22 08:07:08,089, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-22 08:07:08,180, INFO - MDE is installed
2026-01-22 08:07:08,180, INFO - Wait for MDE service to be available
2026-01-22 08:07:08,920, INFO - MDE is onboarded
2026-01-22 08:07:09,216, INFO - MDC tags in MDE are valid
2026-01-22 08:07:09,217, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-01-23T08:11:37.253324Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_2703272300953041346]
2026-01-23T08:11:37.256084Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-01-23T08:11:37.256362Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 13.settings
2026-01-23T08:11:37.257584Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-01-23T08:11:37.258026Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-23T08:11:37.258908Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "13", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-23T08:11:39.265905Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-23 08:11:37,572, INFO - Start executing handler action: enable
2026-01-23 08:11:37,593, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/13.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-23 08:11:37,609, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-01-23 08:11:37,636, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-23 08:11:37,636, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-23 08:11:37,636, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-23 08:11:37,636, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-23 08:11:37,643, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-23 08:11:37,893, INFO - Start executing installer wrapper
2026-01-23 08:11:37,902, INFO - proxy settings: {}
2026-01-23 08:11:37,902, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-23 08:11:38,016, INFO - MDE is installed
2026-01-23 08:11:38,016, INFO - Wait for MDE service to be available
2026-01-23 08:11:38,697, INFO - MDE is onboarded
2026-01-23 08:11:38,970, INFO - MDC tags in MDE are valid
2026-01-23 08:11:38,971, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-01-24T08:08:28.193823Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_14199680899508653129]
2026-01-24T08:08:28.196340Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-01-24T08:08:28.196597Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 13.settings
2026-01-24T08:08:28.197886Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-01-24T08:08:28.198495Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-24T08:08:28.199641Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "13", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-24T08:08:30.207762Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-24 08:08:28,479, INFO - Start executing handler action: enable
2026-01-24 08:08:28,499, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/13.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-24 08:08:28,513, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-01-24 08:08:28,539, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-24 08:08:28,539, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-24 08:08:28,540, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-24 08:08:28,540, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-24 08:08:28,544, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-24 08:08:28,709, INFO - Start executing installer wrapper
2026-01-24 08:08:28,711, INFO - proxy settings: {}
2026-01-24 08:08:28,711, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-24 08:08:28,785, INFO - MDE is installed
2026-01-24 08:08:28,785, INFO - Wait for MDE service to be available
2026-01-24 08:08:29,490, INFO - MDE is onboarded
2026-01-24 08:08:29,789, INFO - MDC tags in MDE are valid
2026-01-24 08:08:29,790, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-01-25T08:05:12.207026Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_8403314154404072415]
2026-01-25T08:05:12.209471Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-01-25T08:05:12.210415Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 13.settings
2026-01-25T08:05:12.212091Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-01-25T08:05:12.212535Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-25T08:05:12.213397Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "13", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-25T08:05:14.220940Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-25 08:05:12,548, INFO - Start executing handler action: enable
2026-01-25 08:05:12,571, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/13.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-25 08:05:12,586, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-01-25 08:05:12,614, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-25 08:05:12,615, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-25 08:05:12,615, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-25 08:05:12,615, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-25 08:05:12,619, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-25 08:05:12,802, INFO - Start executing installer wrapper
2026-01-25 08:05:12,804, INFO - proxy settings: {}
2026-01-25 08:05:12,804, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-25 08:05:12,884, INFO - MDE is installed
2026-01-25 08:05:12,885, INFO - Wait for MDE service to be available
2026-01-25 08:05:13,569, INFO - MDE is onboarded
2026-01-25 08:05:13,864, INFO - MDC tags in MDE are valid
2026-01-25 08:05:13,865, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-01-25T17:43:14.709426Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_1312850661867512579]
2026-01-25T17:43:14.711502Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-01-25T17:43:14.711685Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 14.settings
2026-01-25T17:43:14.712355Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-01-25T17:43:14.712809Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-25T17:43:14.713615Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "14", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-25T17:43:16.730332Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-25 17:43:15,043, INFO - Start executing handler action: enable
2026-01-25 17:43:15,063, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/14.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-25 17:43:15,120, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-01-25 17:43:15,145, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-25 17:43:15,146, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-25 17:43:15,146, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-25 17:43:15,146, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-25 17:43:15,151, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-25 17:43:15,321, INFO - Start executing installer wrapper
2026-01-25 17:43:15,323, INFO - proxy settings: {}
2026-01-25 17:43:15,323, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-25 17:43:15,399, INFO - MDE is installed
2026-01-25 17:43:15,399, INFO - Wait for MDE service to be available
2026-01-25 17:43:16,467, INFO - MDE is onboarded
2026-01-26T08:11:26.742840Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_6312544415517360827]
2026-01-26T08:11:26.744929Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-01-26T08:11:26.746117Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 14.settings
2026-01-26T08:11:26.747529Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-01-26T08:11:26.748151Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-26T08:11:26.749019Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "14", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-26T08:11:28.756823Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-26 08:11:27,071, INFO - Start executing handler action: enable
2026-01-26 08:11:27,095, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/14.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-26 08:11:27,113, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-01-26 08:11:27,137, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-26 08:11:27,137, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-26 08:11:27,137, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-26 08:11:27,137, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-26 08:11:27,143, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-26 08:11:27,311, INFO - Start executing installer wrapper
2026-01-26 08:11:27,313, INFO - proxy settings: {}
2026-01-26 08:11:27,313, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-26 08:11:27,388, INFO - MDE is installed
2026-01-26 08:11:27,389, INFO - Wait for MDE service to be available
2026-01-26 08:11:28,282, INFO - MDE is onboarded
2026-01-26 08:11:28,582, INFO - MDC tags in MDE are valid
2026-01-26 08:11:28,582, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-01-27T08:05:09.088462Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_4239242606118713886]
2026-01-27T08:05:09.090339Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-01-27T08:05:09.090646Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 14.settings
2026-01-27T08:05:09.101738Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-01-27T08:05:09.102371Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-27T08:05:09.103318Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "14", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-27T08:05:11.117218Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-27 08:05:09,414, INFO - Start executing handler action: enable
2026-01-27 08:05:09,434, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/14.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-27 08:05:09,452, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-01-27 08:05:09,482, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-27 08:05:09,482, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-27 08:05:09,482, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-27 08:05:09,483, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-27 08:05:09,491, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-27 08:05:09,678, INFO - Start executing installer wrapper
2026-01-27 08:05:09,679, INFO - proxy settings: {}
2026-01-27 08:05:09,679, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-27 08:05:09,767, INFO - MDE is installed
2026-01-27 08:05:09,767, INFO - Wait for MDE service to be available
2026-01-27 08:05:10,629, INFO - MDE is onboarded
2026-01-27 08:05:10,927, INFO - MDC tags in MDE are valid
2026-01-27 08:05:10,927, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-01-27T18:33:36.690231Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_4239242606118713886]
2026-01-27T18:33:36.692166Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-01-27T18:33:36.692447Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 14.settings
2026-01-27T18:33:36.693347Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-01-27T18:33:36.693881Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-27T18:33:36.694788Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "14", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-27T18:33:38.703010Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-27 18:33:36,994, INFO - Start executing handler action: enable
2026-01-27 18:33:37,019, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/14.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-27 18:33:37,030, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-01-27 18:33:37,055, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-27 18:33:37,055, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-27 18:33:37,055, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-27 18:33:37,055, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-27 18:33:37,060, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-27 18:33:37,235, INFO - Start executing installer wrapper
2026-01-27 18:33:37,236, INFO - proxy settings: {}
2026-01-27 18:33:37,236, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-27 18:33:37,311, INFO - MDE is installed
2026-01-27 18:33:37,311, INFO - Wait for MDE service to be available
2026-01-27 18:33:37,946, INFO - MDE is onboarded
2026-01-27 18:33:38,248, INFO - MDC tags in MDE are valid
2026-01-27 18:33:38,248, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-01-28T08:10:38.005131Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_8022768379547565990]
2026-01-28T08:10:38.007365Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-01-28T08:10:38.007589Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 14.settings
2026-01-28T08:10:38.013790Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-01-28T08:10:38.014301Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-28T08:10:38.015502Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "14", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-28T08:10:40.024447Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-28 08:10:38,384, INFO - Start executing handler action: enable
2026-01-28 08:10:38,411, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/14.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-28 08:10:38,450, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-01-28 08:10:38,477, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-28 08:10:38,477, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-28 08:10:38,477, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-28 08:10:38,478, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-28 08:10:38,486, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-28 08:10:38,673, INFO - Start executing installer wrapper
2026-01-28 08:10:38,691, INFO - proxy settings: {}
2026-01-28 08:10:38,691, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-28 08:10:38,785, INFO - MDE is installed
2026-01-28 08:10:38,786, INFO - Wait for MDE service to be available
2026-01-28 08:10:39,592, INFO - MDE is onboarded
2026-01-28 08:10:39,894, INFO - MDC tags in MDE are valid
2026-01-28 08:10:39,894, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-01-29T08:06:17.739063Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_7133926233191584621]
2026-01-29T08:06:17.741805Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-01-29T08:06:17.742145Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 14.settings
2026-01-29T08:06:17.743228Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-01-29T08:06:17.743923Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-29T08:06:17.745039Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "14", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-29T08:06:19.755392Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-29 08:06:18,053, INFO - Start executing handler action: enable
2026-01-29 08:06:18,080, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/14.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-29 08:06:18,096, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-01-29 08:06:18,121, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-29 08:06:18,121, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-29 08:06:18,121, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-29 08:06:18,122, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-29 08:06:18,127, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-29 08:06:18,339, INFO - Start executing installer wrapper
2026-01-29 08:06:18,341, INFO - proxy settings: {}
2026-01-29 08:06:18,341, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-29 08:06:18,415, INFO - MDE is installed
2026-01-29 08:06:18,415, INFO - Wait for MDE service to be available
2026-01-29 08:06:18,830, INFO - MDE is onboarded
2026-01-29 08:06:19,039, INFO - MDC tags in MDE are valid
2026-01-29 08:06:19,040, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-01-30T08:12:27.971874Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_4586024268156158055]
2026-01-30T08:12:27.976809Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-01-30T08:12:27.978497Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 14.settings
2026-01-30T08:12:27.979727Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-01-30T08:12:27.980207Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-30T08:12:27.981080Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "14", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-30T08:12:29.990694Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-30 08:12:28,332, INFO - Start executing handler action: enable
2026-01-30 08:12:28,359, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/14.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-30 08:12:28,374, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-01-30 08:12:28,398, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-30 08:12:28,399, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-30 08:12:28,399, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-30 08:12:28,399, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-30 08:12:28,407, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-30 08:12:28,590, INFO - Start executing installer wrapper
2026-01-30 08:12:28,595, INFO - proxy settings: {}
2026-01-30 08:12:28,595, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-30 08:12:28,669, INFO - MDE is installed
2026-01-30 08:12:28,669, INFO - Wait for MDE service to be available
2026-01-30 08:12:29,213, INFO - MDE is onboarded
2026-01-30 08:12:29,423, INFO - MDC tags in MDE are valid
2026-01-30 08:12:29,423, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-01-31T08:02:10.830822Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_15362270046259898777]
2026-01-31T08:02:10.839609Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-01-31T08:02:10.839860Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 14.settings
2026-01-31T08:02:10.840464Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-01-31T08:02:10.840860Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-01-31T08:02:10.841513Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "14", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-01-31T08:02:12.850921Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-31 08:02:11,136, INFO - Start executing handler action: enable
2026-01-31 08:02:11,153, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/14.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-01-31 08:02:11,167, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-01-31 08:02:11,192, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-01-31 08:02:11,193, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-01-31 08:02:11,193, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-01-31 08:02:11,193, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-01-31 08:02:11,198, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-01-31 08:02:11,381, INFO - Start executing installer wrapper
2026-01-31 08:02:11,383, INFO - proxy settings: {}
2026-01-31 08:02:11,383, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-01-31 08:02:11,457, INFO - MDE is installed
2026-01-31 08:02:11,457, INFO - Wait for MDE service to be available
2026-01-31 08:02:12,510, INFO - MDE is onboarded
2026-01-31 08:02:12,821, INFO - MDC tags in MDE are valid
2026-01-31 08:02:12,822, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-02-01T08:06:55.254966Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_3578046732288121569]
2026-02-01T08:06:55.258847Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-02-01T08:06:55.259203Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 14.settings
2026-02-01T08:06:55.260629Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-02-01T08:06:55.261091Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-01T08:06:55.262081Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "14", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-01T08:06:57.271250Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-01 08:06:55,609, INFO - Start executing handler action: enable
2026-02-01 08:06:55,636, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/14.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-01 08:06:55,653, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-01 08:06:55,679, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-01 08:06:55,679, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-01 08:06:55,680, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-01 08:06:55,680, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-01 08:06:55,684, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-01 08:06:55,919, INFO - Start executing installer wrapper
2026-02-01 08:06:55,922, INFO - proxy settings: {}
2026-02-01 08:06:55,922, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-01 08:06:55,995, INFO - MDE is installed
2026-02-01 08:06:55,995, INFO - Wait for MDE service to be available
2026-02-01 08:06:57,069, INFO - MDE is onboarded
2026-02-01T23:50:44.742055Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_11000553745225273286]
2026-02-01T23:50:45.050348Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-02-01T23:50:45.051663Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 15.settings
2026-02-01T23:50:45.448084Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-02-01T23:50:46.742189Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-01T23:50:48.293525Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "15", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-01T23:58:51.716618Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-01 23:58:49,124, INFO - Start executing handler action: enable
2026-02-01 23:58:49,476, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/15.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-01 23:58:49,757, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-01 23:58:49,805, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-01 23:58:49,806, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-01 23:58:49,806, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-01 23:58:49,806, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-01 23:58:49,826, INFO - End executing handler action: enable
Python 2.7.5
2026-02-02T08:07:02.717797Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_3787632264049132894]
2026-02-02T08:07:02.724862Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-02-02T08:07:02.725095Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 15.settings
2026-02-02T08:07:02.728553Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-02-02T08:07:02.729283Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-02T08:07:02.730121Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "15", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-02T08:07:04.751184Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-02 08:07:03,082, INFO - Start executing handler action: enable
2026-02-02 08:07:03,105, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/15.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-02 08:07:03,124, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-02 08:07:03,155, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-02 08:07:03,156, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-02 08:07:03,156, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-02 08:07:03,156, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-02 08:07:03,162, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-02 08:07:03,515, INFO - Start executing installer wrapper
2026-02-02 08:07:03,526, INFO - proxy settings: {}
2026-02-02 08:07:03,526, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-02 08:07:03,646, INFO - MDE is installed
2026-02-02 08:07:03,646, INFO - Wait for MDE service to be available
2026-02-02 08:07:04,638, INFO - MDE is onboarded
2026-02-03T08:04:40.734087Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_2710035105196402883]
2026-02-03T08:04:40.737958Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-02-03T08:04:40.738208Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 15.settings
2026-02-03T08:04:40.739733Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-02-03T08:04:40.740206Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-03T08:04:40.740976Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "15", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-03T08:04:42.748351Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-03 08:04:41,068, INFO - Start executing handler action: enable
2026-02-03 08:04:41,089, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/15.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-03 08:04:41,104, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-03 08:04:41,131, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-03 08:04:41,131, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-03 08:04:41,131, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-03 08:04:41,131, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-03 08:04:41,135, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-03 08:04:41,308, INFO - Start executing installer wrapper
2026-02-03 08:04:41,310, INFO - proxy settings: {}
2026-02-03 08:04:41,310, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-03 08:04:41,384, INFO - MDE is installed
2026-02-03 08:04:41,384, INFO - Wait for MDE service to be available
2026-02-03 08:04:42,314, INFO - MDE is onboarded
2026-02-03 08:04:42,624, INFO - MDC tags in MDE are valid
2026-02-03 08:04:42,624, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-02-04T08:03:57.502709Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_465732763178902400]
2026-02-04T08:03:57.505649Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-02-04T08:03:57.505928Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 15.settings
2026-02-04T08:03:57.507016Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-02-04T08:03:57.507557Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-04T08:03:57.508394Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "15", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-04T08:03:59.515202Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-04 08:03:57,843, INFO - Start executing handler action: enable
2026-02-04 08:03:57,860, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/15.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-04 08:03:57,876, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-04 08:03:57,902, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-04 08:03:57,902, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-04 08:03:57,902, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-04 08:03:57,902, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-04 08:03:57,906, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-04 08:03:58,083, INFO - Start executing installer wrapper
2026-02-04 08:03:58,085, INFO - proxy settings: {}
2026-02-04 08:03:58,085, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-04 08:03:58,160, INFO - MDE is installed
2026-02-04 08:03:58,160, INFO - Wait for MDE service to be available
2026-02-04 08:03:58,827, INFO - MDE is onboarded
2026-02-04 08:03:59,115, INFO - MDC tags in MDE are valid
2026-02-04 08:03:59,116, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-02-05T08:04:57.666066Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_10056063688987408485]
2026-02-05T08:04:57.668576Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-02-05T08:04:57.668816Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 15.settings
2026-02-05T08:04:57.671781Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-02-05T08:04:57.672435Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-05T08:04:57.673406Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "15", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-05T08:04:59.682085Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-05 08:04:58,054, INFO - Start executing handler action: enable
2026-02-05 08:04:58,081, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/15.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-05 08:04:58,100, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-05 08:04:58,128, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-05 08:04:58,128, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-05 08:04:58,128, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-05 08:04:58,129, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-05 08:04:58,134, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-05 08:04:58,310, INFO - Start executing installer wrapper
2026-02-05 08:04:58,311, INFO - proxy settings: {}
2026-02-05 08:04:58,312, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-05 08:04:58,387, INFO - MDE is installed
2026-02-05 08:04:58,387, INFO - Wait for MDE service to be available
2026-02-05 08:04:59,241, INFO - MDE is onboarded
2026-02-05 08:04:59,547, INFO - MDC tags in MDE are valid
2026-02-05 08:04:59,548, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-02-06T08:08:26.515732Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_14462057001958561642]
2026-02-06T08:08:26.521137Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-02-06T08:08:26.521388Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 15.settings
2026-02-06T08:08:26.522099Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-02-06T08:08:26.522720Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-06T08:08:26.523529Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "15", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-06T08:08:28.532871Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-06 08:08:26,813, INFO - Start executing handler action: enable
2026-02-06 08:08:26,834, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/15.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-06 08:08:26,848, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-06 08:08:26,874, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-06 08:08:26,875, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-06 08:08:26,875, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-06 08:08:26,875, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-06 08:08:26,879, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-06 08:08:27,079, INFO - Start executing installer wrapper
2026-02-06 08:08:27,080, INFO - proxy settings: {}
2026-02-06 08:08:27,080, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-06 08:08:27,159, INFO - MDE is installed
2026-02-06 08:08:27,160, INFO - Wait for MDE service to be available
2026-02-06 08:08:27,852, INFO - MDE is onboarded
2026-02-06 08:08:28,237, INFO - MDC tags in MDE are valid
2026-02-06 08:08:28,238, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-02-06T09:17:48.479355Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_17199510790629692644]
2026-02-06T09:17:48.483758Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-02-06T09:17:48.484011Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 15.settings
2026-02-06T09:17:48.484703Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-02-06T09:17:48.485235Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-06T09:17:48.486019Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "15", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-06T09:17:50.493216Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-06 09:17:48,767, INFO - Start executing handler action: enable
2026-02-06 09:17:48,788, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/15.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-06 09:17:48,800, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-06 09:17:48,826, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-06 09:17:48,826, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-06 09:17:48,826, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-06 09:17:48,827, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-06 09:17:48,831, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-06 09:17:49,006, INFO - Start executing installer wrapper
2026-02-06 09:17:49,007, INFO - proxy settings: {}
2026-02-06 09:17:49,007, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-06 09:17:49,076, INFO - MDE is installed
2026-02-06 09:17:49,076, INFO - Wait for MDE service to be available
2026-02-06 09:17:49,638, INFO - MDE is onboarded
2026-02-06 09:17:49,848, INFO - MDC tags in MDE are valid
2026-02-06 09:17:49,849, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-02-07T08:04:06.169457Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_16820217505525587011]
2026-02-07T08:04:06.173221Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-02-07T08:04:06.173478Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 15.settings
2026-02-07T08:04:06.176000Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-02-07T08:04:06.178090Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-07T08:04:06.178943Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "15", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-07T08:04:08.195271Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-07 08:04:07,052, INFO - Start executing handler action: enable
2026-02-07 08:04:07,091, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/15.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-07 08:04:07,108, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-07 08:04:07,133, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-07 08:04:07,134, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-07 08:04:07,134, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-07 08:04:07,134, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-07 08:04:07,142, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-07 08:04:07,425, INFO - Start executing installer wrapper
2026-02-07 08:04:07,430, INFO - proxy settings: {}
2026-02-07 08:04:07,431, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-07 08:04:07,552, INFO - MDE is installed
2026-02-07 08:04:07,553, INFO - Wait for MDE service to be available
2026-02-08T08:06:56.330001Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Target handler state: enabled [etag_1749500994320176569]
2026-02-08T08:06:56.332880Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] [Enable] current handler state is: enabled
2026-02-08T08:06:56.333568Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Update settings file: 15.settings
2026-02-08T08:06:56.335269Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Requested extension state: enabled
2026-02-08T08:06:56.335773Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-08T08:06:56.336816Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "15", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-08T08:06:58.344569Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-08 08:06:56,677, INFO - Start executing handler action: enable
