Antimalware Mcafee

Posted onby admin

The mitigation is to create a custom Expert Rule in ePO that prevents unauthorized uninstallation of the ENS antimalware engine. For instructions, see: KB94133 - REGISTERED - Create an Expert Rule that prevents unauthorized uninstall of the Endpoint Security antimalware engine (CVE-2021-23880).

  1. Download Antivirus - Software for Windows. Download Avast Free Antivirus, Advanced SystemCare Ultimate, Microsoft Security Essentials and more.
  2. McAfee Award-Winning Antivirus for PC, Android, and iOS. Browse the web privately, safely, and securely with our VPN. Download McAfee for Free Today!
-->

Applies to: Configuration Manager (current branch)

You can deploy antimalware policies to collections of Configuration Manager client computers to specify how Endpoint Protection protects them from malware and other threats. These policies include information about the scan schedule, the types of files and folders to scan, and the actions to take when malware is detected. When you enable Endpoint Protection, a default antimalware policy is applied to client computers. You can also use one of the supplied policy templates or create a custom policy to meet the specific needs of your environment.

Configuration Manager supplies a selection of predefined templates. These are optimized for various scenarios and can be imported into Configuration Manager. These templates are available in the folder <ConfigMgr Install Folder>AdminConsoleXMLStorageEPTemplates.

Important

If you create a new antimalware policy and deploy it to a collection, this antimalware policy overrides the default antimalware policy.

Use the procedures in this topic to create or import antimalware policies and assign them to Configuration Manager client computers in your hierarchy.

Note

Engine

Before you perform these procedures, ensure that Configuration Manager is configured for Endpoint Protection as described in Configuring Endpoint Protection.

Modify the default antimalware policy

  1. In the Configuration Manager console, click Assets and Compliance.

  2. In the Assets and Compliance workspace, expand Endpoint Protection, and then click Antimalware Policies.

  3. Select the antimalware policy Default Client Antimalware Policy and then, on the Home tab, in the Properties group, click Properties.

  4. In the Default Antimalware Policy dialog box, configure the settings that you require for this antimalware policy, and then click OK.

    Note

    For a list of settings that you can configure, see List of Antimalware Policy Settings in this topic.

Create a new antimalware policy

  1. In the Configuration Manager console, click Assets and Compliance.

  2. In the Assets and Compliance workspace, expand Endpoint Protection, and then click Antimalware Policies.

  3. On the Home tab, in the Create group, click Create Antimalware Policy.

  4. In the General section of the Create Antimalware Policy dialog box, enter a name and a description for the policy.

  5. In the Create Antimalware Policy dialog box, configure the settings that you require for this antimalware policy, and then click OK. For a list of settings that you can configure, see List of Antimalware Policy Settings.

  6. Verify that the new antimalware policy is displayed in the Antimalware Policies list.

Import an antimalware policy

  1. In the Configuration Manager console, click Assets and Compliance.

  2. In the Assets and Compliance workspace, expand Endpoint Protection, and then click Antimalware Policies.

  3. In the Home tab, in the Create group, click Import.

  4. In the Open dialog box, browse to the policy file to import, and then click Open.

  5. In the Create Antimalware Policy dialog box, review the settings to use, and then click OK.

  6. Verify that the new antimalware policy is displayed in the Antimalware Policies list.

Deploy an antimalware policy to client computers

  1. In the Configuration Manager console, click Assets and Compliance.

  2. In the Assets and Compliance workspace, expand Endpoint Protection, and then click Antimalware Policies.

  3. In the Antimalware Policies list, select the antimalware policy to deploy. Then, on the Home tab, in the Deployment group, click Deploy.

    Note

    The Deploy option cannot be used with the default client malware policy.

  4. In the Select Collection dialog box, select the device collection to which you want to deploy the antimalware policy, and then click OK.

List of Antimalware Policy Settings

Many of the antimalware settings are self-explanatory. Use the following sections for more information about the settings that might require more information before you configure them.

Scheduled Scans Settings

Scan type - You can specify one of two scan types to run on client computers:

  • Quick scan - This type of scan checks the in-memory processes and folders where malware is typically found. It requires fewer resources than a full scan.

  • Full Scan - This type of scan adds a full check of all local files and folders to the items scanned in the quick scan. This scan takes longer than a quick scan and uses more CPU processing and memory resources on client computers.

    In most cases, use Quick scan to minimize the use of system resources on client computers. If malware removal requires a full scan, Endpoint Protection generates an alert that is displayed in the Configuration Manager console. The default value is Quick scan.

Scan Settings

Scan email and email attachments - Set to Yes to turn on e-mail scanning.

Scan removable storage devices such as USB drives - Set to Yes to scan removable drives during full scans.

Scan network files - Set to Yes to scan network files.

Scan mapped network drives when running a full scan - Set to Yes to scan any mapped network drives on client computers. Enabling this setting might significantly increase the scan time on client computers.

  • The Scan network files setting must be set to Yes for this setting to be available to configure.

  • By default, this setting is set to No, meaning that a full scan will not access mapped network drives.

Scan archived files - Set to Yes to scan archived files such as .zip or .rar files.

Allow users to configure CPU usage during scans - Set to Yes to allow users to specify maximum percentage of CPU utilization during a scan. Scans will not always use the maximum load defined by users, but they cannot exceed it.

User control of scheduled scans - Specify level of user control. Allow users to set Scan time only or Full control of antivirus scans on their devices.

Default Actions Settings

Select the action to take when malware is detected on client computers. The following actions can be applied, depending on the alert threat level of the detected malware.

  • Recommended - Use the action recommended in the malware definition file.

  • Quarantine - Quarantine the malware but do not remove it.

  • Remove - Remove the malware from the computer.

  • Allow - Do not remove or quarantine the malware.

Real-time Protection Settings

Setting nameDescription
Enable real-time protectionSet to Yes to configure real-time protection settings for client computers. We recommend that you enable this setting.
Monitor file and program activity on your computerSet to Yes if you want Endpoint Protection to monitor when files and programs start to run on client computers and to alert you about any actions that they perform or actions taken on them.
Scan system filesThis setting lets you configure whether incoming, outgoing, or incoming and outgoing system files are monitored for malware. For performance reasons, you might have to change the default value of Scan incoming and outgoing files if a server has high incoming or outgoing file activity.
Enable behavior monitoringEnable this setting to use computer activity and file data to detect unknown threats. When this setting is enabled, it might increase the time required to scan computers for malware.
Enable protection against network-based exploitsEnable this setting to protect computers against known network exploits by inspecting network traffic and blocking any suspicious activity.
Enable script scanningFor Configuration Manager with no service pack only.
Enable this setting if you want to scan any scripts that run on computers for suspicious activity.
Block Potentially Unwanted Applications at download and prior to installationPotential Unwanted Applications (PUA) is a threat classification based on reputation and research-driven identification. Most commonly, these are unwanted application bundlers or their bundled applications.
Microsoft Edge also provides settings to block potentially unwanted applications. Explore these options for complete protection against unwanted applications.
Beginning in version 1602 of Configuration Manager, this protection policy setting is available and set to Yes by default. When enabled, this setting blocks PUA at download and install time. However, you can exclude specific files or folders to meet the specific needs of your business or organization.

Exclusion Settings

For information about folders, files, and processes that are recommended for exclusion in Configuration Manager 2012 and Current Branch, see Recommended antivirus exclusions for Configuration Manager 2012 and current branch site servers, site systems, and clients.

Anti-malware free

Excluded files and folders:

Click Set to open the Configure File and Folder Exclusions dialog box and specify the names of the files and folders to exclude from Endpoint Protection scans.

If you want to exclude files and folders that are located on a mapped network drive, specify the name of each folder in the network drive individually. For example, if a network drive is mapped as F:MyFolder and it contains subfolders named Folder1, Folder2 and Folder 3, specify the following exclusions:

  • F:MyFolderFolder1

  • F:MyFolderFolder2

  • F:MyFolderFolder3

Beginning in version 1602, the existing Exclude files and folders setting in the Exclusion settings section of an antimalware policy is improved to allow device exclusions. For example, you can now specify the following as an exclusion: devicemvfs (for Multiversion File System). The policy does not validate the device path; the Endpoint Protection policy is provided to the antimalware engine on the client which must be able to interpret the device string.

Excluded file types:

Click Set to open the Configure File Type Exclusions dialog box and specify the file extensions to exclude from Endpoint Protection scans. You can use wildcards when defining items in the exclusion list. For more information, see Use wildcards in the file name and folder path or extension exclusion lists.

Excluded processes:

Click Set to open the Configure Process Exclusions dialog box and specify the processes to exclude from Endpoint Protection scans. You can use wildcards when defining items in the exclusion list, however, there are some limitations. For more information, see Use wildcards in the process exclusion list

Advanced Settings

Enable reparse point scanning - Set to Yes if you want Endpoint Protection to scan NTFS reparse points.