2026-02-08 08:06:56,699, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status/15.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-08 08:06:56,718, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-08 08:06:56,743, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-08 08:06:56,743, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-08 08:06:56,743, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-08 08:06:56,744, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-08 08:06:56,747, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-08 08:06:56,903, INFO - Start executing installer wrapper
2026-02-08 08:06:56,904, INFO - proxy settings: {}
2026-02-08 08:06:56,905, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-08 08:06:57,079, INFO - MDE is installed
2026-02-08 08:06:57,079, INFO - Wait for MDE service to be available
2026-02-08 08:06:57,951, INFO - MDE is onboarded
2026-02-08 08:06:58,253, INFO - MDC tags in MDE are valid
2026-02-08 08:06:58,254, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-02-09T05:43:47.572607Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_18054137066957914234]
2026-02-09T05:43:47.574375Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: notinstalled
2026-02-09T05:43:47.829997Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Initializing extension Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2
2026-02-09T05:43:47.850599Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 16.settings
2026-02-09T05:43:47.851892Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Disable extension: [PythonRunner.sh src/MdeExtensionHandler.py disable]
2026-02-09T05:43:47.852650Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py disable with environment variables: {"AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "16", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-09T05:43:49.879999Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py disable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-09 05:43:48,632, INFO - Start executing handler action: disable
2026-02-09 05:43:48,634, ERROR - Microsoft Defender for Endpoint offboarding is not supported
2026-02-09 05:43:48,634, INFO - End executing handler action: disable
2026-02-09T05:43:49.882608Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Copy status files from old plugin to new
2026-02-09T05:43:49.914207Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update extension [PythonRunner.sh src/MdeExtensionHandler.py update]
2026-02-09T05:43:49.915037Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py update with environment variables: {"AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_DISABLE_CMD_EXIT_CODE": "0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "AZURE_GUEST_AGENT_UPDATING_FROM_VERSION": "1.0.9.0", "ConfigSequenceNumber": "16", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-09T05:43:51.932688Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py update
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-09 05:43:50,263, INFO - Start executing handler action: update
2026-02-09 05:43:50,263, WARNING - No operation for action: update
2026-02-09 05:43:50,263, INFO - End executing handler action: update
2026-02-09T05:43:51.934803Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Uninstall extension [PythonRunner.sh src/MdeExtensionHandler.py uninstall]
2026-02-09T05:43:51.935922Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/PythonRunner.sh src/MdeExtensionHandler.py uninstall with environment variables: {"AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.0", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0", "ConfigSequenceNumber": "16", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-09T05:43:53.957014Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Command: PythonRunner.sh src/MdeExtensionHandler.py uninstall
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-09 05:43:52,206, INFO - Start executing handler action: uninstall
2026-02-09 05:43:52,206, ERROR - Microsoft Defender for Endpoint offboarding is not supported
2026-02-09 05:43:52,207, INFO - End executing handler action: uninstall
2026-02-09T05:43:53.959224Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Remove extension handler directory: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0
2026-02-09T05:43:54.022484Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0] Remove the extension slice: Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.0
2026-02-09T05:43:54.023066Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Install extension [PythonRunner.sh src/MdeExtensionHandler.py install]
2026-02-09T05:43:54.023942Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py install with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "0", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "16", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-09T05:43:56.036888Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py install
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-09 05:43:54,339, INFO - Start executing handler action: install
2026-02-09 05:43:54,339, INFO - MDE installation will occur in 'enable'
2026-02-09 05:43:54,339, INFO - End executing handler action: install
2026-02-09T05:43:56.041582Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-02-09T05:43:56.042188Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-09T05:43:56.042928Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "0", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "16", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-09T05:43:58.056108Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-09 05:43:56,302, INFO - Start executing handler action: enable
2026-02-09 05:43:56,303, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status/16.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-09 05:43:56,380, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-09 05:43:56,413, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-09 05:43:56,413, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-09 05:43:56,413, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-09 05:43:56,414, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-09 05:43:56,420, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-09 05:43:56,682, INFO - Start executing installer wrapper
2026-02-09 05:43:56,688, INFO - proxy settings: {}
2026-02-09 05:43:56,688, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-09 05:43:56,780, INFO - MDE is installed
2026-02-09 05:43:56,780, INFO - Wait for MDE service to be available
2026-02-09T08:07:21.284118Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_13676936399098278466]
2026-02-09T08:07:21.286097Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: enabled
2026-02-09T08:07:21.286367Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 16.settings
2026-02-09T08:07:21.287016Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-02-09T08:07:21.287512Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-09T08:07:21.289785Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "16", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-09T08:07:23.298120Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-09 08:07:21,492, INFO - Start executing handler action: enable
2026-02-09 08:07:21,494, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status/16.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-09 08:07:21,521, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-09 08:07:21,544, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-09 08:07:21,544, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-09 08:07:21,545, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-09 08:07:21,545, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-09 08:07:21,549, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-09 08:07:21,711, INFO - Start executing installer wrapper
2026-02-09 08:07:21,712, INFO - proxy settings: {}
2026-02-09 08:07:21,712, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-09 08:07:21,787, INFO - MDE is installed
2026-02-09 08:07:21,787, INFO - Wait for MDE service to be available
2026-02-09 08:07:22,359, INFO - MDE is onboarded
2026-02-09 08:07:22,663, INFO - MDC tags in MDE are valid
2026-02-09 08:07:22,663, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-02-10T08:02:36.840148Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_14583673093439159225]
2026-02-10T08:02:36.842674Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: enabled
2026-02-10T08:02:36.843183Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 16.settings
2026-02-10T08:02:36.843788Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-02-10T08:02:36.844233Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-10T08:02:36.845106Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "16", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-10T08:02:38.853616Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-10 08:02:37,202, INFO - Start executing handler action: enable
2026-02-10 08:02:37,204, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status/16.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-10 08:02:37,240, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-10 08:02:37,265, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-10 08:02:37,265, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-10 08:02:37,266, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-10 08:02:37,266, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-10 08:02:37,270, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-10 08:02:37,468, INFO - Start executing installer wrapper
2026-02-10 08:02:37,469, INFO - proxy settings: {}
2026-02-10 08:02:37,470, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-10 08:02:37,543, INFO - MDE is installed
2026-02-10 08:02:37,543, INFO - Wait for MDE service to be available
2026-02-10 08:02:38,020, INFO - MDE is onboarded
2026-02-10 08:02:38,309, INFO - MDC tags in MDE are valid
2026-02-10 08:02:38,309, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-02-11T08:05:55.263653Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_14382339274463565958]
2026-02-11T08:05:55.283267Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: enabled
2026-02-11T08:05:55.283483Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 16.settings
2026-02-11T08:05:55.292048Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-02-11T08:05:55.302236Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-11T08:05:55.303063Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "16", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-11T08:06:00.366479Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-11 08:05:57,962, INFO - Start executing handler action: enable
2026-02-11 08:05:57,987, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status/16.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-11 08:05:58,260, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-11 08:05:58,306, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-11 08:05:58,307, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-11 08:05:58,307, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-11 08:05:58,307, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-11 08:05:58,342, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-11 08:05:59,954, INFO - Start executing installer wrapper
2026-02-11 08:05:59,973, INFO - proxy settings: {}
2026-02-11 08:05:59,973, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-11 08:06:00,185, INFO - MDE is installed
2026-02-11 08:06:00,185, INFO - Wait for MDE service to be available
2026-02-12T08:10:52.794789Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_7742890279626487380]
2026-02-12T08:10:52.797518Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: enabled
2026-02-12T08:10:52.797776Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 16.settings
2026-02-12T08:10:52.798459Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-02-12T08:10:52.799111Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-12T08:10:52.800022Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "16", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-12T08:10:54.810444Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-12 08:10:53,263, INFO - Start executing handler action: enable
2026-02-12 08:10:53,267, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status/16.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-12 08:10:53,302, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-12 08:10:53,328, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-12 08:10:53,328, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-12 08:10:53,328, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-12 08:10:53,329, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-12 08:10:53,333, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-12 08:10:53,519, INFO - Start executing installer wrapper
2026-02-12 08:10:53,522, INFO - proxy settings: {}
2026-02-12 08:10:53,522, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-12 08:10:53,598, INFO - MDE is installed
2026-02-12 08:10:53,598, INFO - Wait for MDE service to be available
2026-02-12 08:10:54,477, INFO - MDE is onboarded
2026-02-12 08:10:54,771, INFO - MDC tags in MDE are valid
2026-02-12 08:10:54,772, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-02-13T08:08:46.580599Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_2967904237617467259]
2026-02-13T08:08:46.588385Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: enabled
2026-02-13T08:08:46.589310Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 16.settings
2026-02-13T08:08:46.590935Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-02-13T08:08:46.591519Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-13T08:08:46.592540Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "16", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-13T08:08:48.611240Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-13 08:08:46,983, INFO - Start executing handler action: enable
2026-02-13 08:08:46,986, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status/16.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-13 08:08:47,022, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-13 08:08:47,046, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-13 08:08:47,046, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-13 08:08:47,047, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-13 08:08:47,047, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-13 08:08:47,053, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-13 08:08:47,267, INFO - Start executing installer wrapper
2026-02-13 08:08:47,270, INFO - proxy settings: {}
2026-02-13 08:08:47,270, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-13 08:08:47,341, INFO - MDE is installed
2026-02-13 08:08:47,341, INFO - Wait for MDE service to be available
2026-02-13 08:08:48,420, INFO - MDE is onboarded
2026-02-14T08:09:16.663008Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_3370626769056862796]
2026-02-14T08:09:16.666349Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: enabled
2026-02-14T08:09:16.666643Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 16.settings
2026-02-14T08:09:16.667934Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-02-14T08:09:16.668631Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-14T08:09:16.669548Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "16", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-14T08:09:18.677442Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-14 08:09:17,049, INFO - Start executing handler action: enable
2026-02-14 08:09:17,052, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status/16.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-14 08:09:17,090, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-14 08:09:17,118, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-14 08:09:17,118, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-14 08:09:17,118, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-14 08:09:17,118, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-14 08:09:17,122, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-14 08:09:17,302, INFO - Start executing installer wrapper
2026-02-14 08:09:17,304, INFO - proxy settings: {}
2026-02-14 08:09:17,304, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-14 08:09:17,378, INFO - MDE is installed
2026-02-14 08:09:17,378, INFO - Wait for MDE service to be available
2026-02-14 08:09:18,202, INFO - MDE is onboarded
2026-02-14 08:09:18,505, INFO - MDC tags in MDE are valid
2026-02-14 08:09:18,505, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-02-15T08:09:52.792302Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_10657579464669624237]
2026-02-15T08:09:52.795354Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: enabled
2026-02-15T08:09:52.795588Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 16.settings
2026-02-15T08:09:52.796882Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-02-15T08:09:52.797444Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-15T08:09:52.798642Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "16", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-15T08:09:54.806411Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-15 08:09:53,128, INFO - Start executing handler action: enable
2026-02-15 08:09:53,133, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status/16.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-15 08:09:53,170, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-15 08:09:53,196, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-15 08:09:53,196, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-15 08:09:53,196, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-15 08:09:53,197, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-15 08:09:53,202, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-15 08:09:53,392, INFO - Start executing installer wrapper
2026-02-15 08:09:53,396, INFO - proxy settings: {}
2026-02-15 08:09:53,396, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-15 08:09:53,469, INFO - MDE is installed
2026-02-15 08:09:53,469, INFO - Wait for MDE service to be available
2026-02-15 08:09:54,256, INFO - MDE is onboarded
2026-02-15 08:09:54,558, INFO - MDC tags in MDE are valid
2026-02-15 08:09:54,559, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-02-16T06:05:32.677818Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_10090189321358349889]
2026-02-16T06:05:32.679913Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: enabled
2026-02-16T06:05:32.681650Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 17.settings
2026-02-16T06:05:32.682465Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-02-16T06:05:32.682894Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-16T06:05:32.683649Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "17", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-16T06:05:34.690933Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-16 06:05:33,028, INFO - Start executing handler action: enable
2026-02-16 06:05:33,031, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status/17.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-16 06:05:33,069, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-16 06:05:33,093, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-16 06:05:33,093, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-16 06:05:33,094, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-16 06:05:33,094, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-16 06:05:33,098, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-16 06:05:33,254, INFO - Start executing installer wrapper
2026-02-16 06:05:33,258, INFO - proxy settings: {}
2026-02-16 06:05:33,258, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-16 06:05:33,333, INFO - MDE is installed
2026-02-16 06:05:33,334, INFO - Wait for MDE service to be available
2026-02-16 06:05:34,287, INFO - MDE is onboarded
2026-02-16 06:05:34,597, INFO - MDC tags in MDE are valid
2026-02-16 06:05:34,597, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-02-16T08:02:17.572963Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_14561990642474492698]
2026-02-16T08:02:17.574790Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: enabled
2026-02-16T08:02:17.575036Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 17.settings
2026-02-16T08:02:17.575764Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-02-16T08:02:17.576212Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-16T08:02:17.577109Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "17", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-16T08:02:19.586859Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-16 08:02:17,765, INFO - Start executing handler action: enable
2026-02-16 08:02:17,766, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status/17.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-16 08:02:17,797, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-16 08:02:17,821, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-16 08:02:17,821, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-16 08:02:17,821, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-16 08:02:17,822, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-16 08:02:17,826, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-16 08:02:18,004, INFO - Start executing installer wrapper
2026-02-16 08:02:18,004, INFO - proxy settings: {}
2026-02-16 08:02:18,004, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-16 08:02:18,076, INFO - MDE is installed
2026-02-16 08:02:18,076, INFO - Wait for MDE service to be available
2026-02-16 08:02:18,787, INFO - MDE is onboarded
2026-02-16 08:02:19,085, INFO - MDC tags in MDE are valid
2026-02-16 08:02:19,085, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-02-17T08:11:27.526083Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_10493462342974334362]
2026-02-17T08:11:27.531291Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: enabled
2026-02-17T08:11:27.531502Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 17.settings
2026-02-17T08:11:27.536299Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-02-17T08:11:27.536856Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-17T08:11:27.537637Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "17", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-17T08:11:29.548115Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-17 08:11:27,876, INFO - Start executing handler action: enable
2026-02-17 08:11:27,878, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status/17.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-17 08:11:27,910, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-17 08:11:27,933, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-17 08:11:27,933, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-17 08:11:27,933, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-17 08:11:27,933, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-17 08:11:27,937, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-17 08:11:28,102, INFO - Start executing installer wrapper
2026-02-17 08:11:28,104, INFO - proxy settings: {}
2026-02-17 08:11:28,104, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-17 08:11:28,176, INFO - MDE is installed
2026-02-17 08:11:28,176, INFO - Wait for MDE service to be available
2026-02-17 08:11:28,916, INFO - MDE is onboarded
2026-02-17 08:11:29,216, INFO - MDC tags in MDE are valid
2026-02-17 08:11:29,217, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-02-18T08:06:02.706903Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_14108117378111520967]
2026-02-18T08:06:02.715445Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: enabled
2026-02-18T08:06:02.715696Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 17.settings
2026-02-18T08:06:02.730427Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-02-18T08:06:02.730935Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-18T08:06:02.731817Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "17", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-18T08:06:05.749597Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-18 08:06:03,897, INFO - Start executing handler action: enable
2026-02-18 08:06:03,900, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status/17.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-18 08:06:03,993, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-18 08:06:04,028, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-18 08:06:04,028, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-18 08:06:04,028, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-18 08:06:04,028, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-18 08:06:04,040, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-18 08:06:04,324, INFO - Start executing installer wrapper
2026-02-18 08:06:04,335, INFO - proxy settings: {}
2026-02-18 08:06:04,335, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-18 08:06:04,459, INFO - MDE is installed
2026-02-18 08:06:04,459, INFO - Wait for MDE service to be available
2026-02-18 08:06:05,589, INFO - MDE is onboarded
2026-02-19T01:22:27.044534Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_14108117378111520967]
2026-02-19T01:22:27.054236Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: enabled
2026-02-19T01:22:27.054473Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 17.settings
2026-02-19T01:22:27.060217Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-02-19T01:22:27.062194Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-19T01:22:27.063068Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "17", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-19T01:22:30.078602Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-19 01:22:28,702, INFO - Start executing handler action: enable
2026-02-19 01:22:28,776, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status/17.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-19 01:22:28,868, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-19 01:22:28,899, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-19 01:22:28,900, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-19 01:22:28,900, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-19 01:22:28,900, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-19 01:22:28,910, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-19 01:22:29,367, INFO - Start executing installer wrapper
2026-02-19 01:22:29,373, INFO - proxy settings: {}
2026-02-19 01:22:29,373, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-19 01:22:29,527, INFO - MDE is installed
2026-02-19 01:22:29,528, INFO - Wait for MDE service to be available
2026-02-19 01:22:30,022, INFO - start parsing onboarding script
2026-02-19 01:22:30,022, INFO - decode onboarding script successfully
2026-02-19 01:22:30,023, INFO - parse onboarding script successfully
2026-02-19 01:22:30,023, INFO - Starting onboarding script...
2026-02-19 01:22:30,024, INFO - Checking if Mde is installed
2026-02-19 01:22:30,024, INFO - Mde is installed: True
2026-02-19 01:22:30,024, INFO - Removing offboarding file if exists
2026-02-19T08:08:47.273488Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_3677889974273837699]
2026-02-19T08:08:47.276258Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: enabled
2026-02-19T08:08:47.277348Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 17.settings
2026-02-19T08:08:47.279057Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-02-19T08:08:47.279609Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-19T08:08:47.280479Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "17", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-19T08:08:49.288469Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-19 08:08:47,656, INFO - Start executing handler action: enable
2026-02-19 08:08:47,659, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status/17.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-19 08:08:47,696, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-19 08:08:47,722, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-19 08:08:47,722, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-19 08:08:47,722, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-19 08:08:47,723, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-19 08:08:47,727, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-19 08:08:47,912, INFO - Start executing installer wrapper
2026-02-19 08:08:47,914, INFO - proxy settings: {}
2026-02-19 08:08:47,914, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-19 08:08:47,993, INFO - MDE is installed
2026-02-19 08:08:47,993, INFO - Wait for MDE service to be available
2026-02-19 08:08:48,915, INFO - MDE is onboarded
2026-02-19 08:08:49,227, INFO - MDC tags in MDE are valid
2026-02-19 08:08:49,228, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-02-20T08:03:20.229604Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_3301053053798374174]
2026-02-20T08:03:20.232282Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: enabled
2026-02-20T08:03:20.232895Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 17.settings
2026-02-20T08:03:20.235153Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-02-20T08:03:20.235778Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-20T08:03:20.236509Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "17", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-20T08:03:22.247629Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-20 08:03:20,559, INFO - Start executing handler action: enable
2026-02-20 08:03:20,561, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status/17.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-20 08:03:20,596, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-20 08:03:20,621, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-20 08:03:20,621, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-20 08:03:20,621, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-20 08:03:20,622, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-20 08:03:20,629, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-20 08:03:20,816, INFO - Start executing installer wrapper
2026-02-20 08:03:20,817, INFO - proxy settings: {}
2026-02-20 08:03:20,818, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-20 08:03:20,891, INFO - MDE is installed
2026-02-20 08:03:20,891, INFO - Wait for MDE service to be available
2026-02-20 08:03:21,915, INFO - MDE is onboarded
2026-02-21T08:09:52.063265Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_8546708985645864269]
2026-02-21T08:09:52.066079Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: enabled
2026-02-21T08:09:52.066422Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 17.settings
2026-02-21T08:09:52.067167Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-02-21T08:09:52.067691Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-21T08:09:52.068501Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "17", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-21T08:09:54.078478Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-21 08:09:52,366, INFO - Start executing handler action: enable
2026-02-21 08:09:52,368, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status/17.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-21 08:09:52,397, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-21 08:09:52,424, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-21 08:09:52,424, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-21 08:09:52,424, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-21 08:09:52,425, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-21 08:09:52,431, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-21 08:09:52,618, INFO - Start executing installer wrapper
2026-02-21 08:09:52,620, INFO - proxy settings: {}
2026-02-21 08:09:52,620, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-21 08:09:52,696, INFO - MDE is installed
2026-02-21 08:09:52,696, INFO - Wait for MDE service to be available
2026-02-21 08:09:53,267, INFO - MDE is onboarded
2026-02-21 08:09:53,554, INFO - MDC tags in MDE are valid
2026-02-21 08:09:53,555, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-02-22T08:10:46.361937Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_17696744904657742394]
2026-02-22T08:10:46.364696Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: enabled
2026-02-22T08:10:46.365139Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 17.settings
2026-02-22T08:10:46.365885Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-02-22T08:10:46.366415Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-22T08:10:46.367362Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "17", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-22T08:10:48.376262Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-22 08:10:46,709, INFO - Start executing handler action: enable
2026-02-22 08:10:46,712, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status/17.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-22 08:10:46,746, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-22 08:10:46,771, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-22 08:10:46,771, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-22 08:10:46,771, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-22 08:10:46,771, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-22 08:10:46,777, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-22 08:10:46,944, INFO - Start executing installer wrapper
2026-02-22 08:10:46,946, INFO - proxy settings: {}
2026-02-22 08:10:46,947, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-22 08:10:47,022, INFO - MDE is installed
2026-02-22 08:10:47,022, INFO - Wait for MDE service to be available
2026-02-22 08:10:47,957, INFO - MDE is onboarded
2026-02-22 08:10:48,269, INFO - MDC tags in MDE are valid
2026-02-22 08:10:48,270, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-02-23T08:11:15.366080Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_2085820318582440572]
2026-02-23T08:11:15.368760Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: enabled
2026-02-23T08:11:15.369051Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 17.settings
2026-02-23T08:11:15.371603Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-02-23T08:11:15.372349Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-23T08:11:15.373158Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "17", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-23T08:11:17.387251Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-23 08:11:15,771, INFO - Start executing handler action: enable
2026-02-23 08:11:15,774, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status/17.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-23 08:11:15,819, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-23 08:11:15,845, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-23 08:11:15,846, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-23 08:11:15,846, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-23 08:11:15,846, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-23 08:11:15,855, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-23 08:11:16,066, INFO - Start executing installer wrapper