For more information about reparse points, see Reparse Points in the Windows Dev Center.

Randomize the scheduled scan start times (within 30 minutes) - Set to Yes to help avoid flooding the network, which can occur if all computers send their antimalware scans results to the Configuration Manager database at the same time. For Windows Defender Antivirus, this randomizes the scan start time to any interval from 0 to 4 hours, or for FEP and SCEP, to any interval plus or minus 30 minutes. This can be useful in VM or VDI deployments. This setting is also useful when you run multiple virtual machines on a single host. Select this option to reduce the amount of simultaneous disk access for antimalware scanning.

Beginning in version 1602 of Configuration Manager, the antimalware engine may request file samples to be sent to Microsoft for further analysis. By default, it will always prompt before it sends such samples. Administrators can now manage the following settings to configure this behavior:

Enable auto sample file submission to help Microsoft determine whether certain detected items are Malicious - Set to Yes to enable auto sample file submission. By default, this setting is No which means auto sample file submission is disabled and users are prompted before sending samples.

Allow users to modify auto sample file submission settings - This determines whether a user with local admin rights on a device can change the auto sample file submission setting in the client interface. By default, this setting is 'No' which means it can only be changed from the Configuration Manager console, and local admins on a device cannot change this configuration.
For example, the following shows this setting in Windows 10 set by the administrator as enabled, and greyed out to prevent changes by the user.

Threat Overrides Settings

Threat name and override action - Click Set to customize the remediation action to take for each threat ID when it is detected during a scan.

Note

The list of threat names might not be available immediately after the configuration of Endpoint Protection. Wait until the Endpoint Protection point has synchronized the threat information, and then try again.

Cloud Protection Service

Cloud Protection Service enables the collection of information about detected malware on managed systems and the actions taken. This information is sent to Microsoft.

Cloud Protection Service membership

  • Do not join Cloud Protection Service - No information is sent
  • Basic - Collect and send lists of detected malware
  • Advanced - Basic information as well as more comprehensive information that could contain personal information. For example, file paths and partial memory dumps.

Allow users to modify Cloud Protection Service settings - Toggles user control of Cloud Protection Service settings.

Level for blocking suspicious files - Specify the level at which the Endpoint Protection Cloud Protection Service will block suspicious files.

  • Normal - The default Windows Defender blocking level
  • High - Aggressively blocks unknown files while optimizing for performance (greater chance of blocking non-harmful files)
  • High with extra protection - Aggressively blocks unknown files and applies additional protection measures (might impact client device performance)
  • Block unknown programs - Blocks all unknown programs

Allow extended cloud check to block and scan for up to (seconds) - Specifies the number of seconds Cloud Protection Service can block a file while the service checks that the file is not known to be malicious.

Note

The number of seconds that you select for this setting is in addition to a default 10-second timeout. For example, if you enter 0 seconds, the Cloud Protection Service blocks the file for 10 seconds.

Details of Cloud Protection Service reporting

FrequencyData collected or sentUse of data
When Windows Defender updates virus and spyware protection or definition files- Version of virus and spyware definitions
- Virus and spyware protection version
Microsoft uses this information to ensure the latest virus and spyware updates are present on computers. If not present, Windows Defender updates automatically so computer protection stays up-to-date.
If Windows Defender finds potentially harmful or unwanted software on computers- Name of potentially harmful or unwanted software
- How the software was found
- Any actions that Windows Defender took to deal with the software
- Files affected by the software
- Information about the computer from the manufacturer (Sysconfig, SysModel, SysMarker)
Windows Defender uses this information to determine the type and severity of potentially unwanted software, and the best action to take. Microsoft also uses this information to help improve the accuracy of virus and spyware protection.
Once a month- Virus and spyware definition update status
- Status of real-time virus and spyware monitoring (on or off)
Windows Defender uses this information to verify that computers have the latest virus and spyware protection version and definitions. Microsoft also wants to make sure that real-time virus and spyware monitoring is turned on. This is a critical part of helping protect computers from potentially harmful or unwanted software.
During installation, or whenever users manually perform virus and spyware scan of your computerList of running processes in your computer's memoryTo identify any processes that might have been compromised by potentially harmful software.

Microsoft collects only the names of affected files, not the contents of the files themselves.This information helps determine what systems are especially vulnerable to specific threats.

Definition Updates Settings

Set sources and order for Endpoint Protection client updates - Click Set Source to specify the sources for definition and scanning engine updates. You can also specify the order in which these sources are used. If Configuration Manager is specified as one of the sources, then the other sources are used only if software updates fail to download the client updates.

If you use any of the following methods to update the definitions on client computers, then the client computers must be able to access the Internet.

  • Updates distributed from Microsoft Update

  • Updates distributed from Microsoft Malware Protection Center

Important

Clients download definition updates by using the built-in system account. You must configure a proxy server for this account to enable these clients to connect to the Internet.

If you have configured a software updates automatic deployment rule to deliver definition updates to client computers, these updates will be delivered regardless of the definition updates settings.

-->

Microsoft Antimalware for Azure is a free real-time protection that helps identify and remove viruses, spyware, and other malicious software. It generates alerts when known malicious or unwanted software tries to install itself or run on your Azure systems.

The solution is built on the same antimalware platform as Microsoft Security Essentials [MSE], Microsoft Forefront Endpoint Protection, Microsoft System Center Endpoint Protection, Microsoft Intune, and Microsoft Defender. Microsoft Antimalware for Azure is a single-agent solution for applications and tenant environments, designed to run in the background without human intervention. Protection may be deployed based on the needs of application workloads, with either basic secure-by-default or advanced custom configuration, including antimalware monitoring.

When you deploy and enable Microsoft Antimalware for Azure for your applications, the following core features are available:

  • Real-time protection - monitors activity in Cloud Services and on Virtual Machines to detect and block malware execution.
  • Scheduled scanning - Scans periodically to detect malware, including actively running programs.
  • Malware remediation - automatically takes action on detected malware, such as deleting or quarantining malicious files and cleaning up malicious registry entries.
  • Signature updates - automatically installs the latest protection signatures (virus definitions) to ensure protection is up-to-date on a pre-determined frequency.
  • Antimalware Engine updates – automatically updates the Microsoft Antimalware engine.
  • Antimalware Platform updates – automatically updates the Microsoft Antimalware platform.
  • Active protection - reports telemetry metadata about detected threats and suspicious resources to Microsoft Azure to ensure rapid response to the evolving threat landscape, as well as enabling real-time synchronous signature delivery through the Microsoft Active Protection System (MAPS).
  • Samples reporting - provides and reports samples to the Microsoft Antimalware service to help refine the service and enable troubleshooting.
  • Exclusions – allows application and service administrators to configure exclusions for files, processes, and drives.
  • Antimalware event collection - records the antimalware service health, suspicious activities, and remediation actions taken in the operating system event log and collects them into the customer’s Azure Storage account.

Note

Microsoft Antimalware can also be deployed using Azure Security Center. Read Install Endpoint Protection in Azure Security Center for more information.

Architecture

Samsung

Microsoft Antimalware for Azure includes the Microsoft Antimalware Client and Service, Antimalware classic deployment model, Antimalware PowerShell cmdlets, and Azure Diagnostics Extension. Microsoft Antimalware is supported on Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 operating system families. It is not supported on the Windows Server 2008 operating system, and also is not supported in Linux.

The Microsoft Antimalware Client and Service is installed by default in a disabled state in all supported Azure guest operating system families in the Cloud Services platform. The Microsoft Antimalware Client and Service is not installed by default in the Virtual Machines platform and is available as an optional feature through the Azure portal and Visual Studio Virtual Machine configuration under Security Extensions.

When using Azure App Service on Windows, the underlying service that hosts the web app has Microsoft Antimalware enabled on it. This is used to protect Azure App Service infrastructure and does not run on customer content.

Note

Microsoft Defender is the built-in Antimalware enabled in Windows Server 2016. The Microsoft Defender Interface is also enabled by default on some Windows Server 2016 SKU's see here for more information.The Azure VM Antimalware extension can still be added to a Windows Server 2016 Azure VM with Microsoft Defender, but in this scenario the extension will apply any optional configuration policies to be used by Microsoft Defender, the extension will not deploy any additional antimalware services.You can read more about this update here.