2026-02-23 08:11:16,067, INFO - proxy settings: {}
2026-02-23 08:11:16,067, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-23 08:11:16,144, INFO - MDE is installed
2026-02-23 08:11:16,145, INFO - Wait for MDE service to be available
2026-02-23 08:11:17,165, INFO - MDE is onboarded
2026-02-23T11:43:26.279199Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_17552774785109047652]
2026-02-23T11:43:26.281305Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: enabled
2026-02-23T11:43:26.281539Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 18.settings
2026-02-23T11:43:26.282234Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-02-23T11:43:26.282654Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-23T11:43:26.283870Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "18", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-23T11:43:28.297406Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-23 11:43:26,546, INFO - Start executing handler action: enable
2026-02-23 11:43:26,548, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status/18.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-23 11:43:26,583, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-23 11:43:26,608, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-23 11:43:26,609, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-23 11:43:26,609, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-23 11:43:26,609, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-23 11:43:26,614, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-23 11:43:26,798, INFO - Start executing installer wrapper
2026-02-23 11:43:26,798, INFO - proxy settings: {}
2026-02-23 11:43:26,798, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-23 11:43:26,870, INFO - MDE is installed
2026-02-23 11:43:26,870, INFO - Wait for MDE service to be available
2026-02-23 11:43:27,556, INFO - MDE is onboarded
2026-02-23 11:43:27,868, INFO - MDC tags in MDE are valid
2026-02-23 11:43:27,868, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-02-24T08:06:27.696819Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_1102832931989481387]
2026-02-24T08:06:27.702171Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: enabled
2026-02-24T08:06:27.702384Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 18.settings
2026-02-24T08:06:27.703049Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-02-24T08:06:27.703482Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-24T08:06:27.704479Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "18", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-24T08:06:29.725623Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-24 08:06:28,152, INFO - Start executing handler action: enable
2026-02-24 08:06:28,155, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status/18.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-24 08:06:28,200, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-24 08:06:28,226, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-24 08:06:28,227, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-24 08:06:28,227, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-24 08:06:28,227, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-24 08:06:28,232, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-24 08:06:28,427, INFO - Start executing installer wrapper
2026-02-24 08:06:28,430, INFO - proxy settings: {}
2026-02-24 08:06:28,430, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-24 08:06:28,521, INFO - MDE is installed
2026-02-24 08:06:28,521, INFO - Wait for MDE service to be available
2026-02-25T08:04:16.597545Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_11839090923193698089]
2026-02-25T08:04:16.600555Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: enabled
2026-02-25T08:04:16.600895Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 18.settings
2026-02-25T08:04:16.601471Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-02-25T08:04:16.602125Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-25T08:04:16.607791Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "18", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-25T08:04:18.618428Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-25 08:04:16,947, INFO - Start executing handler action: enable
2026-02-25 08:04:16,950, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status/18.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-25 08:04:16,984, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-25 08:04:17,009, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-25 08:04:17,009, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-25 08:04:17,009, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-25 08:04:17,009, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-25 08:04:17,017, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-25 08:04:17,189, INFO - Start executing installer wrapper
2026-02-25 08:04:17,192, INFO - proxy settings: {}
2026-02-25 08:04:17,192, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-25 08:04:17,269, INFO - MDE is installed
2026-02-25 08:04:17,269, INFO - Wait for MDE service to be available
2026-02-25 08:04:18,080, INFO - MDE is onboarded
2026-02-25 08:04:18,471, INFO - MDC tags in MDE are valid
2026-02-25 08:04:18,472, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-02-25T11:20:08.394422Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_5671866828358679773]
2026-02-25T11:20:08.396415Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: enabled
2026-02-25T11:20:08.396692Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 18.settings
2026-02-25T11:20:08.397339Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-02-25T11:20:08.397750Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-25T11:20:08.398585Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "18", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-25T11:20:10.410447Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-25 11:20:08,598, INFO - Start executing handler action: enable
2026-02-25 11:20:08,599, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status/18.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-25 11:20:08,632, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-25 11:20:08,657, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-25 11:20:08,657, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-25 11:20:08,657, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-25 11:20:08,658, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-25 11:20:08,662, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-25 11:20:08,856, INFO - Start executing installer wrapper
2026-02-25 11:20:08,856, INFO - proxy settings: {}
2026-02-25 11:20:08,856, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-25 11:20:08,928, INFO - MDE is installed
2026-02-25 11:20:08,928, INFO - Wait for MDE service to be available
2026-02-25 11:20:09,672, INFO - MDE is onboarded
2026-02-25 11:20:10,085, INFO - MDC tags in MDE are valid
2026-02-25 11:20:10,086, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-02-26T08:04:27.792609Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_18036723309543270050]
2026-02-26T08:04:27.795174Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: enabled
2026-02-26T08:04:27.795462Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 18.settings
2026-02-26T08:04:27.796841Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-02-26T08:04:27.797271Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-26T09:55:16.744619Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_35102849335657065]
2026-02-26T09:55:16.748288Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: enabled
2026-02-26T09:55:16.748538Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 18.settings
2026-02-26T09:55:16.749352Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-02-26T09:55:16.750411Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-26T12:10:32.346836Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_10453284069300457004]
2026-02-26T12:10:32.348051Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: enabled
2026-02-26T12:10:32.348296Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 18.settings
2026-02-26T12:10:32.348969Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-02-26T12:10:32.349538Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-26T12:10:32.351255Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "18", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-26T12:10:34.361410Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-26 12:10:32,625, INFO - Start executing handler action: enable
2026-02-26 12:10:32,629, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status/18.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-26 12:10:32,665, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-26 12:10:32,690, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-26 12:10:32,691, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-26 12:10:32,691, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-26 12:10:32,691, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-26 12:10:32,696, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-26 12:10:32,884, INFO - Start executing installer wrapper
2026-02-26 12:10:32,886, INFO - proxy settings: {}
2026-02-26 12:10:32,886, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-26 12:10:32,962, INFO - MDE is installed
2026-02-26 12:10:32,962, INFO - Wait for MDE service to be available
2026-02-26 12:10:33,867, INFO - MDE is onboarded
2026-02-26 12:10:34,169, INFO - Start to run the tags set command: src/mde_installer.latest.sh --debug --tag SecurityWorkspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --tag AzureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-02-27T08:03:20.634344Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_1749632971995205193]
2026-02-27T08:03:20.635975Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: enabled
2026-02-27T08:03:20.636313Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 18.settings
2026-02-27T08:03:20.636960Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-02-27T08:03:20.637710Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-27T08:03:20.638432Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "18", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-27T08:03:22.646487Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-27 08:03:20,809, INFO - Start executing handler action: enable
2026-02-27 08:03:20,810, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status/18.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-27 08:03:20,836, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-27 08:03:20,859, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-27 08:03:20,860, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-27 08:03:20,860, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-27 08:03:20,860, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-27 08:03:20,864, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-27 08:03:21,051, INFO - Start executing installer wrapper
2026-02-27 08:03:21,052, INFO - proxy settings: {}
2026-02-27 08:03:21,052, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-27 08:03:21,124, INFO - MDE is installed
2026-02-27 08:03:21,124, INFO - Wait for MDE service to be available
2026-02-27 08:03:21,578, INFO - MDE is onboarded
2026-02-27 08:03:21,787, INFO - MDC tags in MDE are valid
2026-02-27 08:03:21,787, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-02-28T08:02:32.294216Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_6473810004534638995]
2026-02-28T08:02:32.297168Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: enabled
2026-02-28T08:02:32.297389Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 18.settings
2026-02-28T08:02:32.298813Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-02-28T08:02:32.299292Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-02-28T08:02:32.300326Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "18", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-02-28T08:02:34.308820Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-28 08:02:32,480, INFO - Start executing handler action: enable
2026-02-28 08:02:32,481, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status/18.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-02-28 08:02:32,508, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-02-28 08:02:32,538, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-02-28 08:02:32,539, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-02-28 08:02:32,539, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-02-28 08:02:32,539, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-02-28 08:02:32,545, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-02-28 08:02:32,717, INFO - Start executing installer wrapper
2026-02-28 08:02:32,718, INFO - proxy settings: {}
2026-02-28 08:02:32,718, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-02-28 08:02:32,793, INFO - MDE is installed
2026-02-28 08:02:32,793, INFO - Wait for MDE service to be available
2026-02-28 08:02:33,174, INFO - MDE is onboarded
2026-02-28 08:02:33,387, INFO - MDC tags in MDE are valid
2026-02-28 08:02:33,387, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-03-01T08:11:15.265508Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_10703583714558365682]
2026-03-01T08:11:15.267794Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: enabled
2026-03-01T08:11:15.268002Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 18.settings
2026-03-01T08:11:15.269501Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-03-01T08:11:15.270067Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-01T08:11:15.270931Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "18", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-01T08:11:17.280975Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-01 08:11:15,466, INFO - Start executing handler action: enable
2026-03-01 08:11:15,468, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status/18.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-01 08:11:15,499, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-01 08:11:15,525, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-01 08:11:15,525, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-01 08:11:15,525, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-01 08:11:15,525, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-01 08:11:15,531, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-01 08:11:15,728, INFO - Start executing installer wrapper
2026-03-01 08:11:15,728, INFO - proxy settings: {}
2026-03-01 08:11:15,728, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-01 08:11:15,804, INFO - MDE is installed
2026-03-01 08:11:15,804, INFO - Wait for MDE service to be available
2026-03-01 08:11:16,273, INFO - MDE is onboarded
2026-03-01 08:11:16,485, INFO - MDC tags in MDE are valid
2026-03-01 08:11:16,486, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-03-02T08:11:13.630813Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Target handler state: enabled [etag_6625614847171587628]
2026-03-02T08:11:13.632587Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] [Enable] current handler state is: enabled
2026-03-02T08:11:13.632875Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Update settings file: 18.settings
2026-03-02T08:11:13.633571Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Requested extension state: enabled
2026-03-02T08:11:13.634082Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-02T08:11:13.634905Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "18", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-02T08:11:15.643995Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-02 08:11:13,828, INFO - Start executing handler action: enable
2026-03-02 08:11:13,829, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status/18.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-02 08:11:13,857, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-02 08:11:13,884, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-02 08:11:13,884, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-02 08:11:13,885, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-02 08:11:13,885, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-02 08:11:13,890, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-02 08:11:14,087, INFO - Start executing installer wrapper
2026-03-02 08:11:14,088, INFO - proxy settings: {}
2026-03-02 08:11:14,088, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-02 08:11:14,163, INFO - MDE is installed
2026-03-02 08:11:14,163, INFO - Wait for MDE service to be available
2026-03-02 08:11:14,767, INFO - MDE is onboarded
2026-03-02 08:11:14,986, INFO - MDC tags in MDE are valid
2026-03-02 08:11:14,986, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-03-02T17:24:42.473894Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Target handler state: enabled [etag_15182229578811892427]
2026-03-02T17:24:42.476021Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] [Enable] current handler state is: notinstalled
2026-03-02T17:24:42.678649Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Initializing extension Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0
2026-03-02T17:24:42.693980Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Update settings file: 19.settings
2026-03-02T17:24:42.695273Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Disable extension: [PythonRunner.sh src/MdeExtensionHandler.py disable]
2026-03-02T17:24:42.696213Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py disable with environment variables: {"AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "19", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-02T17:24:44.705358Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py disable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-02 17:24:42,896, INFO - Start executing handler action: disable
2026-03-02 17:24:42,897, ERROR - Microsoft Defender for Endpoint offboarding is not supported
2026-03-02 17:24:42,897, INFO - End executing handler action: disable
2026-03-02T17:24:44.708078Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Copy status files from old plugin to new
2026-03-02T17:24:44.730470Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Update extension [PythonRunner.sh src/MdeExtensionHandler.py update]
2026-03-02T17:24:44.731490Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py update with environment variables: {"AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_DISABLE_CMD_EXIT_CODE": "0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "AZURE_GUEST_AGENT_UPDATING_FROM_VERSION": "1.0.9.2", "ConfigSequenceNumber": "19", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-02T17:24:46.741188Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py update
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-02 17:24:45,120, INFO - Start executing handler action: update
2026-03-02 17:24:45,122, WARNING - No operation for action: update
2026-03-02 17:24:45,122, INFO - End executing handler action: update
2026-03-02T17:24:46.743456Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Uninstall extension [PythonRunner.sh src/MdeExtensionHandler.py uninstall]
2026-03-02T17:24:46.747136Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/PythonRunner.sh src/MdeExtensionHandler.py uninstall with environment variables: {"AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.9.2", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2", "ConfigSequenceNumber": "19", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-02T17:24:48.754986Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Command: PythonRunner.sh src/MdeExtensionHandler.py uninstall
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-02 17:24:46,912, INFO - Start executing handler action: uninstall
2026-03-02 17:24:46,912, ERROR - Microsoft Defender for Endpoint offboarding is not supported
2026-03-02 17:24:46,912, INFO - End executing handler action: uninstall
2026-03-02T17:24:48.757042Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Remove extension handler directory: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2
2026-03-02T17:24:48.848225Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2] Remove the extension slice: Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.9.2
2026-03-02T17:24:48.849066Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Install extension [PythonRunner.sh src/MdeExtensionHandler.py install]
2026-03-02T17:24:48.850226Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py install with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "0", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "19", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-02T17:24:50.860066Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py install
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-02 17:24:49,016, INFO - Start executing handler action: install
2026-03-02 17:24:49,016, INFO - MDE installation will occur in 'enable'
2026-03-02 17:24:49,016, INFO - End executing handler action: install
2026-03-02T17:24:50.863835Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Requested extension state: enabled
2026-03-02T17:24:50.864499Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-02T17:24:50.865583Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "0", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "19", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-02T17:24:52.874089Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
b/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-02 17:24:51,033, INFO - Start executing handler action: enable
2026-03-02 17:24:51,034, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status/19.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-02 17:24:51,061, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-02 17:24:51,088, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-02 17:24:51,088, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-02 17:24:51,088, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-02 17:24:51,088, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-02 17:24:51,094, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-02 17:24:51,297, INFO - Start executing installer wrapper
2026-03-02 17:24:51,297, INFO - scrubbed proxy settings: {}
2026-03-02 17:24:51,297, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-02 17:24:51,369, INFO - MDE is installed
2026-03-02 17:24:51,369, INFO - Wait for MDE service to be available
2026-03-02 17:24:51,968, INFO - MDE is onboarded
2026-03-02 17:24:52,180, INFO - MDC tags in MDE are valid
2026-03-02 17:24:52,181, INFO - Start to run the update command: --proxy <<PII>>s--proxy <<PII>>r--proxy <<PII>>c--proxy <<PII>>/--proxy <<PII>>m--proxy <<PII>>d--proxy <<PII>>e--proxy <<PII>>_--proxy <<PII>>i--proxy <<PII>>n--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>a--proxy <<PII>>l--proxy <<PII>>l--proxy <<PII>>e--proxy <<PII>>r--proxy <<PII>>.--proxy <<PII>>l--proxy <<PII>>a--proxy <<PII>>t--proxy <<PII>>e--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>.--proxy <<PII>>s-
2026-03-03T08:07:38.759563Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Target handler state: enabled [etag_12288541748708561981]
2026-03-03T08:07:38.760825Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] [Enable] current handler state is: enabled
2026-03-03T08:07:38.761075Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Update settings file: 19.settings
2026-03-03T08:07:38.761703Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Requested extension state: enabled
2026-03-03T08:07:38.762141Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-03T08:07:38.762879Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "19", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-03T08:07:40.773356Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
b/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-03 08:07:38,941, INFO - Start executing handler action: enable
2026-03-03 08:07:38,942, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status/19.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-03 08:07:38,975, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-03 08:07:38,999, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-03 08:07:38,999, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-03 08:07:39,000, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-03 08:07:39,000, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-03 08:07:39,007, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-03 08:07:39,182, INFO - Start executing installer wrapper
2026-03-03 08:07:39,182, INFO - scrubbed proxy settings: {}
2026-03-03 08:07:39,182, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-03 08:07:39,253, INFO - MDE is installed
2026-03-03 08:07:39,253, INFO - Wait for MDE service to be available
2026-03-03 08:07:39,766, INFO - MDE is onboarded
2026-03-03 08:07:39,983, INFO - MDC tags in MDE are valid
2026-03-03 08:07:39,983, INFO - Start to run the update command: --proxy <<PII>>s--proxy <<PII>>r--proxy <<PII>>c--proxy <<PII>>/--proxy <<PII>>m--proxy <<PII>>d--proxy <<PII>>e--proxy <<PII>>_--proxy <<PII>>i--proxy <<PII>>n--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>a--proxy <<PII>>l--proxy <<PII>>l--proxy <<PII>>e--proxy <<PII>>r--proxy <<PII>>.--proxy <<PII>>l--proxy <<PII>>a--proxy <<PII>>t--proxy <<PII>>e--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>.--proxy <<PII>>s-
2026-03-04T08:06:25.026117Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Target handler state: enabled [etag_7177367912022105623]
2026-03-04T08:06:25.028096Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] [Enable] current handler state is: enabled
2026-03-04T08:06:25.028359Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Update settings file: 19.settings
2026-03-04T08:06:25.029070Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Requested extension state: enabled
2026-03-04T08:06:25.029606Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-04T08:06:25.030595Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "19", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-04T08:06:27.041324Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
b/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-04 08:06:25,219, INFO - Start executing handler action: enable
2026-03-04 08:06:25,220, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status/19.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-04 08:06:25,249, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-04 08:06:25,275, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-04 08:06:25,275, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-04 08:06:25,275, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-04 08:06:25,275, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-04 08:06:25,281, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-04 08:06:25,456, INFO - Start executing installer wrapper
2026-03-04 08:06:25,457, INFO - scrubbed proxy settings: {}
2026-03-04 08:06:25,457, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-04 08:06:25,533, INFO - MDE is installed
2026-03-04 08:06:25,533, INFO - Wait for MDE service to be available
2026-03-04 08:06:26,082, INFO - MDE is onboarded
2026-03-04 08:06:26,372, INFO - MDC tags in MDE are valid
2026-03-04 08:06:26,373, INFO - Start to run the update command: --proxy <<PII>>s--proxy <<PII>>r--proxy <<PII>>c--proxy <<PII>>/--proxy <<PII>>m--proxy <<PII>>d--proxy <<PII>>e--proxy <<PII>>_--proxy <<PII>>i--proxy <<PII>>n--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>a--proxy <<PII>>l--proxy <<PII>>l--proxy <<PII>>e--proxy <<PII>>r--proxy <<PII>>.--proxy <<PII>>l--proxy <<PII>>a--proxy <<PII>>t--proxy <<PII>>e--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>.--proxy <<PII>>s-
2026-03-05T08:11:51.449847Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Target handler state: enabled [etag_1090926821912142351]
2026-03-05T08:11:51.451928Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] [Enable] current handler state is: enabled
2026-03-05T08:11:51.452197Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Update settings file: 19.settings
2026-03-05T08:11:51.452900Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Requested extension state: enabled
2026-03-05T08:11:51.453412Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-05T08:11:51.454174Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "19", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-05T08:11:53.463653Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
b/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-05 08:11:51,630, INFO - Start executing handler action: enable
2026-03-05 08:11:51,631, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status/19.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-05 08:11:51,653, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-05 08:11:51,678, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-05 08:11:51,678, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-05 08:11:51,679, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-05 08:11:51,679, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-05 08:11:51,683, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-05 08:11:51,851, INFO - Start executing installer wrapper
2026-03-05 08:11:51,851, INFO - scrubbed proxy settings: {}
2026-03-05 08:11:51,851, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-05 08:11:51,924, INFO - MDE is installed
2026-03-05 08:11:51,924, INFO - Wait for MDE service to be available
2026-03-05 08:11:52,479, INFO - MDE is onboarded
2026-03-05 08:11:52,766, INFO - MDC tags in MDE are valid
2026-03-05 08:11:52,767, INFO - Start to run the update command: --proxy <<PII>>s--proxy <<PII>>r--proxy <<PII>>c--proxy <<PII>>/--proxy <<PII>>m--proxy <<PII>>d--proxy <<PII>>e--proxy <<PII>>_--proxy <<PII>>i--proxy <<PII>>n--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>a--proxy <<PII>>l--proxy <<PII>>l--proxy <<PII>>e--proxy <<PII>>r--proxy <<PII>>.--proxy <<PII>>l--proxy <<PII>>a--proxy <<PII>>t--proxy <<PII>>e--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>.--proxy <<PII>>s-
2026-03-05T13:14:59.170038Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Target handler state: enabled [etag_8272206465290219201]
2026-03-05T13:14:59.171706Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] [Enable] current handler state is: enabled
2026-03-05T13:14:59.171955Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Update settings file: 19.settings
2026-03-05T13:14:59.172597Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Requested extension state: enabled
2026-03-05T13:14:59.173317Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-05T13:14:59.174290Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "19", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-05T13:15:01.183488Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
b/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-05 13:14:59,370, INFO - Start executing handler action: enable
2026-03-05 13:14:59,371, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status/19.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-05 13:14:59,397, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-05 13:14:59,424, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-05 13:14:59,424, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-05 13:14:59,425, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-05 13:14:59,425, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-05 13:14:59,429, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-05 13:14:59,611, INFO - Start executing installer wrapper
2026-03-05 13:14:59,612, INFO - scrubbed proxy settings: {}
2026-03-05 13:14:59,612, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-05 13:14:59,688, INFO - MDE is installed
2026-03-05 13:14:59,688, INFO - Wait for MDE service to be available
2026-03-05 13:15:00,186, INFO - MDE is onboarded
2026-03-05 13:15:00,465, INFO - MDC tags in MDE are valid
2026-03-05 13:15:00,466, INFO - Start to run the update command: --proxy <<PII>>s--proxy <<PII>>r--proxy <<PII>>c--proxy <<PII>>/--proxy <<PII>>m--proxy <<PII>>d--proxy <<PII>>e--proxy <<PII>>_--proxy <<PII>>i--proxy <<PII>>n--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>a--proxy <<PII>>l--proxy <<PII>>l--proxy <<PII>>e--proxy <<PII>>r--proxy <<PII>>.--proxy <<PII>>l--proxy <<PII>>a--proxy <<PII>>t--proxy <<PII>>e--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>.--proxy <<PII>>s-
2026-03-05T13:16:31.333729Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Target handler state: enabled [etag_8272206465290219201]
2026-03-05T13:16:31.341097Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] [Enable] current handler state is: enabled
2026-03-05T13:16:31.341299Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Update settings file: 19.settings
2026-03-05T13:16:31.346175Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Requested extension state: enabled
2026-03-05T13:16:31.355548Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-05T13:16:31.356381Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "19", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-05T13:16:33.371701Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-05 13:16:32,121, INFO - Start executing handler action: enable
2026-03-05 13:16:32,127, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status/19.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-05 13:16:32,174, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-05 13:16:32,208, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-05 13:16:32,208, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-05 13:16:32,208, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-05 13:16:32,208, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-05 13:16:32,219, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-05 13:16:33,072, INFO - Start executing installer wrapper
2026-03-05 13:16:33,082, INFO - scrubbed proxy settings: {}
2026-03-05 13:16:33,082, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-05 13:16:33,174, INFO - MDE is installed
2026-03-05 13:16:33,174, INFO - Wait for MDE service to be available
2026-03-05 13:16:33,342, INFO - start parsing onboarding script
2026-03-05 13:16:33,342, INFO - decode onboarding script successfully
2026-03-05 13:16:33,343, INFO - parse onboarding script successfully
2026-03-05 13:16:33,343, INFO - Starting onboarding script...
2026-03-05 13:16:33,343, INFO - Checking if Mde is installed
2026-03-05 13:16:33,344, INFO - Mde is installed: True
2026-03-05 13:16:33,344, INFO - Removing offboarding file if exists
2026-03-06T08:07:54.857552Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Target handler state: enabled [etag_10956775522270434469]
2026-03-06T08:07:54.859713Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] [Enable] current handler state is: enabled
2026-03-06T08:07:54.859955Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Update settings file: 19.settings
2026-03-06T08:07:54.860673Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Requested extension state: enabled
2026-03-06T08:07:54.861152Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-06T08:07:54.861853Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "19", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-06T08:07:56.871753Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
b/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-06 08:07:55,161, INFO - Start executing handler action: enable
2026-03-06 08:07:55,164, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status/19.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-06 08:07:55,200, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-06 08:07:55,227, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-06 08:07:55,227, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-06 08:07:55,227, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-06 08:07:55,228, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-06 08:07:55,232, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-06 08:07:55,415, INFO - Start executing installer wrapper
2026-03-06 08:07:55,417, INFO - scrubbed proxy settings: {}
2026-03-06 08:07:55,417, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-06 08:07:55,493, INFO - MDE is installed
2026-03-06 08:07:55,494, INFO - Wait for MDE service to be available
2026-03-06 08:07:56,180, INFO - MDE is onboarded
2026-03-06 08:07:56,488, INFO - MDC tags in MDE are valid
2026-03-06 08:07:56,489, INFO - Start to run the update command: --proxy <<PII>>s--proxy <<PII>>r--proxy <<PII>>c--proxy <<PII>>/--proxy <<PII>>m--proxy <<PII>>d--proxy <<PII>>e--proxy <<PII>>_--proxy <<PII>>i--proxy <<PII>>n--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>a--proxy <<PII>>l--proxy <<PII>>l--proxy <<PII>>e--proxy <<PII>>r--proxy <<PII>>.--proxy <<PII>>l--proxy <<PII>>a--proxy <<PII>>t--proxy <<PII>>e--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>.--proxy <<PII>>s-
2026-03-07T08:03:31.117020Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Target handler state: enabled [etag_13678874806032505709]
2026-03-07T08:03:31.121590Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] [Enable] current handler state is: enabled
2026-03-07T08:03:31.121808Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Update settings file: 19.settings
2026-03-07T08:03:31.124042Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Requested extension state: enabled
2026-03-07T08:03:31.124939Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-07T08:03:31.125715Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "19", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-07T08:03:33.146256Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
b/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-07 08:03:31,456, INFO - Start executing handler action: enable
2026-03-07 08:03:31,458, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status/19.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-07 08:03:31,489, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-07 08:03:31,512, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-07 08:03:31,512, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-07 08:03:31,513, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-07 08:03:31,513, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-07 08:03:31,517, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-07 08:03:31,690, INFO - Start executing installer wrapper
2026-03-07 08:03:31,692, INFO - scrubbed proxy settings: {}
2026-03-07 08:03:31,692, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-07 08:03:31,766, INFO - MDE is installed
2026-03-07 08:03:31,766, INFO - Wait for MDE service to be available
2026-03-07 08:03:32,435, INFO - MDE is onboarded
2026-03-07 08:03:32,744, INFO - MDC tags in MDE are valid
2026-03-07 08:03:32,745, INFO - Start to run the update command: --proxy <<PII>>s--proxy <<PII>>r--proxy <<PII>>c--proxy <<PII>>/--proxy <<PII>>m--proxy <<PII>>d--proxy <<PII>>e--proxy <<PII>>_--proxy <<PII>>i--proxy <<PII>>n--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>a--proxy <<PII>>l--proxy <<PII>>l--proxy <<PII>>e--proxy <<PII>>r--proxy <<PII>>.--proxy <<PII>>l--proxy <<PII>>a--proxy <<PII>>t--proxy <<PII>>e--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>.--proxy <<PII>>s-
2026-03-08T08:11:20.067610Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Target handler state: enabled [etag_12790994909323184977]
2026-03-08T08:11:20.069840Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] [Enable] current handler state is: enabled
2026-03-08T08:11:20.070050Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Update settings file: 19.settings
2026-03-08T08:11:20.072699Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Requested extension state: enabled
2026-03-08T08:11:20.073348Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-08T08:11:20.074307Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "19", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-08T08:11:22.102153Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
b/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-08 08:11:20,420, INFO - Start executing handler action: enable
2026-03-08 08:11:20,425, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status/19.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-08 08:11:20,486, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-08 08:11:20,521, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-08 08:11:20,522, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-08 08:11:20,522, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-08 08:11:20,522, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-08 08:11:20,531, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-08 08:11:20,739, INFO - Start executing installer wrapper
2026-03-08 08:11:20,741, INFO - scrubbed proxy settings: {}
2026-03-08 08:11:20,741, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-08 08:11:20,813, INFO - MDE is installed
2026-03-08 08:11:20,813, INFO - Wait for MDE service to be available
2026-03-08 08:11:21,682, INFO - MDE is onboarded
2026-03-08 08:11:21,989, INFO - MDC tags in MDE are valid
2026-03-08 08:11:21,989, INFO - Start to run the update command: --proxy <<PII>>s--proxy <<PII>>r--proxy <<PII>>c--proxy <<PII>>/--proxy <<PII>>m--proxy <<PII>>d--proxy <<PII>>e--proxy <<PII>>_--proxy <<PII>>i--proxy <<PII>>n--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>a--proxy <<PII>>l--proxy <<PII>>l--proxy <<PII>>e--proxy <<PII>>r--proxy <<PII>>.--proxy <<PII>>l--proxy <<PII>>a--proxy <<PII>>t--proxy <<PII>>e--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>.--proxy <<PII>>s-
2026-03-09T08:03:32.315623Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Target handler state: enabled [etag_2309106605580525241]
2026-03-09T08:03:32.317914Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] [Enable] current handler state is: enabled
2026-03-09T08:03:32.318305Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Update settings file: 19.settings
2026-03-09T08:03:32.320121Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Requested extension state: enabled
2026-03-09T08:03:32.320578Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-09T08:03:32.321640Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "19", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-09T08:03:34.330233Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
b/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-09 08:03:32,651, INFO - Start executing handler action: enable
2026-03-09 08:03:32,653, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status/19.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-09 08:03:32,697, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-09 08:03:32,723, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-09 08:03:32,723, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-09 08:03:32,723, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-09 08:03:32,723, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-09 08:03:32,731, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-09 08:03:32,923, INFO - Start executing installer wrapper
2026-03-09 08:03:32,925, INFO - scrubbed proxy settings: {}
2026-03-09 08:03:32,925, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-09 08:03:32,998, INFO - MDE is installed
2026-03-09 08:03:32,998, INFO - Wait for MDE service to be available
2026-03-09 08:03:33,810, INFO - MDE is onboarded
2026-03-09 08:03:34,197, INFO - MDC tags in MDE are valid
2026-03-09 08:03:34,197, INFO - Start to run the update command: --proxy <<PII>>s--proxy <<PII>>r--proxy <<PII>>c--proxy <<PII>>/--proxy <<PII>>m--proxy <<PII>>d--proxy <<PII>>e--proxy <<PII>>_--proxy <<PII>>i--proxy <<PII>>n--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>a--proxy <<PII>>l--proxy <<PII>>l--proxy <<PII>>e--proxy <<PII>>r--proxy <<PII>>.--proxy <<PII>>l--proxy <<PII>>a--proxy <<PII>>t--proxy <<PII>>e--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>.--proxy <<PII>>s-
2026-03-09T17:43:26.683981Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Target handler state: enabled [etag_2789665618994915528]
2026-03-09T17:43:26.685908Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] [Enable] current handler state is: enabled
2026-03-09T17:43:26.686125Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Update settings file: 20.settings
2026-03-09T17:43:26.686799Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Requested extension state: enabled
2026-03-09T17:43:26.687194Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-09T17:43:26.687952Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "20", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-09T17:43:28.702311Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-09 17:43:27,119, INFO - Start executing handler action: enable
2026-03-09 17:43:27,121, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status/20.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-09 17:43:27,161, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-09 17:43:27,185, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-09 17:43:27,186, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-09 17:43:27,186, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-09 17:43:27,186, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-09 17:43:27,194, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-09 17:43:27,437, INFO - Start executing installer wrapper
2026-03-09 17:43:27,446, INFO - scrubbed proxy settings: {}
2026-03-09 17:43:27,446, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-09 17:43:27,553, INFO - MDE is installed
2026-03-09 17:43:27,553, INFO - Wait for MDE service to be available
2026-03-09 17:43:28,596, INFO - MDE is onboarded
2026-03-10T08:06:43.188420Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Target handler state: enabled [etag_7665179574869968091]
2026-03-10T08:06:43.191476Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] [Enable] current handler state is: enabled
2026-03-10T08:06:43.191783Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Update settings file: 20.settings
2026-03-10T08:06:43.192556Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Requested extension state: enabled
2026-03-10T08:06:43.192977Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-10T08:06:43.194049Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "20", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-10T08:06:45.201138Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
b/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-10 08:06:43,537, INFO - Start executing handler action: enable
2026-03-10 08:06:43,540, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status/20.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-10 08:06:43,574, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-10 08:06:43,600, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-10 08:06:43,601, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-10 08:06:43,601, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-10 08:06:43,601, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-10 08:06:43,606, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-10 08:06:43,795, INFO - Start executing installer wrapper
2026-03-10 08:06:43,797, INFO - scrubbed proxy settings: {}
2026-03-10 08:06:43,797, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-10 08:06:43,877, INFO - MDE is installed
2026-03-10 08:06:43,877, INFO - Wait for MDE service to be available
2026-03-10 08:06:44,821, INFO - MDE is onboarded
2026-03-10 08:06:45,135, INFO - MDC tags in MDE are valid
2026-03-10 08:06:45,135, INFO - Start to run the update command: --proxy <<PII>>s--proxy <<PII>>r--proxy <<PII>>c--proxy <<PII>>/--proxy <<PII>>m--proxy <<PII>>d--proxy <<PII>>e--proxy <<PII>>_--proxy <<PII>>i--proxy <<PII>>n--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>a--proxy <<PII>>l--proxy <<PII>>l--proxy <<PII>>e--proxy <<PII>>r--proxy <<PII>>.--proxy <<PII>>l--proxy <<PII>>a--proxy <<PII>>t--proxy <<PII>>e--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>.--proxy <<PII>>s-
2026-03-11T08:10:05.124747Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Target handler state: enabled [etag_11047381813154904141]
2026-03-11T08:10:05.128164Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] [Enable] current handler state is: enabled
2026-03-11T08:10:05.128797Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Update settings file: 20.settings
2026-03-11T08:10:05.130384Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Requested extension state: enabled
2026-03-11T08:10:05.131105Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-11T08:10:05.132049Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "20", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-11T08:10:07.141651Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-11 08:10:05,485, INFO - Start executing handler action: enable
2026-03-11 08:10:05,488, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status/20.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-11 08:10:05,524, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-11 08:10:05,550, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-11 08:10:05,550, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-11 08:10:05,551, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-11 08:10:05,551, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-11 08:10:05,555, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-11 08:10:05,746, INFO - Start executing installer wrapper
2026-03-11 08:10:05,747, INFO - scrubbed proxy settings: {}
2026-03-11 08:10:05,747, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-11 08:10:05,821, INFO - MDE is installed
2026-03-11 08:10:05,821, INFO - Wait for MDE service to be available
2026-03-11 08:10:06,939, INFO - MDE is onboarded
2026-03-12T08:05:26.950468Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Target handler state: enabled [etag_10826170308446551100]
2026-03-12T08:05:26.952916Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] [Enable] current handler state is: enabled
2026-03-12T08:05:26.953142Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Update settings file: 20.settings
2026-03-12T08:05:26.954409Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Requested extension state: enabled
2026-03-12T08:05:26.954840Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-12T08:05:26.955591Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "20", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-12T08:05:28.964770Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-12 08:05:27,277, INFO - Start executing handler action: enable
2026-03-12 08:05:27,280, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status/20.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-12 08:05:27,319, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-12 08:05:27,344, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-12 08:05:27,344, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-12 08:05:27,345, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-12 08:05:27,345, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-12 08:05:27,349, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-12 08:05:27,530, INFO - Start executing installer wrapper
2026-03-12 08:05:27,534, INFO - scrubbed proxy settings: {}
2026-03-12 08:05:27,534, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-12 08:05:27,609, INFO - MDE is installed
2026-03-12 08:05:27,609, INFO - Wait for MDE service to be available
2026-03-12 08:05:28,693, INFO - MDE is onboarded
2026-03-13T08:11:06.727242Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Target handler state: enabled [etag_14327512083793680176]
2026-03-13T08:11:06.730943Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] [Enable] current handler state is: enabled
2026-03-13T08:11:06.731278Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Update settings file: 20.settings
2026-03-13T08:11:06.732747Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Requested extension state: enabled
2026-03-13T08:11:06.733230Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-13T08:11:06.734024Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "20", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-13T08:11:08.742550Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-13 08:11:07,167, INFO - Start executing handler action: enable
2026-03-13 08:11:07,173, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status/20.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-13 08:11:07,216, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-13 08:11:07,244, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-13 08:11:07,245, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-13 08:11:07,245, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-13 08:11:07,245, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-13 08:11:07,250, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-13 08:11:07,439, INFO - Start executing installer wrapper
2026-03-13 08:11:07,441, INFO - scrubbed proxy settings: {}
2026-03-13 08:11:07,441, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-13 08:11:07,514, INFO - MDE is installed
2026-03-13 08:11:07,515, INFO - Wait for MDE service to be available
2026-03-13 08:11:08,571, INFO - MDE is onboarded
2026-03-14T08:11:08.477797Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Target handler state: enabled [etag_4802733506571440211]
2026-03-14T08:11:08.480019Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] [Enable] current handler state is: enabled
2026-03-14T08:11:08.481011Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Update settings file: 20.settings
2026-03-14T08:11:08.482746Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Requested extension state: enabled
2026-03-14T08:11:08.483462Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-14T08:11:08.485257Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "20", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-14T08:11:10.492938Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
b/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-14 08:11:08,847, INFO - Start executing handler action: enable
2026-03-14 08:11:08,850, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status/20.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-14 08:11:08,885, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-14 08:11:08,914, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-14 08:11:08,915, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-14 08:11:08,915, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-14 08:11:08,915, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-14 08:11:08,919, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-14 08:11:09,105, INFO - Start executing installer wrapper
2026-03-14 08:11:09,107, INFO - scrubbed proxy settings: {}
2026-03-14 08:11:09,107, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-14 08:11:09,184, INFO - MDE is installed
2026-03-14 08:11:09,184, INFO - Wait for MDE service to be available
2026-03-14 08:11:09,810, INFO - MDE is onboarded
2026-03-14 08:11:10,215, INFO - MDC tags in MDE are valid
2026-03-14 08:11:10,216, INFO - Start to run the update command: --proxy <<PII>>s--proxy <<PII>>r--proxy <<PII>>c--proxy <<PII>>/--proxy <<PII>>m--proxy <<PII>>d--proxy <<PII>>e--proxy <<PII>>_--proxy <<PII>>i--proxy <<PII>>n--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>a--proxy <<PII>>l--proxy <<PII>>l--proxy <<PII>>e--proxy <<PII>>r--proxy <<PII>>.--proxy <<PII>>l--proxy <<PII>>a--proxy <<PII>>t--proxy <<PII>>e--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>.--proxy <<PII>>s-
2026-03-15T08:09:36.406772Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Target handler state: enabled [etag_9303202126916132568]
2026-03-15T08:09:36.410086Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] [Enable] current handler state is: enabled
2026-03-15T08:09:36.411027Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Update settings file: 20.settings
2026-03-15T08:09:36.413020Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Requested extension state: enabled
2026-03-15T08:09:36.413498Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-15T08:09:36.415084Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "20", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-15T08:09:38.428349Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-15 08:09:36,781, INFO - Start executing handler action: enable
2026-03-15 08:09:36,784, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status/20.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-15 08:09:36,822, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-15 08:09:36,853, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-15 08:09:36,853, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-15 08:09:36,854, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-15 08:09:36,854, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-15 08:09:36,858, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-15 08:09:37,046, INFO - Start executing installer wrapper
2026-03-15 08:09:37,049, INFO - scrubbed proxy settings: {}
2026-03-15 08:09:37,049, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-15 08:09:37,126, INFO - MDE is installed
2026-03-15 08:09:37,126, INFO - Wait for MDE service to be available
2026-03-15 08:09:38,056, INFO - MDE is onboarded
2026-03-16T08:03:44.042737Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Target handler state: enabled [etag_18082543315705381191]
2026-03-16T08:03:44.052825Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] [Enable] current handler state is: enabled
2026-03-16T08:03:44.053024Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Update settings file: 20.settings
2026-03-16T08:03:44.057992Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Requested extension state: enabled
2026-03-16T08:03:44.058541Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-16T08:03:44.059706Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "20", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-16T08:03:46.078353Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
b/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-16 08:03:44,482, INFO - Start executing handler action: enable
2026-03-16 08:03:44,485, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status/20.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-16 08:03:44,535, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-16 08:03:44,565, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-16 08:03:44,565, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-16 08:03:44,565, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-16 08:03:44,566, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-16 08:03:44,572, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-16 08:03:44,797, INFO - Start executing installer wrapper
2026-03-16 08:03:44,799, INFO - scrubbed proxy settings: {}
2026-03-16 08:03:44,799, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-16 08:03:44,875, INFO - MDE is installed
2026-03-16 08:03:44,875, INFO - Wait for MDE service to be available
2026-03-16 08:03:45,522, INFO - MDE is onboarded
2026-03-16 08:03:45,831, INFO - MDC tags in MDE are valid
2026-03-16 08:03:45,831, INFO - Start to run the update command: --proxy <<PII>>s--proxy <<PII>>r--proxy <<PII>>c--proxy <<PII>>/--proxy <<PII>>m--proxy <<PII>>d--proxy <<PII>>e--proxy <<PII>>_--proxy <<PII>>i--proxy <<PII>>n--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>a--proxy <<PII>>l--proxy <<PII>>l--proxy <<PII>>e--proxy <<PII>>r--proxy <<PII>>.--proxy <<PII>>l--proxy <<PII>>a--proxy <<PII>>t--proxy <<PII>>e--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>.--proxy <<PII>>s-
2026-03-16T23:43:04.958092Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Target handler state: enabled [etag_16304888391438314479]
2026-03-16T23:43:04.960085Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] [Enable] current handler state is: enabled
2026-03-16T23:43:04.960309Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Update settings file: 21.settings
2026-03-16T23:43:04.961323Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Requested extension state: enabled
2026-03-16T23:43:04.961948Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-16T23:43:04.962781Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "21", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-16T23:43:06.980334Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-16 23:43:05,413, INFO - Start executing handler action: enable
2026-03-16 23:43:05,415, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status/21.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-16 23:43:05,468, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-16 23:43:05,493, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-16 23:43:05,493, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-16 23:43:05,493, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-16 23:43:05,494, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-16 23:43:05,500, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-16 23:43:05,734, INFO - Start executing installer wrapper
2026-03-16 23:43:05,741, INFO - scrubbed proxy settings: {}
2026-03-16 23:43:05,741, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-16 23:43:05,829, INFO - MDE is installed
2026-03-16 23:43:05,829, INFO - Wait for MDE service to be available
2026-03-17T08:07:48.960467Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Target handler state: enabled [etag_385329283548139632]
2026-03-17T08:07:48.962657Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] [Enable] current handler state is: enabled
2026-03-17T08:07:48.962992Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Update settings file: 21.settings
2026-03-17T08:07:48.963581Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Requested extension state: enabled
2026-03-17T08:07:48.964148Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-17T08:07:48.965074Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "21", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-17T08:07:50.974396Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-17 08:07:49,303, INFO - Start executing handler action: enable
2026-03-17 08:07:49,305, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status/21.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-17 08:07:49,339, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-17 08:07:49,367, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-17 08:07:49,368, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-17 08:07:49,368, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-17 08:07:49,368, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-17 08:07:49,372, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-17 08:07:49,546, INFO - Start executing installer wrapper
2026-03-17 08:07:49,548, INFO - scrubbed proxy settings: {}
2026-03-17 08:07:49,548, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-17 08:07:49,624, INFO - MDE is installed
2026-03-17 08:07:49,624, INFO - Wait for MDE service to be available
2026-03-17 08:07:50,861, INFO - MDE is onboarded
2026-03-18T08:08:37.702801Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Target handler state: enabled [etag_5955643508661222897]
2026-03-18T08:08:37.704612Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] [Enable] current handler state is: enabled
2026-03-18T08:08:37.704825Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Update settings file: 21.settings
2026-03-18T08:08:37.705482Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Requested extension state: enabled
2026-03-18T08:08:37.706084Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-18T08:08:37.707150Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "21", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-18T08:08:39.723795Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-18 08:08:38,081, INFO - Start executing handler action: enable
2026-03-18 08:08:38,088, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status/21.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-18 08:08:38,129, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-18 08:08:38,162, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-18 08:08:38,162, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-18 08:08:38,162, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-18 08:08:38,163, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-18 08:08:38,174, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-18 08:08:38,476, INFO - Start executing installer wrapper
2026-03-18 08:08:38,486, INFO - scrubbed proxy settings: {}
2026-03-18 08:08:38,486, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-18 08:08:38,610, INFO - MDE is installed
2026-03-18 08:08:38,610, INFO - Wait for MDE service to be available
2026-03-18 08:08:39,391, INFO - MDE is onboarded
2026-03-19T08:02:53.087653Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Target handler state: enabled [etag_15118028176315937639]
2026-03-19T08:02:53.090361Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] [Enable] current handler state is: enabled
2026-03-19T08:02:53.091224Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Update settings file: 21.settings
2026-03-19T08:02:53.091838Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Requested extension state: enabled
2026-03-19T08:02:53.092422Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-19T08:02:53.093360Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "21", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-19T08:02:55.102598Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
b/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-19 08:02:53,430, INFO - Start executing handler action: enable
2026-03-19 08:02:53,432, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status/21.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-19 08:02:53,482, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-19 08:02:53,508, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-19 08:02:53,508, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-19 08:02:53,508, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-19 08:02:53,509, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-19 08:02:53,513, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-19 08:02:53,703, INFO - Start executing installer wrapper
2026-03-19 08:02:53,705, INFO - scrubbed proxy settings: {}
2026-03-19 08:02:53,705, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-19 08:02:53,780, INFO - MDE is installed
2026-03-19 08:02:53,780, INFO - Wait for MDE service to be available
2026-03-19 08:02:54,472, INFO - MDE is onboarded
2026-03-19 08:02:54,855, INFO - MDC tags in MDE are valid
2026-03-19 08:02:54,855, INFO - Start to run the update command: --proxy <<PII>>s--proxy <<PII>>r--proxy <<PII>>c--proxy <<PII>>/--proxy <<PII>>m--proxy <<PII>>d--proxy <<PII>>e--proxy <<PII>>_--proxy <<PII>>i--proxy <<PII>>n--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>a--proxy <<PII>>l--proxy <<PII>>l--proxy <<PII>>e--proxy <<PII>>r--proxy <<PII>>.--proxy <<PII>>l--proxy <<PII>>a--proxy <<PII>>t--proxy <<PII>>e--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>.--proxy <<PII>>s-
2026-03-20T08:07:18.051990Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Target handler state: enabled [etag_5103535812165125107]
2026-03-20T08:07:18.056114Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] [Enable] current handler state is: enabled
2026-03-20T08:07:18.056340Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Update settings file: 21.settings
2026-03-20T08:07:18.057128Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Requested extension state: enabled
2026-03-20T08:07:18.057590Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-20T08:07:18.058403Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "21", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-20T08:07:20.067729Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
b/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-20 08:07:18,349, INFO - Start executing handler action: enable
2026-03-20 08:07:18,351, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status/21.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-20 08:07:18,386, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-20 08:07:18,416, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-20 08:07:18,416, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-20 08:07:18,416, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-20 08:07:18,417, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-20 08:07:18,422, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-20 08:07:18,617, INFO - Start executing installer wrapper
2026-03-20 08:07:18,618, INFO - scrubbed proxy settings: {}
2026-03-20 08:07:18,619, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-20 08:07:18,695, INFO - MDE is installed
2026-03-20 08:07:18,695, INFO - Wait for MDE service to be available
2026-03-20 08:07:19,358, INFO - MDE is onboarded
2026-03-20 08:07:19,666, INFO - MDC tags in MDE are valid
2026-03-20 08:07:19,666, INFO - Start to run the update command: --proxy <<PII>>s--proxy <<PII>>r--proxy <<PII>>c--proxy <<PII>>/--proxy <<PII>>m--proxy <<PII>>d--proxy <<PII>>e--proxy <<PII>>_--proxy <<PII>>i--proxy <<PII>>n--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>a--proxy <<PII>>l--proxy <<PII>>l--proxy <<PII>>e--proxy <<PII>>r--proxy <<PII>>.--proxy <<PII>>l--proxy <<PII>>a--proxy <<PII>>t--proxy <<PII>>e--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>.--proxy <<PII>>s-
2026-03-21T08:05:25.000920Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Target handler state: enabled [etag_8374934143961111340]
2026-03-21T08:05:25.003709Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] [Enable] current handler state is: enabled
2026-03-21T08:05:25.003999Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Update settings file: 21.settings
2026-03-21T08:05:25.004788Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Requested extension state: enabled
2026-03-21T08:05:25.005488Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-21T08:05:25.006503Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "21", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-21T08:05:27.015198Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
b/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-21 08:05:25,321, INFO - Start executing handler action: enable
2026-03-21 08:05:25,323, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status/21.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-21 08:05:25,360, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-21 08:05:25,386, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-21 08:05:25,386, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-21 08:05:25,386, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-21 08:05:25,387, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-21 08:05:25,393, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-21 08:05:25,591, INFO - Start executing installer wrapper
2026-03-21 08:05:25,594, INFO - scrubbed proxy settings: {}
2026-03-21 08:05:25,594, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-21 08:05:25,668, INFO - MDE is installed
2026-03-21 08:05:25,668, INFO - Wait for MDE service to be available
2026-03-21 08:05:26,570, INFO - MDE is onboarded
2026-03-21 08:05:26,879, INFO - MDC tags in MDE are valid
2026-03-21 08:05:26,880, INFO - Start to run the update command: --proxy <<PII>>s--proxy <<PII>>r--proxy <<PII>>c--proxy <<PII>>/--proxy <<PII>>m--proxy <<PII>>d--proxy <<PII>>e--proxy <<PII>>_--proxy <<PII>>i--proxy <<PII>>n--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>a--proxy <<PII>>l--proxy <<PII>>l--proxy <<PII>>e--proxy <<PII>>r--proxy <<PII>>.--proxy <<PII>>l--proxy <<PII>>a--proxy <<PII>>t--proxy <<PII>>e--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>.--proxy <<PII>>s-
2026-03-22T08:02:36.923142Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Target handler state: enabled [etag_1975753578209663187]
2026-03-22T08:02:36.925153Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] [Enable] current handler state is: enabled
2026-03-22T08:02:36.925428Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Update settings file: 21.settings
2026-03-22T08:02:36.926550Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Requested extension state: enabled
2026-03-22T08:02:36.927061Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-22T08:02:36.928178Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "21", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-22T08:02:38.936531Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-22 08:02:37,302, INFO - Start executing handler action: enable
2026-03-22 08:02:37,310, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status/21.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-22 08:02:37,349, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-22 08:02:37,376, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-22 08:02:37,377, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-22 08:02:37,377, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-22 08:02:37,377, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-22 08:02:37,385, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-22 08:02:37,606, INFO - Start executing installer wrapper
2026-03-22 08:02:37,609, INFO - scrubbed proxy settings: {}
2026-03-22 08:02:37,609, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-22 08:02:37,700, INFO - MDE is installed
2026-03-22 08:02:37,700, INFO - Wait for MDE service to be available
2026-03-22 08:02:38,610, INFO - MDE is onboarded
2026-03-23T08:09:13.673179Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Target handler state: enabled [etag_6973172974856513024]
2026-03-23T08:09:13.675753Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] [Enable] current handler state is: enabled
2026-03-23T08:09:13.675992Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Update settings file: 21.settings
2026-03-23T08:09:13.676771Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Requested extension state: enabled
2026-03-23T08:09:13.677200Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-23T08:09:13.678050Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "21", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-23T08:09:15.692996Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
b/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-23 08:09:14,036, INFO - Start executing handler action: enable
2026-03-23 08:09:14,039, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status/21.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-23 08:09:14,081, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-23 08:09:14,111, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-23 08:09:14,111, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-23 08:09:14,112, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-23 08:09:14,112, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-23 08:09:14,120, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-23 08:09:14,343, INFO - Start executing installer wrapper
2026-03-23 08:09:14,352, INFO - scrubbed proxy settings: {}
2026-03-23 08:09:14,352, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-23 08:09:14,434, INFO - MDE is installed
2026-03-23 08:09:14,434, INFO - Wait for MDE service to be available
2026-03-23 08:09:14,891, INFO - MDE is onboarded
2026-03-23 08:09:15,170, INFO - MDC tags in MDE are valid
2026-03-23 08:09:15,171, INFO - Start to run the update command: --proxy <<PII>>s--proxy <<PII>>r--proxy <<PII>>c--proxy <<PII>>/--proxy <<PII>>m--proxy <<PII>>d--proxy <<PII>>e--proxy <<PII>>_--proxy <<PII>>i--proxy <<PII>>n--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>a--proxy <<PII>>l--proxy <<PII>>l--proxy <<PII>>e--proxy <<PII>>r--proxy <<PII>>.--proxy <<PII>>l--proxy <<PII>>a--proxy <<PII>>t--proxy <<PII>>e--proxy <<PII>>s--proxy <<PII>>t--proxy <<PII>>.--proxy <<PII>>s-
2026-03-23T23:44:21.191361Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_569479330636908595]
2026-03-23T23:44:21.194257Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: notinstalled
2026-03-23T23:44:21.394325Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Initializing extension Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0
2026-03-23T23:44:21.410030Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 22.settings
2026-03-23T23:44:21.411209Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Disable extension: [PythonRunner.sh src/MdeExtensionHandler.py disable]
2026-03-23T23:44:21.412277Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py disable with environment variables: {"AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "22", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-23T23:44:23.419811Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py disable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-23 23:44:21,721, INFO - Start executing handler action: disable
2026-03-23 23:44:21,723, ERROR - Microsoft Defender for Endpoint offboarding is not supported
2026-03-23 23:44:21,723, INFO - End executing handler action: disable
2026-03-23T23:44:23.422429Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Copy status files from old plugin to new
2026-03-23T23:44:23.448745Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update extension [PythonRunner.sh src/MdeExtensionHandler.py update]
2026-03-23T23:44:23.449941Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py update with environment variables: {"AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_DISABLE_CMD_EXIT_CODE": "0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "AZURE_GUEST_AGENT_UPDATING_FROM_VERSION": "1.0.10.0", "ConfigSequenceNumber": "22", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-23T23:44:25.461828Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py update
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-23 23:44:23,814, INFO - Start executing handler action: update
2026-03-23 23:44:23,814, WARNING - No operation for action: update
2026-03-23 23:44:23,815, INFO - End executing handler action: update
2026-03-23T23:44:25.464181Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Uninstall extension [PythonRunner.sh src/MdeExtensionHandler.py uninstall]
2026-03-23T23:44:25.465141Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/PythonRunner.sh src/MdeExtensionHandler.py uninstall with environment variables: {"AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.10.0", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0", "ConfigSequenceNumber": "22", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-23T23:44:27.476629Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Command: PythonRunner.sh src/MdeExtensionHandler.py uninstall
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-23 23:44:25,648, INFO - Start executing handler action: uninstall
2026-03-23 23:44:25,648, ERROR - Microsoft Defender for Endpoint offboarding is not supported
2026-03-23 23:44:25,648, INFO - End executing handler action: uninstall
2026-03-23T23:44:27.478617Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Remove extension handler directory: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0
2026-03-23T23:44:27.530513Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0] Remove the extension slice: Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.10.0
2026-03-23T23:44:27.531215Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Install extension [PythonRunner.sh src/MdeExtensionHandler.py install]
2026-03-23T23:44:27.532175Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py install with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "0", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "22", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-23T23:44:29.541079Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py install
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-23 23:44:27,719, INFO - Start executing handler action: install
2026-03-23 23:44:27,720, INFO - MDE installation will occur in 'enable'
2026-03-23 23:44:27,720, INFO - End executing handler action: install
2026-03-23T23:44:29.544616Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-03-23T23:44:29.545434Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-23T23:44:29.546286Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "0", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "22", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-23T23:44:31.555285Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-23 23:44:29,715, INFO - Start executing handler action: enable
2026-03-23 23:44:29,716, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/22.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-23 23:44:29,744, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-23 23:44:29,769, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-23 23:44:29,769, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-23 23:44:29,770, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-23 23:44:29,770, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-23 23:44:29,774, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-23 23:44:29,973, INFO - Start executing installer wrapper
2026-03-23 23:44:29,976, INFO - scrubbed proxy settings: {}
2026-03-23 23:44:29,976, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-23 23:44:30,049, INFO - MDE is installed
2026-03-23 23:44:30,049, INFO - Wait for MDE service to be available
2026-03-23 23:44:30,499, INFO - MDE is onboarded
2026-03-23 23:44:30,779, INFO - MDC tags in MDE are valid
2026-03-23 23:44:30,779, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-03-24T08:10:57.004179Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_15646887737877026827]
2026-03-24T08:10:57.005595Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-03-24T08:10:57.005904Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 22.settings
2026-03-24T08:10:57.007185Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-03-24T08:10:57.007719Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-24T08:10:57.010038Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "22", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-24T08:10:59.021869Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-24 08:10:57,307, INFO - Start executing handler action: enable
2026-03-24 08:10:57,308, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/22.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-24 08:10:57,338, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-24 08:10:57,365, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-24 08:10:57,365, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-24 08:10:57,366, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-24 08:10:57,366, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-24 08:10:57,370, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-24 08:10:57,549, INFO - Start executing installer wrapper
2026-03-24 08:10:57,549, INFO - scrubbed proxy settings: {}
2026-03-24 08:10:57,549, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-24 08:10:57,631, INFO - MDE is installed
2026-03-24 08:10:57,631, INFO - Wait for MDE service to be available
2026-03-24 08:10:58,279, INFO - MDE is onboarded
2026-03-24 08:10:58,585, INFO - MDC tags in MDE are valid
2026-03-24 08:10:58,586, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-03-25T08:10:12.740611Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_10359400384477726926]
2026-03-25T08:10:12.742716Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-03-25T08:10:12.742941Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 22.settings
2026-03-25T08:10:12.744963Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-03-25T08:10:12.745749Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-25T08:10:12.746570Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "22", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-25T08:10:14.758957Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-25 08:10:13,091, INFO - Start executing handler action: enable
2026-03-25 08:10:13,096, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/22.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-25 08:10:13,148, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-25 08:10:13,173, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-25 08:10:13,173, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-25 08:10:13,173, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-25 08:10:13,173, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-25 08:10:13,181, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-25 08:10:13,392, INFO - Start executing installer wrapper
2026-03-25 08:10:13,394, INFO - scrubbed proxy settings: {}
2026-03-25 08:10:13,394, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-25 08:10:13,475, INFO - MDE is installed
2026-03-25 08:10:13,475, INFO - Wait for MDE service to be available
2026-03-25 08:10:14,378, INFO - MDE is onboarded
2026-03-25 08:10:14,685, INFO - MDC tags in MDE are valid
2026-03-25 08:10:14,686, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-03-26T08:09:22.847932Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_9219001815595796991]
2026-03-26T08:09:22.849989Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-03-26T08:09:22.850233Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 22.settings
2026-03-26T08:09:22.851667Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-03-26T08:09:22.852242Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-26T08:09:22.853044Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "22", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-26T08:09:24.862135Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-26 08:09:23,162, INFO - Start executing handler action: enable
2026-03-26 08:09:23,164, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/22.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-26 08:09:23,200, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-26 08:09:23,226, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-26 08:09:23,226, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-26 08:09:23,227, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-26 08:09:23,227, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-26 08:09:23,232, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-26 08:09:23,415, INFO - Start executing installer wrapper
2026-03-26 08:09:23,417, INFO - scrubbed proxy settings: {}
2026-03-26 08:09:23,418, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-26 08:09:23,494, INFO - MDE is installed
2026-03-26 08:09:23,494, INFO - Wait for MDE service to be available
2026-03-26 08:09:24,141, INFO - MDE is onboarded
2026-03-26 08:09:24,447, INFO - MDC tags in MDE are valid
2026-03-26 08:09:24,448, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-03-27T08:02:47.462499Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_1034577993276470015]
2026-03-27T08:02:47.464934Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-03-27T08:02:47.465214Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 22.settings
2026-03-27T08:02:47.466643Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-03-27T08:02:47.467208Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-27T08:02:47.468388Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "22", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-27T08:02:49.478349Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-27 08:02:47,786, INFO - Start executing handler action: enable
2026-03-27 08:02:47,789, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/22.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-27 08:02:47,820, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-27 08:02:47,845, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-27 08:02:47,846, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-27 08:02:47,846, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-27 08:02:47,846, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-27 08:02:47,851, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-27 08:02:48,049, INFO - Start executing installer wrapper
2026-03-27 08:02:48,051, INFO - scrubbed proxy settings: {}
2026-03-27 08:02:48,051, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-27 08:02:48,131, INFO - MDE is installed
2026-03-27 08:02:48,131, INFO - Wait for MDE service to be available
2026-03-27 08:02:49,315, INFO - MDE is onboarded
2026-03-28T08:08:06.474954Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_6762778041870153348]
2026-03-28T08:08:06.478506Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-03-28T08:08:06.478833Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 22.settings
2026-03-28T08:08:06.480064Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-03-28T08:08:06.480657Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-28T08:08:06.487237Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "22", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-28T08:08:08.496827Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-28 08:08:06,809, INFO - Start executing handler action: enable
2026-03-28 08:08:06,811, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/22.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-28 08:08:06,844, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-28 08:08:06,870, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-28 08:08:06,870, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-28 08:08:06,871, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-28 08:08:06,871, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-28 08:08:06,875, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-28 08:08:07,051, INFO - Start executing installer wrapper
2026-03-28 08:08:07,053, INFO - scrubbed proxy settings: {}
2026-03-28 08:08:07,053, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-28 08:08:07,126, INFO - MDE is installed
2026-03-28 08:08:07,126, INFO - Wait for MDE service to be available
2026-03-28 08:08:07,819, INFO - MDE is onboarded
2026-03-28 08:08:08,123, INFO - MDC tags in MDE are valid
2026-03-28 08:08:08,124, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-03-29T08:03:57.417382Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_10066650739030156027]
2026-03-29T08:03:57.419447Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-03-29T08:03:57.419874Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 22.settings
2026-03-29T08:03:57.421591Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-03-29T08:03:57.422011Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-29T08:03:57.422883Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "22", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-29T08:03:59.432053Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-29 08:03:57,753, INFO - Start executing handler action: enable
2026-03-29 08:03:57,756, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/22.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-29 08:03:57,791, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-29 08:03:57,816, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-29 08:03:57,816, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-29 08:03:57,816, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-29 08:03:57,816, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-29 08:03:57,820, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-29 08:03:57,999, INFO - Start executing installer wrapper
2026-03-29 08:03:58,001, INFO - scrubbed proxy settings: {}
2026-03-29 08:03:58,001, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-29 08:03:58,079, INFO - MDE is installed
2026-03-29 08:03:58,079, INFO - Wait for MDE service to be available
2026-03-29 08:03:58,804, INFO - MDE is onboarded
2026-03-29 08:03:59,105, INFO - MDC tags in MDE are valid
2026-03-29 08:03:59,105, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-03-30T08:07:49.207823Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_10733777386665904872]
2026-03-30T08:07:49.209777Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-03-30T08:07:49.210242Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 22.settings
2026-03-30T08:07:49.211776Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-03-30T08:07:49.212239Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-30T08:07:49.213385Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "22", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-30T08:07:51.221447Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-30 08:07:49,548, INFO - Start executing handler action: enable
2026-03-30 08:07:49,556, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/22.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-30 08:07:49,590, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-30 08:07:49,617, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-30 08:07:49,618, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-30 08:07:49,618, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-30 08:07:49,618, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-30 08:07:49,622, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-30 08:07:49,800, INFO - Start executing installer wrapper
2026-03-30 08:07:49,802, INFO - scrubbed proxy settings: {}
2026-03-30 08:07:49,802, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-30 08:07:49,894, INFO - MDE is installed
2026-03-30 08:07:49,894, INFO - Wait for MDE service to be available
2026-03-30 08:07:50,657, INFO - MDE is onboarded
2026-03-30 08:07:50,958, INFO - MDC tags in MDE are valid
2026-03-30 08:07:50,959, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-03-31T05:25:20.570484Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_15474101651101100824]
2026-03-31T05:25:20.572971Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-03-31T05:25:20.573195Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 23.settings
2026-03-31T05:25:20.573857Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-03-31T05:25:20.574423Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-31T05:25:20.578515Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "23", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-31T05:25:22.600451Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-31 05:25:20,910, INFO - Start executing handler action: enable
2026-03-31 05:25:20,913, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/23.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-31 05:25:20,948, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-31 05:25:20,977, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-31 05:25:20,977, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-31 05:25:20,977, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-31 05:25:20,978, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-31 05:25:20,982, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-31 05:25:21,162, INFO - Start executing installer wrapper
2026-03-31 05:25:21,164, INFO - scrubbed proxy settings: {}
2026-03-31 05:25:21,164, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-31 05:25:21,237, INFO - MDE is installed
2026-03-31 05:25:21,237, INFO - Wait for MDE service to be available
2026-03-31 05:25:22,195, INFO - MDE is onboarded
2026-03-31 05:25:22,496, INFO - MDC tags in MDE are valid
2026-03-31 05:25:22,497, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-03-31T08:04:27.345297Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_17049200031533992715]
2026-03-31T08:04:27.347439Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-03-31T08:04:27.347705Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 23.settings
2026-03-31T08:04:27.348370Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-03-31T08:04:27.348835Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-03-31T08:04:27.349570Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "23", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-03-31T08:04:29.359050Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-31 08:04:27,535, INFO - Start executing handler action: enable
2026-03-31 08:04:27,537, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/23.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-03-31 08:04:27,567, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-03-31 08:04:27,592, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-03-31 08:04:27,592, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-03-31 08:04:27,592, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-03-31 08:04:27,592, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-03-31 08:04:27,596, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-03-31 08:04:27,770, INFO - Start executing installer wrapper
2026-03-31 08:04:27,771, INFO - scrubbed proxy settings: {}
2026-03-31 08:04:27,771, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-03-31 08:04:27,846, INFO - MDE is installed
2026-03-31 08:04:27,846, INFO - Wait for MDE service to be available
2026-03-31 08:04:28,394, INFO - MDE is onboarded
2026-03-31 08:04:28,693, INFO - MDC tags in MDE are valid
2026-03-31 08:04:28,693, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-04-01T08:02:42.146022Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_3341765876079272063]
2026-04-01T08:02:42.148199Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-04-01T08:02:42.148541Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 23.settings
2026-04-01T08:02:42.149224Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-04-01T08:02:42.149623Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-01T08:02:42.150359Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "23", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-01T08:02:44.158276Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-01 08:02:42,459, INFO - Start executing handler action: enable
2026-04-01 08:02:42,462, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/23.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-01 08:02:42,491, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-01 08:02:42,519, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-01 08:02:42,519, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-01 08:02:42,519, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-01 08:02:42,519, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-01 08:02:42,523, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-01 08:02:42,691, INFO - Start executing installer wrapper
2026-04-01 08:02:42,693, INFO - scrubbed proxy settings: {}
2026-04-01 08:02:42,694, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-01 08:02:42,767, INFO - MDE is installed
2026-04-01 08:02:42,767, INFO - Wait for MDE service to be available
2026-04-01 08:02:43,828, INFO - MDE is onboarded
2026-04-01 08:02:44,125, INFO - MDC tags in MDE are valid
2026-04-01 08:02:44,125, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-04-02T08:10:07.104065Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_1866033468698976689]
2026-04-02T08:10:07.106524Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-04-02T08:10:07.106786Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 23.settings
2026-04-02T08:10:07.108766Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-04-02T08:10:07.109283Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-02T08:10:07.110368Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "23", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-02T08:10:09.119313Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-02 08:10:07,443, INFO - Start executing handler action: enable
2026-04-02 08:10:07,446, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/23.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-02 08:10:07,483, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-02 08:10:07,510, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-02 08:10:07,511, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-02 08:10:07,511, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-02 08:10:07,511, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-02 08:10:07,515, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-02 08:10:07,693, INFO - Start executing installer wrapper
2026-04-02 08:10:07,695, INFO - scrubbed proxy settings: {}
2026-04-02 08:10:07,695, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-02 08:10:07,771, INFO - MDE is installed
2026-04-02 08:10:07,771, INFO - Wait for MDE service to be available
2026-04-02 08:10:08,931, INFO - MDE is onboarded
2026-04-03T08:10:38.120568Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_1427039003614400261]
2026-04-03T08:10:38.123313Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-04-03T08:10:38.123573Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 23.settings
2026-04-03T08:10:38.124773Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-04-03T08:10:38.125402Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-03T08:10:38.126547Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "23", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-03T08:10:40.134845Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-03 08:10:38,443, INFO - Start executing handler action: enable
2026-04-03 08:10:38,446, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/23.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-03 08:10:38,482, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-03 08:10:38,507, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-03 08:10:38,507, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-03 08:10:38,507, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-03 08:10:38,508, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-03 08:10:38,512, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-03 08:10:38,689, INFO - Start executing installer wrapper
2026-04-03 08:10:38,690, INFO - scrubbed proxy settings: {}
2026-04-03 08:10:38,691, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-03 08:10:38,766, INFO - MDE is installed
2026-04-03 08:10:38,766, INFO - Wait for MDE service to be available
2026-04-03 08:10:39,565, INFO - MDE is onboarded
2026-04-03 08:10:39,869, INFO - MDC tags in MDE are valid
2026-04-03 08:10:39,870, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-04-04T08:06:16.377055Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_8351604524387462789]
2026-04-04T08:06:16.380883Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-04-04T08:06:16.381122Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 23.settings
2026-04-04T08:06:16.389247Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-04-04T08:06:16.389812Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-04T08:06:16.395651Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "23", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-04T08:06:19.422124Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-04 08:06:17,311, INFO - Start executing handler action: enable
2026-04-04 08:06:17,323, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/23.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-04 08:06:17,414, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-04 08:06:17,450, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-04 08:06:17,450, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-04 08:06:17,451, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-04 08:06:17,451, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-04 08:06:17,472, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-04 08:06:17,771, INFO - Start executing installer wrapper
2026-04-04 08:06:17,779, INFO - scrubbed proxy settings: {}
2026-04-04 08:06:17,779, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-04 08:06:17,871, INFO - MDE is installed
2026-04-04 08:06:17,871, INFO - Wait for MDE service to be available
2026-04-04 08:06:19,212, INFO - MDE is onboarded
2026-04-05T08:07:21.671902Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_9144037627023682453]
2026-04-05T08:07:21.675198Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-04-05T08:07:21.675460Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 23.settings
2026-04-05T08:07:21.678056Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-04-05T08:07:21.679032Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-05T08:07:21.679879Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "23", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-05T08:07:23.688100Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-05 08:07:22,007, INFO - Start executing handler action: enable
2026-04-05 08:07:22,010, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/23.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-05 08:07:22,044, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-05 08:07:22,073, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-05 08:07:22,073, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-05 08:07:22,073, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-05 08:07:22,074, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-05 08:07:22,078, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-05 08:07:22,255, INFO - Start executing installer wrapper
2026-04-05 08:07:22,257, INFO - scrubbed proxy settings: {}
2026-04-05 08:07:22,257, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-05 08:07:22,331, INFO - MDE is installed
2026-04-05 08:07:22,331, INFO - Wait for MDE service to be available
2026-04-05 08:07:22,891, INFO - MDE is onboarded
2026-04-05 08:07:23,189, INFO - MDC tags in MDE are valid
2026-04-05 08:07:23,190, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-04-06T08:04:31.170852Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_12522503682191223180]
2026-04-06T08:04:31.173675Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-04-06T08:04:31.174650Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 23.settings
2026-04-06T08:04:31.176087Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-04-06T08:04:31.176798Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-06T08:04:31.177847Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "23", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-06T08:04:33.185714Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-06 08:04:31,488, INFO - Start executing handler action: enable
2026-04-06 08:04:31,490, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/23.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-06 08:04:31,524, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-06 08:04:31,548, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-06 08:04:31,549, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-06 08:04:31,549, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-06 08:04:31,549, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-06 08:04:31,555, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-06 08:04:31,731, INFO - Start executing installer wrapper
2026-04-06 08:04:31,733, INFO - scrubbed proxy settings: {}
2026-04-06 08:04:31,733, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-06 08:04:31,809, INFO - MDE is installed
2026-04-06 08:04:31,809, INFO - Wait for MDE service to be available
2026-04-06 08:04:32,479, INFO - MDE is onboarded
2026-04-06 08:04:32,775, INFO - MDC tags in MDE are valid
2026-04-06 08:04:32,776, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-04-07T08:04:45.086928Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_3784878027690985217]
2026-04-07T08:04:45.089709Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-04-07T08:04:45.089999Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 23.settings
2026-04-07T08:04:45.090970Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-04-07T08:04:45.091577Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-07T08:04:45.092500Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "23", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-07T08:04:47.099946Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-07 08:04:45,424, INFO - Start executing handler action: enable
2026-04-07 08:04:45,427, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/23.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-07 08:04:45,464, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-07 08:04:45,489, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-07 08:04:45,489, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-07 08:04:45,490, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-07 08:04:45,490, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-07 08:04:45,495, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-07 08:04:45,675, INFO - Start executing installer wrapper
2026-04-07 08:04:45,677, INFO - scrubbed proxy settings: {}
2026-04-07 08:04:45,677, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-07 08:04:45,751, INFO - MDE is installed
2026-04-07 08:04:45,751, INFO - Wait for MDE service to be available
2026-04-07 08:04:46,945, INFO - MDE is onboarded
2026-04-07T11:26:02.149737Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_9847933707987217687]
2026-04-07T11:26:02.151278Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-04-07T11:26:02.151896Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 24.settings
2026-04-07T11:26:02.152618Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-04-07T11:26:02.153031Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-07T11:26:02.153926Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "24", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-07T11:26:04.181082Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-07 11:26:02,357, INFO - Start executing handler action: enable
2026-04-07 11:26:02,358, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/24.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-07 11:26:02,396, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-07 11:26:02,420, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-07 11:26:02,420, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-07 11:26:02,421, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-07 11:26:02,421, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-07 11:26:02,426, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-07 11:26:02,607, INFO - Start executing installer wrapper
2026-04-07 11:26:02,607, INFO - scrubbed proxy settings: {}
2026-04-07 11:26:02,607, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-07 11:26:02,683, INFO - MDE is installed
2026-04-07 11:26:02,683, INFO - Wait for MDE service to be available
2026-04-07 11:26:03,251, INFO - MDE is onboarded
2026-04-07 11:26:03,545, INFO - MDC tags in MDE are valid
2026-04-07 11:26:03,545, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-04-08T08:11:20.377144Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_9007790109195724803]
2026-04-08T08:11:20.380120Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-04-08T08:11:20.380482Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 24.settings
2026-04-08T08:11:20.382363Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-04-08T08:11:20.382868Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-08T08:11:20.384487Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "24", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-08T08:11:22.392477Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-08 08:11:20,715, INFO - Start executing handler action: enable
2026-04-08 08:11:20,718, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/24.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-08 08:11:20,756, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-08 08:11:20,782, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-08 08:11:20,782, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-08 08:11:20,782, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-08 08:11:20,782, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-08 08:11:20,787, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-08 08:11:20,953, INFO - Start executing installer wrapper
2026-04-08 08:11:20,955, INFO - scrubbed proxy settings: {}
2026-04-08 08:11:20,956, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-08 08:11:21,033, INFO - MDE is installed
2026-04-08 08:11:21,033, INFO - Wait for MDE service to be available
2026-04-08 08:11:22,265, INFO - MDE is onboarded
2026-04-09T08:10:56.483857Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_14144943415597293685]
2026-04-09T08:10:56.486442Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-04-09T08:10:56.486796Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 24.settings
2026-04-09T08:10:56.488162Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-04-09T08:10:56.488691Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-09T08:10:56.489603Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "24", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-09T08:10:58.496824Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-09 08:10:56,820, INFO - Start executing handler action: enable
2026-04-09 08:10:56,823, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/24.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-09 08:10:56,855, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-09 08:10:56,882, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-09 08:10:56,882, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-09 08:10:56,883, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-09 08:10:56,883, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-09 08:10:56,887, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-09 08:10:57,060, INFO - Start executing installer wrapper
2026-04-09 08:10:57,061, INFO - scrubbed proxy settings: {}
2026-04-09 08:10:57,061, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-09 08:10:57,141, INFO - MDE is installed
2026-04-09 08:10:57,141, INFO - Wait for MDE service to be available
2026-04-09 08:10:58,224, INFO - MDE is onboarded
2026-04-10T08:05:23.555983Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_1540066749479441829]
2026-04-10T08:05:23.559138Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-04-10T08:05:23.559411Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 24.settings
2026-04-10T08:05:23.560942Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-04-10T08:05:23.561626Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-10T08:05:23.563757Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "24", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-10T08:05:25.577393Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-10 08:05:23,876, INFO - Start executing handler action: enable
2026-04-10 08:05:23,878, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/24.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-10 08:05:23,911, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-10 08:05:23,934, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-10 08:05:23,935, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-10 08:05:23,935, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-10 08:05:23,935, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-10 08:05:23,942, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-10 08:05:24,121, INFO - Start executing installer wrapper
2026-04-10 08:05:24,128, INFO - scrubbed proxy settings: {}
2026-04-10 08:05:24,128, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-10 08:05:24,204, INFO - MDE is installed
2026-04-10 08:05:24,204, INFO - Wait for MDE service to be available
2026-04-10 08:05:25,412, INFO - MDE is onboarded
2026-04-11T08:04:27.660161Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_411745050225295929]
2026-04-11T08:04:27.743821Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-04-11T08:04:27.744619Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 24.settings
2026-04-11T08:04:27.907401Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-04-11T08:04:27.926779Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-11T08:04:28.424079Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "24", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-11T08:17:00.177739Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-11 08:16:56,627, INFO - Start executing handler action: enable
2026-04-11 08:16:56,665, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/24.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-11 08:16:57,730, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-11 08:16:57,779, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-11 08:16:57,779, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-11 08:16:57,779, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-11 08:16:57,787, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-11 08:16:57,826, INFO - End executing handler action: enable
Python 2.7.5
2026-04-12T08:04:18.598548Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_14278716130532039534]
2026-04-12T08:04:18.601124Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-04-12T08:04:18.601718Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 24.settings
2026-04-12T08:04:18.603034Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-04-12T08:04:18.603527Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-12T08:04:18.604239Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "24", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-12T08:04:20.611788Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-12 08:04:18,932, INFO - Start executing handler action: enable
2026-04-12 08:04:18,935, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/24.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-12 08:04:18,971, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-12 08:04:18,995, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-12 08:04:18,996, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-12 08:04:18,996, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-12 08:04:18,996, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-12 08:04:19,000, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-12 08:04:19,173, INFO - Start executing installer wrapper
2026-04-12 08:04:19,175, INFO - scrubbed proxy settings: {}
2026-04-12 08:04:19,175, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-12 08:04:19,250, INFO - MDE is installed
2026-04-12 08:04:19,250, INFO - Wait for MDE service to be available
2026-04-12 08:04:19,931, INFO - MDE is onboarded
2026-04-12 08:04:20,159, INFO - MDC tags in MDE are valid
2026-04-12 08:04:20,160, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-04-13T08:11:28.868235Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_18111279568339205486]
2026-04-13T08:11:28.887528Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-04-13T08:11:28.887830Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 24.settings
2026-04-13T08:11:28.905450Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-04-13T08:11:28.905989Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-13T08:11:28.906826Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "24", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-13T08:11:33.979502Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-13 08:11:31,679, INFO - Start executing handler action: enable
2026-04-13 08:11:31,710, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/24.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-13 08:11:31,978, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-13 08:11:32,033, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-13 08:11:32,034, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-13 08:11:32,043, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-13 08:11:32,043, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-13 08:11:32,072, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-13 08:11:33,206, INFO - Start executing installer wrapper
2026-04-13 08:11:33,209, INFO - scrubbed proxy settings: {}
2026-04-13 08:11:33,209, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-13 08:11:33,361, INFO - MDE is installed
2026-04-13 08:11:33,361, INFO - Wait for MDE service to be available
2026-04-13T11:25:56.122671Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_15316665480741464905]
2026-04-13T11:25:56.125694Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-04-13T11:25:56.125955Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 25.settings
2026-04-13T11:25:56.126732Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-04-13T11:25:56.127167Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-13T11:25:56.127899Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "25", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-13T11:25:58.138609Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-13 11:25:56,437, INFO - Start executing handler action: enable
2026-04-13 11:25:56,441, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/25.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-13 11:25:56,474, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-13 11:25:56,498, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-13 11:25:56,499, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-13 11:25:56,499, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-13 11:25:56,499, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-13 11:25:56,503, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-13 11:25:56,674, INFO - Start executing installer wrapper
2026-04-13 11:25:56,675, INFO - scrubbed proxy settings: {}
2026-04-13 11:25:56,675, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-13 11:25:56,752, INFO - MDE is installed
2026-04-13 11:25:56,753, INFO - Wait for MDE service to be available
2026-04-13 11:25:57,510, INFO - MDE is onboarded
2026-04-13 11:25:57,798, INFO - MDC tags in MDE are valid
2026-04-13 11:25:57,798, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-04-14T08:08:26.475415Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_718612193709508342]
2026-04-14T08:08:26.483622Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-04-14T08:08:26.483875Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 25.settings
2026-04-14T08:08:26.488620Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-04-14T08:08:26.489164Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-14T08:08:26.489985Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "25", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-14T08:08:28.497974Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-14 08:08:26,840, INFO - Start executing handler action: enable
2026-04-14 08:08:26,849, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/25.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-14 08:08:26,896, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-14 08:08:26,925, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-14 08:08:26,925, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-14 08:08:26,925, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-14 08:08:26,925, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-14 08:08:26,931, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-14 08:08:27,121, INFO - Start executing installer wrapper
2026-04-14 08:08:27,131, INFO - scrubbed proxy settings: {}
2026-04-14 08:08:27,131, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-14 08:08:27,203, INFO - MDE is installed
2026-04-14 08:08:27,204, INFO - Wait for MDE service to be available
2026-04-14 08:08:27,771, INFO - MDE is onboarded
2026-04-14 08:08:28,065, INFO - MDC tags in MDE are valid
2026-04-14 08:08:28,066, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-04-14T11:27:27.107167Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_1927963486656023788]
2026-04-14T11:27:27.109154Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-04-14T11:27:27.109425Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 26.settings
2026-04-14T11:27:27.110128Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-04-14T11:27:27.110586Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-14T11:27:27.111322Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "26", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-14T11:27:29.119253Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-14 11:27:27,305, INFO - Start executing handler action: enable
2026-04-14 11:27:27,307, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/26.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-14 11:27:27,334, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-14 11:27:27,359, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-14 11:27:27,359, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-14 11:27:27,360, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-14 11:27:27,360, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-14 11:27:27,364, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-14 11:27:27,534, INFO - Start executing installer wrapper
2026-04-14 11:27:27,535, INFO - scrubbed proxy settings: {}
2026-04-14 11:27:27,535, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-14 11:27:27,620, INFO - MDE is installed
2026-04-14 11:27:27,621, INFO - Wait for MDE service to be available
2026-04-14 11:27:28,476, INFO - MDE is onboarded
2026-04-14 11:27:28,766, INFO - MDC tags in MDE are valid
2026-04-14 11:27:28,767, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-04-15T08:09:14.552417Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_14385415364929827678]
2026-04-15T08:09:14.555786Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-04-15T08:09:14.557117Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 26.settings
2026-04-15T08:09:14.558473Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-04-15T08:09:14.558919Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-15T08:09:14.559651Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "26", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-15T08:09:16.567435Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-15 08:09:14,853, INFO - Start executing handler action: enable
2026-04-15 08:09:14,855, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/26.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-15 08:09:14,894, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-15 08:09:14,918, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-15 08:09:14,919, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-15 08:09:14,919, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-15 08:09:14,919, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-15 08:09:14,924, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-15 08:09:15,092, INFO - Start executing installer wrapper
2026-04-15 08:09:15,094, INFO - scrubbed proxy settings: {}
2026-04-15 08:09:15,094, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-15 08:09:15,171, INFO - MDE is installed
2026-04-15 08:09:15,171, INFO - Wait for MDE service to be available
2026-04-15 08:09:15,629, INFO - MDE is onboarded
2026-04-15 08:09:15,827, INFO - MDC tags in MDE are valid
2026-04-15 08:09:15,828, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-04-16T02:15:49.001331Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_17633190765276741601]
2026-04-16T02:15:49.003359Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-04-16T02:15:49.003625Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 26.settings
2026-04-16T02:15:49.005094Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-04-16T02:15:49.005765Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-16T02:15:49.007470Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "26", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-16T02:15:51.015495Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-16 02:15:49,347, INFO - Start executing handler action: enable
2026-04-16 02:15:49,349, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/26.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-16 02:15:49,387, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-16 02:15:49,412, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-16 02:15:49,412, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-16 02:15:49,412, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-16 02:15:49,412, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-16 02:15:49,419, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-16 02:15:49,628, INFO - Start executing installer wrapper
2026-04-16 02:15:49,630, INFO - scrubbed proxy settings: {}
2026-04-16 02:15:49,630, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-16 02:15:49,706, INFO - MDE is installed
2026-04-16 02:15:49,706, INFO - Wait for MDE service to be available
2026-04-16 02:15:50,922, INFO - MDE is onboarded
2026-04-16T08:11:51.051139Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_382471979160489876]
2026-04-16T08:11:51.055601Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-04-16T08:11:51.055882Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 26.settings
2026-04-16T08:11:51.056519Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-04-16T08:11:51.057046Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-16T08:11:51.058134Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "26", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-16T08:11:53.084357Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-16 08:11:51,360, INFO - Start executing handler action: enable
2026-04-16 08:11:51,362, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/26.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-16 08:11:51,393, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-16 08:11:51,418, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-16 08:11:51,419, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-16 08:11:51,419, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-16 08:11:51,419, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-16 08:11:51,427, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-16 08:11:51,611, INFO - Start executing installer wrapper
2026-04-16 08:11:51,616, INFO - scrubbed proxy settings: {}
2026-04-16 08:11:51,616, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-16 08:11:51,695, INFO - MDE is installed
2026-04-16 08:11:51,695, INFO - Wait for MDE service to be available
2026-04-16 08:11:52,135, INFO - MDE is onboarded
2026-04-16 08:11:52,414, INFO - MDC tags in MDE are valid
2026-04-16 08:11:52,415, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-04-17T08:08:24.815727Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_1905821414665248134]
2026-04-17T08:08:24.817882Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-04-17T08:08:24.818117Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 26.settings
2026-04-17T08:08:24.820484Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-04-17T08:08:24.821211Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-17T08:08:24.822822Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "26", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-17T08:08:26.830613Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-17 08:08:25,139, INFO - Start executing handler action: enable
2026-04-17 08:08:25,143, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/26.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-17 08:08:25,178, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-17 08:08:25,207, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-17 08:08:25,207, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-17 08:08:25,207, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-17 08:08:25,208, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-17 08:08:25,212, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-17 08:08:25,374, INFO - Start executing installer wrapper
2026-04-17 08:08:25,376, INFO - scrubbed proxy settings: {}
2026-04-17 08:08:25,376, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-17 08:08:25,457, INFO - MDE is installed
2026-04-17 08:08:25,458, INFO - Wait for MDE service to be available
2026-04-17 08:08:26,103, INFO - MDE is onboarded
2026-04-17 08:08:26,401, INFO - MDC tags in MDE are valid
2026-04-17 08:08:26,401, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-04-18T08:11:54.053154Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_3246285871761752026]
2026-04-18T08:11:54.055185Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-04-18T08:11:54.055415Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 26.settings
2026-04-18T08:11:54.057129Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-04-18T08:11:54.057721Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-18T08:11:54.058700Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "26", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-18T08:11:56.067586Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-18 08:11:54,371, INFO - Start executing handler action: enable
2026-04-18 08:11:54,375, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/26.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-18 08:11:54,407, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-18 08:11:54,433, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-18 08:11:54,433, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-18 08:11:54,434, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-18 08:11:54,434, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-18 08:11:54,438, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-18 08:11:54,624, INFO - Start executing installer wrapper
2026-04-18 08:11:54,626, INFO - scrubbed proxy settings: {}
2026-04-18 08:11:54,626, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-18 08:11:54,702, INFO - MDE is installed
2026-04-18 08:11:54,702, INFO - Wait for MDE service to be available
2026-04-18 08:11:55,623, INFO - MDE is onboarded
2026-04-18 08:11:55,848, INFO - MDC tags in MDE are valid
2026-04-18 08:11:55,849, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-04-19T08:09:24.517879Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_10135647867620382014]
2026-04-19T08:09:24.524749Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-04-19T08:09:24.524964Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 26.settings
2026-04-19T08:09:24.532921Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-04-19T08:09:24.533509Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-19T08:09:24.534368Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "26", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-19T08:09:26.546200Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-19 08:09:24,860, INFO - Start executing handler action: enable
2026-04-19 08:09:24,863, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/26.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-19 08:09:24,900, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-19 08:09:24,928, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-19 08:09:24,929, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-19 08:09:24,929, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-19 08:09:24,929, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-19 08:09:24,937, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-19 08:09:25,119, INFO - Start executing installer wrapper
2026-04-19 08:09:25,121, INFO - scrubbed proxy settings: {}
2026-04-19 08:09:25,121, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-19 08:09:25,195, INFO - MDE is installed
2026-04-19 08:09:25,195, INFO - Wait for MDE service to be available
2026-04-19 08:09:25,723, INFO - MDE is onboarded
2026-04-19 08:09:26,015, INFO - MDC tags in MDE are valid
2026-04-19 08:09:26,016, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-04-20T08:04:55.856220Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Target handler state: enabled [etag_16804506466583064883]
2026-04-20T08:04:55.858481Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] [Enable] current handler state is: enabled
2026-04-20T08:04:55.858763Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Update settings file: 26.settings
2026-04-20T08:04:55.859891Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Requested extension state: enabled
2026-04-20T08:04:55.860405Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-20T08:04:55.861253Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "26", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-20T08:04:57.870112Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-20 08:04:56,192, INFO - Start executing handler action: enable
2026-04-20 08:04:56,195, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status/26.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-20 08:04:56,229, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-20 08:04:56,256, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-20 08:04:56,257, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-20 08:04:56,257, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-20 08:04:56,257, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-20 08:04:56,264, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-20 08:04:56,442, INFO - Start executing installer wrapper
2026-04-20 08:04:56,444, INFO - scrubbed proxy settings: {}
2026-04-20 08:04:56,444, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-20 08:04:56,519, INFO - MDE is installed
2026-04-20 08:04:56,519, INFO - Wait for MDE service to be available
2026-04-20 08:04:57,095, INFO - MDE is onboarded
2026-04-20 08:04:57,395, INFO - MDC tags in MDE are valid
2026-04-20 08:04:57,395, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-04-20T11:43:02.766834Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Target handler state: enabled [etag_9166336363975671737]
2026-04-20T11:43:02.769681Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] [Enable] current handler state is: notinstalled
2026-04-20T11:43:02.979975Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Initializing extension Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1
2026-04-20T11:43:02.994095Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Update settings file: 27.settings
2026-04-20T11:43:02.995255Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Disable extension: [PythonRunner.sh src/MdeExtensionHandler.py disable]
2026-04-20T11:43:02.996098Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py disable with environment variables: {"AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "27", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-20T11:43:05.004220Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py disable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-20 11:43:03,247, INFO - Start executing handler action: disable
2026-04-20 11:43:03,248, ERROR - Microsoft Defender for Endpoint offboarding is not supported
2026-04-20 11:43:03,248, INFO - End executing handler action: disable
2026-04-20T11:43:05.006688Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Copy status files from old plugin to new
2026-04-20T11:43:05.040487Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Update extension [PythonRunner.sh src/MdeExtensionHandler.py update]
2026-04-20T11:43:05.041540Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/PythonRunner.sh src/MdeExtensionHandler.py update with environment variables: {"AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.1", "VERSION": "1.0.11.1", "AZURE_GUEST_AGENT_DISABLE_CMD_EXIT_CODE": "0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1", "AZURE_GUEST_AGENT_UPDATING_FROM_VERSION": "1.0.11.0", "ConfigSequenceNumber": "27", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-20T11:43:07.050884Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Command: PythonRunner.sh src/MdeExtensionHandler.py update
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-20 11:43:05,400, INFO - Start executing handler action: update
2026-04-20 11:43:05,400, WARNING - No operation for action: update
2026-04-20 11:43:05,400, INFO - End executing handler action: update
2026-04-20T11:43:07.053306Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Uninstall extension [PythonRunner.sh src/MdeExtensionHandler.py uninstall]
2026-04-20T11:43:07.054290Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/PythonRunner.sh src/MdeExtensionHandler.py uninstall with environment variables: {"AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.0", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0", "ConfigSequenceNumber": "27", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-20T11:43:09.063433Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Command: PythonRunner.sh src/MdeExtensionHandler.py uninstall
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-20 11:43:07,236, INFO - Start executing handler action: uninstall
2026-04-20 11:43:07,236, ERROR - Microsoft Defender for Endpoint offboarding is not supported
2026-04-20 11:43:07,237, INFO - End executing handler action: uninstall
2026-04-20T11:43:09.065822Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Remove extension handler directory: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0
2026-04-20T11:43:09.138317Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0] Remove the extension slice: Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.0
2026-04-20T11:43:09.139022Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Install extension [PythonRunner.sh src/MdeExtensionHandler.py install]
2026-04-20T11:43:09.140082Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/PythonRunner.sh src/MdeExtensionHandler.py install with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "0", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1", "ConfigSequenceNumber": "27", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-20T11:43:11.147480Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Command: PythonRunner.sh src/MdeExtensionHandler.py install
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-20 11:43:09,313, INFO - Start executing handler action: install
2026-04-20 11:43:09,313, INFO - MDE installation will occur in 'enable'
2026-04-20 11:43:09,313, INFO - End executing handler action: install
2026-04-20T11:43:11.150315Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Requested extension state: enabled
2026-04-20T11:43:11.150979Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-20T11:43:11.151978Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "0", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1", "ConfigSequenceNumber": "27", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-20T11:43:13.160051Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-20 11:43:11,329, INFO - Start executing handler action: enable
2026-04-20 11:43:11,331, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status/27.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-20 11:43:11,361, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-20 11:43:11,389, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-20 11:43:11,389, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-20 11:43:11,389, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-20 11:43:11,390, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-20 11:43:11,394, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-20 11:43:11,577, INFO - Start executing installer wrapper
2026-04-20 11:43:11,577, INFO - scrubbed proxy settings: {}
2026-04-20 11:43:11,577, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-20 11:43:11,652, INFO - MDE is installed
2026-04-20 11:43:11,653, INFO - Wait for MDE service to be available
2026-04-20 11:43:12,302, INFO - MDE is onboarded
2026-04-20 11:43:12,597, INFO - MDC tags in MDE are valid
2026-04-20 11:43:12,598, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-04-21T08:06:00.604402Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Target handler state: enabled [etag_5788718674141591389]
2026-04-21T08:06:00.607345Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] [Enable] current handler state is: enabled
2026-04-21T08:06:00.607876Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Update settings file: 27.settings
2026-04-21T08:06:00.609340Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Requested extension state: enabled
2026-04-21T08:06:00.609949Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-21T08:06:00.610690Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1", "ConfigSequenceNumber": "27", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-21T08:06:02.623307Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-21 08:06:00,959, INFO - Start executing handler action: enable
2026-04-21 08:06:00,966, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status/27.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-21 08:06:00,999, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-21 08:06:01,025, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-21 08:06:01,026, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-21 08:06:01,026, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-21 08:06:01,026, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-21 08:06:01,034, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-21 08:06:01,228, INFO - Start executing installer wrapper
2026-04-21 08:06:01,230, INFO - scrubbed proxy settings: {}
2026-04-21 08:06:01,230, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-21 08:06:01,306, INFO - MDE is installed
2026-04-21 08:06:01,306, INFO - Wait for MDE service to be available
2026-04-21 08:06:02,399, INFO - MDE is onboarded
2026-04-22T08:11:01.641550Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Target handler state: enabled [etag_4156477340078085093]
2026-04-22T08:11:02.473861Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] [Enable] current handler state is: enabled
2026-04-22T08:11:03.480932Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Update settings file: 27.settings
2026-04-22T08:11:03.482487Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Requested extension state: enabled
2026-04-22T08:11:03.483206Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-22T08:11:03.484230Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1", "ConfigSequenceNumber": "27", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-22T08:11:05.494895Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-22 08:11:03,811, INFO - Start executing handler action: enable
2026-04-22 08:11:03,814, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status/27.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-22 08:11:03,849, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-22 08:11:03,878, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-22 08:11:03,879, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-22 08:11:03,879, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-22 08:11:03,879, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-22 08:11:03,884, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-22 08:11:04,067, INFO - Start executing installer wrapper
2026-04-22 08:11:04,069, INFO - scrubbed proxy settings: {}
2026-04-22 08:11:04,069, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-22 08:11:04,170, INFO - MDE is installed
2026-04-22 08:11:04,171, INFO - Wait for MDE service to be available
2026-04-22 08:11:04,834, INFO - MDE is onboarded
2026-04-22 08:11:05,128, INFO - MDC tags in MDE are valid
2026-04-22 08:11:05,129, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-04-23T08:08:10.927514Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Target handler state: enabled [etag_12420120949318030036]
2026-04-23T08:08:10.933073Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] [Enable] current handler state is: enabled
2026-04-23T08:08:10.933327Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Update settings file: 27.settings
2026-04-23T08:08:10.934649Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Requested extension state: enabled
2026-04-23T08:08:10.935432Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-23T08:08:10.936320Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1", "ConfigSequenceNumber": "27", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-23T08:08:12.952741Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-23 08:08:11,270, INFO - Start executing handler action: enable
2026-04-23 08:08:11,272, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status/27.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-23 08:08:11,320, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-23 08:08:11,349, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-23 08:08:11,349, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-23 08:08:11,349, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-23 08:08:11,349, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-23 08:08:11,354, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-23 08:08:11,542, INFO - Start executing installer wrapper
2026-04-23 08:08:11,544, INFO - scrubbed proxy settings: {}
2026-04-23 08:08:11,545, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-23 08:08:11,628, INFO - MDE is installed
2026-04-23 08:08:11,628, INFO - Wait for MDE service to be available
2026-04-23 08:08:12,576, INFO - MDE is onboarded
2026-04-23 08:08:12,880, INFO - MDC tags in MDE are valid
2026-04-23 08:08:12,880, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-04-24T08:03:10.839204Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Target handler state: enabled [etag_5108870070945656425]
2026-04-24T08:03:10.842739Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] [Enable] current handler state is: enabled
2026-04-24T08:03:10.842960Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Update settings file: 27.settings
2026-04-24T08:03:10.844266Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Requested extension state: enabled
2026-04-24T08:03:10.846388Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-24T08:03:10.849269Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1", "ConfigSequenceNumber": "27", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-24T08:03:12.859328Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-24 08:03:11,211, INFO - Start executing handler action: enable
2026-04-24 08:03:11,214, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status/27.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-24 08:03:11,256, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-24 08:03:11,284, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-24 08:03:11,284, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-24 08:03:11,284, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-24 08:03:11,284, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-24 08:03:11,290, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-24 08:03:11,467, INFO - Start executing installer wrapper
2026-04-24 08:03:11,470, INFO - scrubbed proxy settings: {}
2026-04-24 08:03:11,470, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-24 08:03:11,555, INFO - MDE is installed
2026-04-24 08:03:11,555, INFO - Wait for MDE service to be available
2026-04-24 08:03:12,431, INFO - MDE is onboarded
2026-04-24 08:03:12,801, INFO - MDC tags in MDE are valid
2026-04-24 08:03:12,802, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-04-24T19:57:26.784175Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Target handler state: enabled [etag_5108870070945656425]
2026-04-24T19:57:26.805130Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] [Enable] current handler state is: enabled
2026-04-24T19:57:26.805352Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Update settings file: 27.settings
2026-04-24T19:57:26.824911Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Requested extension state: enabled
2026-04-24T19:57:26.836739Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-24T19:57:26.846011Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1", "ConfigSequenceNumber": "27", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-24T19:57:31.973827Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-24 19:57:29,687, INFO - Start executing handler action: enable
2026-04-24 19:57:29,707, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status/27.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-24 19:57:30,099, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-24 19:57:30,170, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-24 19:57:30,171, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-24 19:57:30,171, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-24 19:57:30,171, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-24 19:57:30,222, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-24T23:44:54.508573Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Target handler state: enabled [etag_6505012166151841864]
2026-04-24T23:44:54.514429Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] [Enable] current handler state is: enabled
2026-04-24T23:44:54.514845Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Update settings file: 28.settings
2026-04-24T23:44:54.515567Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Requested extension state: enabled
2026-04-24T23:44:54.524422Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-24T23:44:54.525450Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1", "ConfigSequenceNumber": "28", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-24T23:44:56.550231Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-24 23:44:55,229, INFO - Start executing handler action: enable
2026-04-24 23:44:55,250, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status/28.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-24 23:44:55,337, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-24 23:44:55,373, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-24 23:44:55,373, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-24 23:44:55,373, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-24 23:44:55,373, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-24 23:44:55,379, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-24 23:44:55,709, INFO - Start executing installer wrapper
2026-04-24 23:44:55,719, INFO - scrubbed proxy settings: {}
2026-04-24 23:44:55,719, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-24 23:44:55,816, INFO - MDE is installed
2026-04-24 23:44:55,816, INFO - Wait for MDE service to be available
2026-04-25T08:19:47.491484Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Target handler state: enabled [etag_896194908361127263]
2026-04-25T08:19:47.499263Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] [Enable] current handler state is: enabled
2026-04-25T08:19:47.499490Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Update settings file: 28.settings
2026-04-25T08:19:47.506591Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Requested extension state: enabled
2026-04-25T08:19:47.512541Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-25T08:19:47.513336Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1", "ConfigSequenceNumber": "28", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-25T08:19:50.542726Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-25 08:19:48,846, INFO - Start executing handler action: enable
2026-04-25 08:19:48,859, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status/28.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-25 08:19:48,940, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-25 08:19:48,972, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-25 08:19:48,972, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-25 08:19:48,972, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-25 08:19:48,972, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-25 08:19:48,979, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-25 08:19:49,262, INFO - Start executing installer wrapper
2026-04-25 08:19:49,269, INFO - scrubbed proxy settings: {}
2026-04-25 08:19:49,269, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-25 08:19:49,364, INFO - MDE is installed
2026-04-25 08:19:49,364, INFO - Wait for MDE service to be available
2026-04-25T11:47:31.962659Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Target handler state: enabled [etag_4298312219471765299]
2026-04-25T11:47:31.971318Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] [Enable] current handler state is: enabled
2026-04-25T11:47:31.971529Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Update settings file: 29.settings
2026-04-25T11:47:31.976424Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Requested extension state: enabled
2026-04-25T11:47:32.002609Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-25T11:47:32.003537Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1", "ConfigSequenceNumber": "29", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-25T11:47:35.020797Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-25 11:47:33,406, INFO - Start executing handler action: enable
2026-04-25 11:47:33,413, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status/29.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-25 11:47:33,505, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-25 11:47:33,540, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-25 11:47:33,540, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-25 11:47:33,540, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-25 11:47:33,540, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-25 11:47:33,556, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-25 11:47:33,913, INFO - Start executing installer wrapper
2026-04-25 11:47:33,919, INFO - scrubbed proxy settings: {}
2026-04-25 11:47:33,919, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-25 11:47:34,012, INFO - MDE is installed
2026-04-25 11:47:34,012, INFO - Wait for MDE service to be available
2026-04-26T08:44:21.593755Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Target handler state: enabled [etag_2359908903438677176]
2026-04-26T08:44:22.465315Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] [Enable] current handler state is: enabled
2026-04-26T08:44:22.465628Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Update settings file: 29.settings
2026-04-26T08:44:23.336287Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Requested extension state: enabled
2026-04-26T08:44:23.433012Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-26T08:44:23.493691Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1", "ConfigSequenceNumber": "29", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-26T08:45:24.406333Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-26 08:45:22,848, INFO - Start executing handler action: enable
2026-04-26 08:45:22,871, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status/29.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-26 08:45:23,001, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-26 08:45:23,030, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-26 08:45:23,030, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-26 08:45:23,030, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-26 08:45:23,030, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-26 08:45:23,049, INFO - End executing handler action: enable
Python 2.7.5
2026-04-27T07:19:23.846948Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Target handler state: enabled [etag_11455291132214923930]
2026-04-27T07:19:23.848761Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] [Enable] current handler state is: enabled
2026-04-27T07:19:23.849111Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Update settings file: 29.settings
2026-04-27T07:19:23.851976Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Requested extension state: enabled
2026-04-27T07:19:23.852537Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-27T07:19:23.853413Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1", "ConfigSequenceNumber": "29", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-27T07:19:25.862326Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-27 07:19:24,145, INFO - Start executing handler action: enable
2026-04-27 07:19:24,148, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status/29.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-27 07:19:24,180, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-27 07:19:24,208, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-27 07:19:24,208, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-27 07:19:24,208, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-27 07:19:24,208, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-27 07:19:24,214, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-27 07:19:24,386, INFO - Start executing installer wrapper
2026-04-27 07:19:24,388, INFO - scrubbed proxy settings: {}
2026-04-27 07:19:24,388, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-27 07:19:24,457, INFO - MDE is installed
2026-04-27 07:19:24,458, INFO - Wait for MDE service to be available
2026-04-27 07:19:25,222, INFO - MDE is onboarded
2026-04-27 07:19:25,525, INFO - MDC tags in MDE are valid
2026-04-27 07:19:25,525, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-04-28T07:18:21.949731Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Target handler state: enabled [etag_10778637439213513755]
2026-04-28T07:18:21.952901Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] [Enable] current handler state is: enabled
2026-04-28T07:18:21.953122Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Update settings file: 29.settings
2026-04-28T07:18:21.954608Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Requested extension state: enabled
2026-04-28T07:18:21.955109Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-28T07:18:21.955919Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1", "ConfigSequenceNumber": "29", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-28T07:18:23.965229Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-28 07:18:22,254, INFO - Start executing handler action: enable
2026-04-28 07:18:22,256, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status/29.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-28 07:18:22,289, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-28 07:18:22,317, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-28 07:18:22,318, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-28 07:18:22,318, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-28 07:18:22,318, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-28 07:18:22,322, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-28 07:18:22,499, INFO - Start executing installer wrapper
2026-04-28 07:18:22,501, INFO - scrubbed proxy settings: {}
2026-04-28 07:18:22,501, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-28 07:18:22,581, INFO - MDE is installed
2026-04-28 07:18:22,582, INFO - Wait for MDE service to be available
2026-04-28 07:18:23,602, INFO - MDE is onboarded
2026-04-28 07:18:23,908, INFO - MDC tags in MDE are valid
2026-04-28 07:18:23,909, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-04-29T07:21:23.507184Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Target handler state: enabled [etag_1953548401389386762]
2026-04-29T07:21:23.521151Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] [Enable] current handler state is: enabled
2026-04-29T07:21:23.521543Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Update settings file: 29.settings
2026-04-29T07:21:23.526713Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Requested extension state: enabled
2026-04-29T07:21:23.538816Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-29T07:21:23.539732Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1", "ConfigSequenceNumber": "29", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-29T07:21:27.558680Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-29 07:21:25,834, INFO - Start executing handler action: enable
2026-04-29 07:21:25,840, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status/29.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-29 07:21:25,970, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-29 07:21:26,006, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-29 07:21:26,006, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-29 07:21:26,006, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-29 07:21:26,006, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-29 07:21:26,013, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-29 07:21:26,294, INFO - Start executing installer wrapper
2026-04-29 07:21:26,307, INFO - scrubbed proxy settings: {}
2026-04-29 07:21:26,307, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-29 07:21:26,410, INFO - MDE is installed
2026-04-29 07:21:26,411, INFO - Wait for MDE service to be available
2026-04-30T07:23:47.287969Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Target handler state: enabled [etag_12607014540419932429]
2026-04-30T07:23:47.291496Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] [Enable] current handler state is: enabled
2026-04-30T07:23:47.291782Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Update settings file: 29.settings
2026-04-30T07:23:47.296523Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Requested extension state: enabled
2026-04-30T07:23:47.296937Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-04-30T07:23:47.297728Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1", "ConfigSequenceNumber": "29", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-04-30T07:23:49.307941Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-30 07:23:47,636, INFO - Start executing handler action: enable
2026-04-30 07:23:47,643, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status/29.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-04-30 07:23:47,678, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-04-30 07:23:47,703, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-04-30 07:23:47,704, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-04-30 07:23:47,704, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-04-30 07:23:47,704, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-04-30 07:23:47,715, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-04-30 07:23:47,898, INFO - Start executing installer wrapper
2026-04-30 07:23:47,900, INFO - scrubbed proxy settings: {}
2026-04-30 07:23:47,900, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-04-30 07:23:47,971, INFO - MDE is installed
2026-04-30 07:23:47,971, INFO - Wait for MDE service to be available
2026-04-30 07:23:49,190, INFO - MDE is onboarded
2026-05-01T07:28:14.588829Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Target handler state: enabled [etag_13500760084449161927]
2026-05-01T07:28:14.598671Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] [Enable] current handler state is: enabled
2026-05-01T07:28:14.605347Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Update settings file: 29.settings
2026-05-01T07:28:14.614217Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Requested extension state: enabled
2026-05-01T07:28:14.615520Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-05-01T07:28:14.623375Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1", "ConfigSequenceNumber": "29", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-05-01T07:28:18.689094Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-05-01 07:28:16,912, INFO - Start executing handler action: enable
2026-05-01 07:28:16,930, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status/29.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-05-01 07:28:17,222, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-05-01 07:28:17,274, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-05-01 07:28:17,274, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-05-01 07:28:17,274, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-05-01 07:28:17,275, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-05-01 07:28:17,329, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-05-02T07:23:39.695455Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Target handler state: enabled [etag_666713484710511109]
2026-05-02T07:23:39.726536Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] [Enable] current handler state is: enabled
2026-05-02T07:23:39.726763Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Update settings file: 29.settings
2026-05-02T07:23:39.788591Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Requested extension state: enabled
2026-05-02T07:23:39.840234Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-05-02T07:23:39.884637Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1", "ConfigSequenceNumber": "29", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-05-02T07:23:46.998359Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-05-02 07:23:44,632, INFO - Start executing handler action: enable
2026-05-02 07:23:44,691, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status/29.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-05-02 07:23:45,484, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-05-02 07:23:45,537, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-05-02 07:23:45,537, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-05-02 07:23:45,538, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-05-02 07:23:45,538, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-05-02 07:23:45,668, INFO - End executing handler action: enable
Python 2.7.5
2026-05-02T15:52:19.946535Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Target handler state: enabled [etag_3847744114533365091]
2026-05-02T15:52:19.960984Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] [Enable] current handler state is: enabled
2026-05-02T15:52:19.961224Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Update settings file: 30.settings
2026-05-02T15:52:19.978024Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Requested extension state: enabled
2026-05-02T15:52:19.978590Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-05-02T15:52:19.995614Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1", "ConfigSequenceNumber": "30", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-05-02T15:52:24.044965Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-05-02 15:52:22,424, INFO - Start executing handler action: enable
2026-05-02 15:52:22,451, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status/30.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-05-02 15:52:22,709, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-05-02 15:52:22,753, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-05-02 15:52:22,753, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-05-02 15:52:22,753, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-05-02 15:52:22,754, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-05-02 15:52:22,789, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-05-03T08:22:48.947073Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Target handler state: enabled [etag_13385004797550487736]
2026-05-03T08:22:48.965008Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] [Enable] current handler state is: enabled
2026-05-03T08:22:48.965214Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Update settings file: 30.settings
2026-05-03T08:22:48.999445Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Requested extension state: enabled
2026-05-03T08:22:49.016393Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-05-03T08:22:49.060879Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1", "ConfigSequenceNumber": "30", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-05-03T08:23:02.299355Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-05-03 08:22:59,651, INFO - Start executing handler action: enable
2026-05-03 08:22:59,670, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status/30.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-05-03 08:22:59,910, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-05-03 08:22:59,951, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-05-03 08:22:59,951, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-05-03 08:22:59,951, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-05-03 08:22:59,951, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-05-03 08:23:00,008, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-05-03 08:23:01,688, INFO - Start executing installer wrapper
2026-05-03 08:23:01,713, INFO - scrubbed proxy settings: {}
2026-05-03 08:23:01,713, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-05-03 08:23:01,881, INFO - MDE is installed
2026-05-03 08:23:01,881, INFO - Wait for MDE service to be available
2026-05-04T08:07:09.247384Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Target handler state: enabled [etag_11081445390125023321]
2026-05-04T08:07:09.274054Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] [Enable] current handler state is: enabled
2026-05-04T08:07:09.282161Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Update settings file: 30.settings
2026-05-04T08:07:09.352461Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Requested extension state: enabled
2026-05-04T08:07:09.370261Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-05-04T08:07:09.432600Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1", "ConfigSequenceNumber": "30", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-05-04T08:11:43.301048Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-05-04 08:11:39,491, INFO - Start executing handler action: enable
2026-05-04 08:11:39,706, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status/30.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-05-04 08:11:40,788, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-05-04 08:11:40,840, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-05-04 08:11:40,840, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-05-04 08:11:40,840, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-05-04 08:11:40,841, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-05-04 08:11:40,924, INFO - End executing handler action: enable
Python 2.7.5
2026-05-04T09:48:51.699042Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Target handler state: enabled [etag_11794717339167215096]
2026-05-04T09:48:51.715224Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] [Enable] current handler state is: enabled
2026-05-04T09:48:51.715457Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Update settings file: 30.settings
2026-05-04T09:48:51.742586Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Requested extension state: enabled
2026-05-04T09:48:51.759634Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-05-04T09:48:51.760717Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.11.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1", "ConfigSequenceNumber": "30", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-05-04T09:48:55.844750Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-05-04 09:48:54,048, INFO - Start executing handler action: enable
2026-05-04 09:48:54,066, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status/30.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-05-04 09:48:54,301, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-05-04 09:48:54,343, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/briscoewebsite-rg/providers/Microsoft.Compute/virtualMachines/Sparrow
2026-05-04 09:48:54,343, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-05-04 09:48:54,343, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-05-04 09:48:54,343, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-05-04 09:48:54,385, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-05-04 09:48:55,768, INFO - Start executing installer wrapper
2026-05-04 09:48:55,785, INFO - scrubbed proxy settings: {}
2026-05-04 09:48:55,785, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-06-03T17:55:38.110037Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Remove extension handler directory: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1
2026-06-03T17:55:38.976753Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1] Remove the extension slice: Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.11.1
2026-06-03T18:51:27.081109Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_5957925250121382884]
2026-06-03T18:51:27.082358Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: notinstalled
2026-06-03T18:51:27.344551Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Initializing extension Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1
2026-06-03T18:51:27.355723Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 0.settings
2026-06-03T18:51:27.356438Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Install extension [PythonRunner.sh src/MdeExtensionHandler.py install]
2026-06-03T18:51:27.357193Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py install with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "0", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-03T18:51:29.366168Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py install
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-03 18:51:28,230, INFO - Start executing handler action: install
2026-06-03 18:51:28,231, INFO - MDE installation will occur in 'enable'
2026-06-03 18:51:28,231, INFO - End executing handler action: install
2026-06-03T18:51:29.368272Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-03T18:51:29.368728Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-03T18:51:29.369563Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "0", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-03T18:51:31.379054Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-03 18:51:29,523, INFO - Start executing handler action: enable
2026-06-03 18:51:29,524, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/0.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-03 18:51:29,672, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-03 18:51:29,698, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-03 18:51:29,698, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-03 18:51:29,698, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-03 18:51:29,699, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-03 18:51:29,703, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-03 18:51:29,864, INFO - Start executing installer wrapper
2026-06-03 18:51:29,942, INFO - scrubbed proxy settings: {}
2026-06-03 18:51:29,942, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-06-03 18:51:30,037, INFO - MDE is installed
2026-06-03 18:51:30,038, INFO - Wait for MDE service to be available
2026-06-03 18:51:30,880, INFO - MDE is onboarded
2026-06-03 18:51:31,085, INFO - Start to run the tags set command: src/mde_installer.latest.sh --debug --tag SecurityWorkspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --tag AzureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-06-04T05:55:54.630683Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_5957925250121382884]
2026-06-04T05:55:54.631802Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-06-04T05:55:54.631987Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 0.settings
2026-06-04T05:55:54.632560Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-04T05:55:54.633001Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-04T05:55:54.633837Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "0", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-04T05:55:56.642021Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-04 05:55:54,821, INFO - Start executing handler action: enable
2026-06-04 05:55:54,822, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/0.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-04 05:55:54,846, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-04 05:55:54,876, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-04 05:55:54,876, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-04 05:55:54,877, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-04 05:55:54,877, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-04 05:55:54,883, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-04 05:55:55,038, INFO - Start executing installer wrapper
2026-06-04 05:55:55,039, INFO - scrubbed proxy settings: {}
2026-06-04 05:55:55,039, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-06-04 05:55:55,109, INFO - MDE is installed
2026-06-04 05:55:55,110, INFO - Wait for MDE service to be available
2026-06-04 05:55:55,586, INFO - MDE is onboarded
2026-06-04 05:55:55,988, INFO - MDC tags in MDE are valid
2026-06-04 05:55:55,988, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-06-04T17:26:27.575555Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [incarnation_1]
2026-06-04T17:26:27.592231Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-06-04T17:26:27.592471Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 0.settings
2026-06-04T17:26:27.600049Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-04T17:26:27.605440Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-04T17:26:27.606315Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "0", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-04T17:26:30.628286Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-04 17:26:28,838, INFO - Start executing handler action: enable
2026-06-04 17:26:28,849, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/0.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-04 17:26:28,899, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-04 17:26:28,928, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-04 17:26:28,928, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-04 17:26:28,928, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-04 17:26:28,929, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-04 17:26:28,937, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-04 17:26:29,252, INFO - Start executing installer wrapper
2026-06-04 17:26:29,266, INFO - scrubbed proxy settings: {}
2026-06-04 17:26:29,266, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-06-04 17:26:29,366, INFO - MDE is installed
2026-06-04 17:26:29,366, INFO - Wait for MDE service to be available
2026-06-04 17:26:29,570, INFO - start parsing onboarding script
2026-06-04 17:26:29,571, INFO - decode onboarding script successfully
2026-06-04 17:26:29,572, INFO - parse onboarding script successfully
2026-06-04 17:26:29,572, INFO - Starting onboarding script...
2026-06-04 17:26:29,572, INFO - Checking if Mde is installed
2026-06-04 17:26:29,572, INFO - Mde is installed: True
2026-06-04 17:26:29,572, INFO - Removing offboarding file if exists
2026-06-05T15:25:10.104891Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_3785498038376696557]
2026-06-05T15:25:10.107098Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-06-05T15:25:10.116206Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 0.settings
2026-06-05T15:25:10.116804Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-05T15:25:10.117265Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-05T15:25:10.118086Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "0", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-05T15:25:12.127854Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-05 15:25:10,353, INFO - Start executing handler action: enable
2026-06-05 15:25:10,363, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/0.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-05 15:25:10,423, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-05 15:25:10,445, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-05 15:25:10,445, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-05 15:25:10,445, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-05 15:25:10,445, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-05 15:25:10,450, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-05 15:25:10,629, INFO - Start executing installer wrapper
2026-06-05 15:25:10,630, INFO - scrubbed proxy settings: {}
2026-06-05 15:25:10,630, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-06-05 15:25:10,706, INFO - MDE is installed
2026-06-05 15:25:10,707, INFO - Wait for MDE service to be available
2026-06-05 15:25:11,318, INFO - MDE is onboarded
2026-06-05 15:25:11,614, INFO - MDC tags in MDE are valid
2026-06-05 15:25:11,615, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-06-05T15:26:43.783287Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_3785498038376696557]
2026-06-05T15:26:43.789062Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-06-05T15:26:43.789252Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 0.settings
2026-06-05T15:26:43.795086Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-05T15:26:43.801107Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-05T15:26:43.802083Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "0", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-05T15:26:45.820273Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-05 15:26:44,535, INFO - Start executing handler action: enable
2026-06-05 15:26:44,548, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/0.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-05 15:26:44,608, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-05 15:26:44,636, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-05 15:26:44,637, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-05 15:26:44,637, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-05 15:26:44,637, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-05 15:26:44,644, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-05 15:26:44,918, INFO - Start executing installer wrapper
2026-06-05 15:26:44,925, INFO - scrubbed proxy settings: {}
2026-06-05 15:26:44,925, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-06-05 15:26:45,018, INFO - MDE is installed
2026-06-05 15:26:45,018, INFO - Wait for MDE service to be available
2026-06-05 15:26:45,185, INFO - start parsing onboarding script
2026-06-05 15:26:45,186, INFO - decode onboarding script successfully
2026-06-05 15:26:45,187, INFO - parse onboarding script successfully
2026-06-05 15:26:45,187, INFO - Starting onboarding script...
2026-06-05 15:26:45,187, INFO - Checking if Mde is installed
2026-06-05 15:26:45,187, INFO - Mde is installed: True
2026-06-05 15:26:45,187, INFO - Removing offboarding file if exists
2026-06-05T16:38:52.808715Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_11730688249083273392]
2026-06-05T16:38:52.810025Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-06-05T16:38:52.820757Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 0.settings
2026-06-05T16:38:52.821491Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-05T16:38:52.822111Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-05T16:38:52.823037Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "0", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-05T16:38:54.832651Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-05 16:38:52,992, INFO - Start executing handler action: enable
2026-06-05 16:38:52,993, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/0.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-05 16:38:53,018, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-05 16:38:53,049, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-05 16:38:53,049, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-05 16:38:53,049, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-05 16:38:53,049, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-05 16:38:53,055, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-05 16:38:53,232, INFO - Start executing installer wrapper
2026-06-05 16:38:53,232, INFO - scrubbed proxy settings: {}
2026-06-05 16:38:53,232, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-06-05 16:38:53,299, INFO - MDE is installed
2026-06-05 16:38:53,300, INFO - Wait for MDE service to be available
2026-06-05 16:38:53,790, INFO - MDE is onboarded
2026-06-05 16:38:54,093, INFO - MDC tags in MDE are valid
2026-06-05 16:38:54,094, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-06-06T00:38:41.656289Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_10793570085390001136]
2026-06-06T00:38:41.666540Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-06-06T00:38:41.666800Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 0.settings
2026-06-06T00:38:41.667476Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-06T00:38:41.668163Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-06T00:38:41.668977Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "0", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-06T00:38:43.678547Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-06 00:38:41,937, INFO - Start executing handler action: enable
2026-06-06 00:38:41,939, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/0.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-06 00:38:41,992, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-06 00:38:42,022, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-06 00:38:42,022, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-06 00:38:42,022, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-06 00:38:42,022, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-06 00:38:42,029, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-06 00:38:42,225, INFO - Start executing installer wrapper
2026-06-06 00:38:42,227, INFO - scrubbed proxy settings: {}
2026-06-06 00:38:42,227, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-06-06 00:38:42,299, INFO - MDE is installed
2026-06-06 00:38:42,299, INFO - Wait for MDE service to be available
2026-06-06 00:38:42,797, INFO - MDE is onboarded
2026-06-06 00:38:43,094, INFO - MDC tags in MDE are valid
2026-06-06 00:38:43,095, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-06-07T00:34:27.360376Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_3777090120746601660]
2026-06-07T00:34:27.379467Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-06-07T00:34:27.379840Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 0.settings
2026-06-07T00:34:27.388294Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-07T00:34:27.389053Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-07T00:34:27.390104Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "0", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-07T00:34:31.454171Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-07 00:34:29,363, INFO - Start executing handler action: enable
2026-06-07 00:34:29,373, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/0.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-07 00:34:29,560, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-07 00:34:29,609, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-07 00:34:29,610, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-07 00:34:29,610, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-07 00:34:29,610, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-07 00:34:29,638, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-07 00:34:30,743, INFO - Start executing installer wrapper
2026-06-07 00:34:30,761, INFO - scrubbed proxy settings: {}
2026-06-07 00:34:30,761, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-06-07 00:34:30,910, INFO - MDE is installed
2026-06-07 00:34:30,910, INFO - Wait for MDE service to be available
2026-06-08T00:33:34.239197Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_11696124761663296394]
2026-06-08T00:33:34.258837Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-06-08T00:33:34.259078Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 0.settings
2026-06-08T00:33:34.270813Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-08T00:33:34.280801Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-08T00:33:34.281649Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "0", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-08T00:33:38.323412Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-08 00:33:36,188, INFO - Start executing handler action: enable
2026-06-08 00:33:36,198, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/0.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-08 00:33:36,445, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-08 00:33:36,502, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-08 00:33:36,503, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-08 00:33:36,503, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-08 00:33:36,503, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-08 00:33:36,532, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-08 00:33:37,712, INFO - Start executing installer wrapper
2026-06-08 00:33:37,732, INFO - scrubbed proxy settings: {}
2026-06-08 00:33:37,732, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-06-08 00:33:37,906, INFO - MDE is installed
2026-06-08 00:33:37,906, INFO - Wait for MDE service to be available
2026-06-09T00:37:57.016325Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_1297766706083683501]
2026-06-09T00:37:57.064329Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-06-09T00:37:57.064604Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 0.settings
2026-06-09T00:37:57.103181Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-09T00:37:57.122472Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-09T00:37:57.209061Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "0", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-09T00:38:15.310782Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-09 00:38:11,105, INFO - Start executing handler action: enable
2026-06-09 00:38:11,152, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/0.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-09 00:38:13,573, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-09 00:38:13,614, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-09 00:38:13,614, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-09 00:38:13,632, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-09 00:38:13,632, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-09 00:38:13,737, INFO - End executing handler action: enable
Python 2.7.5
2026-06-10T00:39:12.278725Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_7850601371130100190]
2026-06-10T00:39:12.308985Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-06-10T00:39:12.309420Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 0.settings
2026-06-10T00:39:12.318371Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-10T00:39:12.348231Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-10T00:39:12.368105Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "0", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-10T00:39:25.190075Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-10 00:39:22,568, INFO - Start executing handler action: enable
2026-06-10 00:39:22,595, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/0.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-10 00:39:23,211, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-10 00:39:23,250, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-10 00:39:23,251, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-10 00:39:23,251, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-10 00:39:23,251, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-10 00:39:23,346, INFO - End executing handler action: enable
Python 2.7.5
2026-06-10T23:24:51.797368Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_17415088490050557511]
2026-06-10T23:24:51.815792Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-06-10T23:24:51.815996Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 1.settings
2026-06-10T23:24:51.816694Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-10T23:24:51.817225Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-10T23:24:51.825842Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "1", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-10T23:24:54.873895Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-10 23:24:53,313, INFO - Start executing handler action: enable
2026-06-10 23:24:53,324, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/1.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-10 23:24:53,546, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-10 23:24:53,594, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-10 23:24:53,595, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-10 23:24:53,595, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-10 23:24:53,595, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-10 23:24:53,614, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-10 23:24:54,614, INFO - Start executing installer wrapper
2026-06-10 23:24:54,625, INFO - scrubbed proxy settings: {}
2026-06-10 23:24:54,625, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-06-10 23:24:54,778, INFO - MDE is installed
2026-06-10 23:24:54,778, INFO - Wait for MDE service to be available
2026-06-11T00:35:49.143221Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_12659319463765994845]
2026-06-11T00:35:49.151812Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-06-11T00:35:49.152071Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 1.settings
2026-06-11T00:35:49.152767Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-11T00:35:49.160299Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-11T00:35:49.162227Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "1", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-11T00:35:52.231189Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-11 00:35:49,940, INFO - Start executing handler action: enable
2026-06-11 00:35:49,941, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/1.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-11 00:35:50,080, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-11 00:35:50,120, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-11 00:35:50,126, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-11 00:35:50,127, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-11 00:35:50,127, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-11 00:35:50,145, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-11 00:35:50,917, INFO - Start executing installer wrapper
2026-06-11 00:35:50,917, INFO - scrubbed proxy settings: {}
2026-06-11 00:35:50,917, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-06-11 00:35:51,083, INFO - MDE is installed
2026-06-11 00:35:51,083, INFO - Wait for MDE service to be available
2026-06-19T16:58:57.470688Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [incarnation_1]
2026-06-19T16:58:57.489255Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-06-19T16:58:57.489440Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 1.settings
2026-06-19T16:58:57.506349Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-19T16:58:57.516735Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-19T16:58:57.517531Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "1", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-19T16:59:00.541411Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-19 16:58:58,800, INFO - Start executing handler action: enable
2026-06-19 16:58:58,810, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/1.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-19 16:58:58,905, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-19 16:58:58,942, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-19 16:58:58,942, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-19 16:58:58,942, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-19 16:58:58,942, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-19 16:58:58,955, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-19 16:58:59,359, INFO - Start executing installer wrapper
2026-06-19 16:58:59,374, INFO - scrubbed proxy settings: {}
2026-06-19 16:58:59,374, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-06-19 16:58:59,531, INFO - MDE is installed
2026-06-19 16:58:59,531, INFO - Wait for MDE service to be available
2026-06-19 16:58:59,774, INFO - start parsing onboarding script
2026-06-19 16:58:59,774, INFO - decode onboarding script successfully
2026-06-19 16:58:59,775, INFO - parse onboarding script successfully
2026-06-19 16:58:59,775, INFO - Starting onboarding script...
2026-06-19 16:58:59,776, INFO - Checking if Mde is installed
2026-06-19 16:58:59,776, INFO - Mde is installed: True
2026-06-19 16:58:59,776, INFO - Removing offboarding file if exists
2026-06-19T17:45:00.660846Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_9731357922524104936]
2026-06-19T17:45:01.167206Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-06-19T17:45:01.167468Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 2.settings
2026-06-19T17:45:01.310379Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-19T17:45:01.764434Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-19T17:45:01.771527Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "2", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-19T17:54:23.641561Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-19 17:54:22,122, INFO - Start executing handler action: enable
2026-06-19 17:54:22,151, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/2.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-19 17:54:22,288, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-19 17:54:22,316, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-19 17:54:22,317, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-19 17:54:22,317, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-19 17:54:22,317, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-19 17:54:22,324, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-19T20:00:07.318851Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_4865638414751240004]
2026-06-19T20:00:07.320398Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-06-19T20:00:07.320601Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 2.settings
2026-06-19T20:00:07.349158Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-19T20:00:07.349745Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-19T20:00:07.358907Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "2", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-19T20:00:10.414431Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-19 20:00:08,483, INFO - Start executing handler action: enable
2026-06-19 20:00:08,492, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/2.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-19 20:00:08,686, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-19 20:00:08,722, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-19 20:00:08,722, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-19 20:00:08,722, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-19 20:00:08,722, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-19 20:00:08,780, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-19 20:00:09,505, INFO - Start executing installer wrapper
2026-06-19 20:00:09,506, INFO - scrubbed proxy settings: {}
2026-06-19 20:00:09,506, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-06-19 20:00:09,629, INFO - MDE is installed
2026-06-19 20:00:09,629, INFO - Wait for MDE service to be available
2026-06-20T00:34:41.402712Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_15707291395876127048]
2026-06-20T00:34:41.423619Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-06-20T00:34:41.423896Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 2.settings
2026-06-20T00:34:41.424613Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-20T00:34:41.425309Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-20T00:34:41.434267Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "2", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-20T00:34:46.488865Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-20 00:34:44,274, INFO - Start executing handler action: enable
2026-06-20 00:34:44,294, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/2.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-20 00:34:44,562, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-20 00:34:44,602, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-20 00:34:44,603, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-20 00:34:44,603, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-20 00:34:44,603, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-20 00:34:44,641, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-20 00:34:45,782, INFO - Start executing installer wrapper
2026-06-20 00:34:45,800, INFO - scrubbed proxy settings: {}
2026-06-20 00:34:45,800, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-06-20 00:34:45,982, INFO - MDE is installed
2026-06-20 00:34:45,982, INFO - Wait for MDE service to be available
2026-06-21T00:30:46.847023Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_18351519407614449687]
2026-06-21T00:30:46.865799Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-06-21T00:30:46.866019Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 2.settings
2026-06-21T00:30:46.884874Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-21T00:30:46.885470Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-21T00:30:46.886262Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "2", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-21T00:30:50.968873Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-21 00:30:49,069, INFO - Start executing handler action: enable
2026-06-21 00:30:49,088, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/2.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-21 00:30:49,362, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-21 00:30:49,404, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-21 00:30:49,404, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-21 00:30:49,404, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-21 00:30:49,405, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-21 00:30:49,453, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-21 00:30:50,514, INFO - Start executing installer wrapper
2026-06-21 00:30:50,524, INFO - scrubbed proxy settings: {}
2026-06-21 00:30:50,524, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-06-21 00:30:50,711, INFO - MDE is installed
2026-06-21 00:30:50,711, INFO - Wait for MDE service to be available
2026-06-22T00:38:15.284558Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_14435894838082581937]
2026-06-22T00:38:15.312667Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-06-22T00:38:15.312910Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 2.settings
2026-06-22T00:38:15.321467Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-22T00:38:15.322067Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-22T00:38:15.323156Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "2", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-22T00:38:19.374725Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-22 00:38:17,465, INFO - Start executing handler action: enable
2026-06-22 00:38:17,485, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/2.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-22 00:38:17,622, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-22 00:38:17,663, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-22 00:38:17,663, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-22 00:38:17,680, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-22 00:38:17,680, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-22 00:38:17,717, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-22 00:38:18,425, INFO - Start executing installer wrapper
2026-06-22 00:38:18,427, INFO - scrubbed proxy settings: {}
2026-06-22 00:38:18,427, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-06-22 00:38:18,553, INFO - MDE is installed
2026-06-22 00:38:18,553, INFO - Wait for MDE service to be available
2026-06-23T00:38:04.535288Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_7487664294924722696]
2026-06-23T00:38:04.544935Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-06-23T00:38:04.545309Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 2.settings
2026-06-23T00:38:04.554680Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-23T00:38:04.564002Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-23T00:38:04.564917Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "2", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-23T00:38:08.638826Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-23 00:38:06,460, INFO - Start executing handler action: enable
2026-06-23 00:38:06,479, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/2.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-23 00:38:06,694, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-23 00:38:06,744, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-23 00:38:06,744, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-23 00:38:06,744, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-23 00:38:06,745, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-23 00:38:06,772, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-23 00:38:07,912, INFO - Start executing installer wrapper
2026-06-23 00:38:07,931, INFO - scrubbed proxy settings: {}
2026-06-23 00:38:07,931, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-06-23 00:38:08,111, INFO - MDE is installed
2026-06-23 00:38:08,111, INFO - Wait for MDE service to be available
2026-06-24T00:33:27.142688Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_10122855270789515354]
2026-06-24T00:33:27.163221Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-06-24T00:33:27.163407Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 2.settings
2026-06-24T00:33:27.172550Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-24T00:33:27.173016Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-24T00:33:27.263051Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "2", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-24T00:33:33.308834Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-24 00:33:30,693, INFO - Start executing handler action: enable
2026-06-24 00:33:30,713, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/2.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-24 00:33:30,960, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-24 00:33:31,010, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-24 00:33:31,010, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-24 00:33:31,028, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-24 00:33:31,028, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-24 00:33:31,078, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-24 00:33:32,098, INFO - Start executing installer wrapper
2026-06-24 00:33:32,110, INFO - scrubbed proxy settings: {}
2026-06-24 00:33:32,110, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-06-24 00:33:32,274, INFO - MDE is installed
2026-06-24 00:33:32,274, INFO - Wait for MDE service to be available
2026-06-25T00:38:30.054910Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_11037975941497848693]
2026-06-25T00:38:30.083355Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-06-25T00:38:30.083574Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 2.settings
2026-06-25T00:38:30.159470Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-25T00:38:30.178889Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-25T00:38:30.197781Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "2", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-25T00:46:19.652732Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-25 00:46:15,893, INFO - Start executing handler action: enable
2026-06-25 00:46:15,942, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/2.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-25 00:46:17,487, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-25 00:46:17,554, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-25 00:46:17,555, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-25 00:46:17,555, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-25 00:46:17,555, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-25 00:46:17,597, INFO - End executing handler action: enable
Python 2.7.5
2026-06-26T00:35:36.356953Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_14222222625037051955]
2026-06-26T00:35:36.367327Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-06-26T00:35:36.384465Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 2.settings
2026-06-26T00:35:36.385235Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-26T00:35:36.385864Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-26T00:35:36.386759Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "2", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-26T00:35:40.439614Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-26 00:35:38,313, INFO - Start executing handler action: enable
2026-06-26 00:35:38,341, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/2.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-26 00:35:38,589, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-26 00:35:38,648, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-26 00:35:38,648, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-26 00:35:38,648, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-26 00:35:38,649, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-26 00:35:38,668, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-26 00:35:39,803, INFO - Start executing installer wrapper
2026-06-26 00:35:39,821, INFO - scrubbed proxy settings: {}
2026-06-26 00:35:39,821, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-06-26 00:35:40,026, INFO - MDE is installed
2026-06-26 00:35:40,026, INFO - Wait for MDE service to be available
2026-06-26T23:43:10.269099Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_12416564269279759682]
2026-06-26T23:43:10.290209Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-06-26T23:43:10.290507Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 3.settings
2026-06-26T23:43:10.291280Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-26T23:43:10.298278Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-26T23:43:10.299236Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "3", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-26T23:43:14.359483Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-26 23:43:12,329, INFO - Start executing handler action: enable
2026-06-26 23:43:12,348, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/3.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-26 23:43:12,610, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-26 23:43:12,653, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-26 23:43:12,654, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-26 23:43:12,654, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-26 23:43:12,654, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-26 23:43:12,701, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-26 23:43:13,877, INFO - Start executing installer wrapper
2026-06-26 23:43:13,896, INFO - scrubbed proxy settings: {}
2026-06-26 23:43:13,897, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-06-26 23:43:14,065, INFO - MDE is installed
2026-06-26 23:43:14,065, INFO - Wait for MDE service to be available
2026-06-27T00:39:12.227421Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_13196583211798895676]
2026-06-27T00:39:12.236060Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-06-27T00:39:12.236292Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 3.settings
2026-06-27T00:39:12.237250Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-27T00:39:12.237872Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-27T00:39:12.245755Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "3", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-27T00:39:15.288103Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-27 00:39:13,137, INFO - Start executing handler action: enable
2026-06-27 00:39:13,155, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/3.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-27 00:39:13,352, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-27 00:39:13,401, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BRISCOEWEBSITE-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-27 00:39:13,401, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-27 00:39:13,401, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-27 00:39:13,401, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-27 00:39:13,442, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-27 00:39:14,368, INFO - Start executing installer wrapper
2026-06-27 00:39:14,369, INFO - scrubbed proxy settings: {}
2026-06-27 00:39:14,369, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-06-27 00:39:14,574, INFO - MDE is installed
2026-06-27 00:39:14,574, INFO - Wait for MDE service to be available
2026-06-28T00:40:03.167822Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_6238848962652718474]
2026-06-28T00:40:04.357215Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-06-28T00:40:04.357560Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 3.settings
2026-06-28T00:40:05.218303Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-28T00:40:05.256054Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-28T00:40:05.776490Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "3", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-28T00:52:01.289725Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-28 00:51:56,301, INFO - Start executing handler action: enable
2026-06-28 00:51:56,466, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/3.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-28 00:51:59,004, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-28 00:51:59,063, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-28 00:51:59,063, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-28 00:51:59,063, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-28 00:51:59,064, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-28 00:51:59,073, INFO - End executing handler action: enable
Python 2.7.5
2026-06-29T00:46:08.512063Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_13039760288072284504]
2026-06-29T00:47:26.480587Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-06-29T00:47:26.676744Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 3.settings
2026-06-29T00:47:27.242446Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-29T00:47:27.262259Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-29T00:47:27.440321Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "3", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-29T01:06:39.662486Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-29 01:06:37,522, INFO - Start executing handler action: enable
2026-06-29 01:06:37,571, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/3.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-29 01:06:37,855, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-29 01:06:37,893, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-29 01:06:37,894, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-29 01:06:37,894, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-29 01:06:37,894, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-29 01:06:37,931, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-29 01:06:39,483, INFO - Start executing installer wrapper
2026-06-29 01:06:39,493, INFO - scrubbed proxy settings: {}
2026-06-29 01:06:39,493, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-06-29T19:48:58.790779Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [incarnation_1]
2026-06-29T19:48:58.879239Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-06-29T19:48:58.879462Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 3.settings
2026-06-29T19:48:58.882966Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-29T19:48:58.893549Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-29T19:48:58.894278Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "3", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-29T19:49:04.909225Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-29 19:49:03,549, INFO - Start executing handler action: enable
2026-06-29 19:49:03,592, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/3.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-29 19:49:03,646, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-29 19:49:03,659, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-29 19:49:03,659, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-29 19:49:03,659, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-29 19:49:03,660, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-29 19:49:03,667, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-29 19:49:03,954, INFO - Start executing installer wrapper
2026-06-29 19:49:04,033, INFO - scrubbed proxy settings: {}
2026-06-29 19:49:04,034, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-06-29 19:49:04,109, INFO - MDE is installed
2026-06-29 19:49:04,109, INFO - Wait for MDE service to be available
2026-06-29 19:49:04,676, INFO - start parsing onboarding script
2026-06-29 19:49:04,677, INFO - decode onboarding script successfully
2026-06-29 19:49:04,678, INFO - parse onboarding script successfully
2026-06-29 19:49:04,678, INFO - Starting onboarding script...
2026-06-29 19:49:04,678, INFO - Checking if Mde is installed
2026-06-29 19:49:04,678, INFO - Mde is installed: True
2026-06-29 19:49:04,678, INFO - Removing offboarding file if exists
2026-06-30T00:38:27.356246Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_554450403725246037]
2026-06-30T00:38:27.357343Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-06-30T00:38:27.362926Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 3.settings
2026-06-30T00:38:27.363533Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-06-30T00:38:27.363941Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-06-30T00:38:27.364871Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "3", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-06-30T00:38:29.373862Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-30 00:38:27,582, INFO - Start executing handler action: enable
2026-06-30 00:38:27,584, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/3.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-06-30 00:38:27,612, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-06-30 00:38:27,626, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-06-30 00:38:27,626, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-06-30 00:38:27,626, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-06-30 00:38:27,626, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-06-30 00:38:27,632, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-06-30 00:38:27,795, INFO - Start executing installer wrapper
2026-06-30 00:38:27,796, INFO - scrubbed proxy settings: {}
2026-06-30 00:38:27,796, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-06-30 00:38:27,866, INFO - MDE is installed
2026-06-30 00:38:27,866, INFO - Wait for MDE service to be available
2026-06-30 00:38:28,393, INFO - MDE is onboarded
2026-06-30 00:38:28,599, INFO - MDC tags in MDE are valid
2026-06-30 00:38:28,599, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-07-01T00:32:52.868813Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_13506432562867180198]
2026-07-01T00:32:52.880406Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-07-01T00:32:52.880638Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 3.settings
2026-07-01T00:32:52.881644Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-07-01T00:32:52.882136Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-07-01T00:32:52.883421Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "3", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-07-01T00:32:54.890123Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-07-01 00:32:53,130, INFO - Start executing handler action: enable
2026-07-01 00:32:53,132, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/3.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-07-01 00:32:53,165, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-07-01 00:32:53,188, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-07-01 00:32:53,188, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-07-01 00:32:53,188, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-07-01 00:32:53,189, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-07-01 00:32:53,193, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-07-01 00:32:53,350, INFO - Start executing installer wrapper
2026-07-01 00:32:53,351, INFO - scrubbed proxy settings: {}
2026-07-01 00:32:53,351, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-07-01 00:32:53,423, INFO - MDE is installed
2026-07-01 00:32:53,423, INFO - Wait for MDE service to be available
2026-07-01 00:32:53,809, INFO - MDE is onboarded
2026-07-01 00:32:54,083, INFO - MDC tags in MDE are valid
2026-07-01 00:32:54,083, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-07-02T00:37:07.774016Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_12282070791434839248]
2026-07-02T00:37:07.775015Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-07-02T00:37:07.775208Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 3.settings
2026-07-02T00:37:07.775787Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-07-02T00:37:07.776213Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-07-02T00:37:07.776886Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "3", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-07-02T00:37:09.783906Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-07-02 00:37:07,929, INFO - Start executing handler action: enable
2026-07-02 00:37:07,930, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/3.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-07-02 00:37:07,954, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-07-02 00:37:07,976, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-07-02 00:37:07,976, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-07-02 00:37:07,977, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-07-02 00:37:07,977, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-07-02 00:37:07,981, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-07-02 00:37:08,134, INFO - Start executing installer wrapper
2026-07-02 00:37:08,135, INFO - scrubbed proxy settings: {}
2026-07-02 00:37:08,135, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-07-02 00:37:08,201, INFO - MDE is installed
2026-07-02 00:37:08,201, INFO - Wait for MDE service to be available
2026-07-02 00:37:08,693, INFO - MDE is onboarded
2026-07-02 00:37:08,988, INFO - MDC tags in MDE are valid
2026-07-02 00:37:08,988, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log
2026-07-03T00:41:09.470989Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Target handler state: enabled [etag_12512009580379855828]
2026-07-03T00:41:09.472208Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] [Enable] current handler state is: enabled
2026-07-03T00:41:09.472425Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Update settings file: 3.settings
2026-07-03T00:41:09.473059Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Requested extension state: enabled
2026-07-03T00:41:09.473488Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Enable extension: [PythonRunner.sh src/MdeExtensionHandler.py enable]
2026-07-03T00:41:09.474139Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Executing command: /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/PythonRunner.sh src/MdeExtensionHandler.py enable with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.14.1", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Value\": \"1.0\", \"Key\": \"ExtensionTelemetryPipeline\"}]", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1", "ConfigSequenceNumber": "3", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16"}
2026-07-03T00:41:11.482310Z INFO ExtHandler [Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1] Command: PythonRunner.sh src/MdeExtensionHandler.py enable
[stdout]
[stderr]
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-07-03 00:41:09,640, INFO - Start executing handler action: enable
2026-07-03 00:41:09,641, INFO - Set handler status file /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status/3.status, Status= transitioning, Code= 1, Message= Configuration In Progress
2026-07-03 00:41:09,667, INFO - Could not reach Azure Instance Metadata Service: <urlopen error [Errno 111] Connection refused>
2026-07-03 00:41:09,687, INFO - Successfully retrieved AzureResourceID from IMDS: /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourceGroups/BriscoeWebsite-RG/providers/Microsoft.Compute/virtualMachines/Sparrow-New-June
2026-07-03 00:41:09,688, INFO - Successfully retrieved autoUpdate from extension public settings: True
2026-07-03 00:41:09,688, INFO - Successfully retrieved defenderForEndpointOnboardingScript from extension protected settings
2026-07-03 00:41:09,688, INFO - Running command in separate process: ./PythonRunner.sh src/MdeInstallerWrapper.py --workspaceId 0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338 --azureResourceId /subscriptions/0c6ced9c-a92c-40d4-94a4-b4b5ed6a1338/resourcegroups/briscoewebsite-rg/providers/microsoft.compute/virtualmachines/sparrow-new-june --logFolder /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux --statusFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/status --configFolder /var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/config --autoUpdate TRUE --avMode noAction --onboardingBase64Script <<PII>>
2026-07-03 00:41:09,692, INFO - End executing handler action: enable
Python 2.7.5
/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.14.1/ext/future/subprocess32/__init__.py:149: RuntimeWarning: The _posixsubprocess module is not being used. Child process reliability may suffer if your program uses threads.
  "program uses threads.", RuntimeWarning)
2026-07-03 00:41:09,860, INFO - Start executing installer wrapper
2026-07-03 00:41:09,860, INFO - scrubbed proxy settings: {}
2026-07-03 00:41:09,860, INFO - Get latest installation script from https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh
2026-07-03 00:41:09,932, INFO - MDE is installed
2026-07-03 00:41:09,932, INFO - Wait for MDE service to be available
2026-07-03 00:41:10,498, INFO - MDE is onboarded
2026-07-03 00:41:10,802, INFO - MDC tags in MDE are valid
2026-07-03 00:41:10,803, INFO - Start to run the update command: src/mde_installer.latest.sh --debug --upgrade -y --log-path /var/log/azure/Microsoft.Azure.AzureDefenderForServers.MDE.Linux/MdeInstallerLog.log