Microsoft antimalware workflow

The Azure service administrator can enable Antimalware for Azure with a default or custom configuration for your Virtual Machines and Cloud Services using the following options:

  • Virtual Machines – In the Azure portal, under Security Extensions
  • Virtual Machines – Using the Visual Studio virtual machines configuration in Server Explorer
  • Virtual Machines and Cloud Services – Using the Antimalware classic deployment model
  • Virtual Machines and Cloud Services – Using Antimalware PowerShell cmdlets

The Azure portal or PowerShell cmdlets push the Antimalware extension package file to the Azure system at a pre-determined fixed location. The Azure Guest Agent (or the Fabric Agent) launches the Antimalware Extension, applying the Antimalware configuration settings supplied as input. This step enables the Antimalware service with either default or custom configuration settings. If no custom configuration is provided, then the antimalware service is enabled with the default configuration settings. Refer to the Antimalware configuration section in the Microsoft Antimalware for Azure – Code Samples for more details.

Once running, the Microsoft Antimalware client downloads the latest protection engine and signature definitions from the Internet and loads them on the Azure system. The Microsoft Antimalware service writes service-related events to the system OS events log under the “Microsoft Antimalware” event source. Events include the Antimalware client health state, protection and remediation status, new and old configuration settings, engine updates and signature definitions, and others.

You can enable Antimalware monitoring for your Cloud Service or Virtual Machine to have the Antimalware event log events written as they are produced to your Azure storage account. The Antimalware Service uses the Azure Diagnostics extension to collect Antimalware events from the Azure system into tables in the customer’s Azure Storage account.

The deployment workflow including configuration steps and options supported for the above scenarios are documented in Antimalware deployment scenarios section of this document.

Note

You can however use Powershell/APIs and Azure Resource Manager templates to deploy Virtual Machine Scale Sets with the Microsoft Anti-Malware extension. For installing an extension on an already running Virtual Machine, you can use the sample python script vmssextn.py. This script gets the existing extension config on the Scale Set and adds an extension to the list of existing extensions on the VM Scale Sets.

Anti Malware Mcafee Free

Default and Custom Antimalware Configuration

The default configuration settings are applied to enable Antimalware for Azure Cloud Services or Virtual Machines when you do not provide custom configuration settings. The default configuration settings have been pre-optimized for running in the Azure environment. Optionally, you can customize these default configuration settings as required for your Azure application or service deployment and apply them for other deployment scenarios.

The following table summarizes the configuration settings available for the Antimalware service. The default configuration settings are marked under the column labeled “Default” below.

Antimalware Deployment Scenarios

The scenarios to enable and configure antimalware, including monitoring for Azure Cloud Services and Virtual Machines, are discussed in this section.

Virtual machines - enable and configure antimalware

Deployment While creating a VM using the Azure portal

To enable and configure Microsoft Antimalware for Azure Virtual Machines using the Azure portal while provisioning a Virtual Machine, follow the steps below:

  1. Sign in to the Azure portal at https://portal.azure.com.
  2. To create a new virtual machine, navigate to Virtual machines, select Add, and choose Windows Server.
  3. Select the version of Windows server that you would like to use.
  4. Select Create.
  5. Provide a Name, Username, Password, and create a new resource group or choose an existing resource group.
  6. Select Ok.
  7. Choose a vm size.
  8. In the next section, make the appropriate choices for your needs select the Extensions section.
  9. Select Add extension
  10. Under New resource, choose Microsoft Antimalware.
  11. Select Create
  12. In the Install extension section file, locations, and process exclusions can be configured as well as other scan options. Choose Ok.
  13. Choose Ok.
  14. Back in the Settings section, choose Ok.
  15. In the Create screen, choose Ok.

See this Azure Resource Manager template for deployment of Antimalware VM extension for Windows.

Deployment using the Visual Studio virtual machine configuration

To enable and configure the Microsoft Antimalware service using Visual Studio:

  1. Connect to Microsoft Azure in Visual Studio.

  2. Choose your Virtual Machine in the Virtual Machines node in Server Explorer

  3. Right-click configure to view the Virtual Machine configuration page

  4. Select Microsoft Antimalware extension from the dropdown list under Installed Extensions and click Add to configure with default antimalware configuration.

  5. To customize the default Antimalware configuration, select (highlight) the Antimalware extension in the installed extensions list and click Configure.

  6. Replace the default Antimalware configuration with your custom configuration in supported JSON format in the public configuration textbox and click OK.

  7. Click the Update button to push the configuration updates to your Virtual Machine.

Note

The Visual Studio Virtual Machines configuration for Antimalware supports only JSON format configuration. The Antimalware JSON configuration settings template is included in the Microsoft Antimalware For Azure - Code Samples, showing the supported Antimalware configuration settings.

Deployment Using PowerShell cmdlets

Mcafee Anti Malware Samsung

An Azure application or service can enable and configure Microsoft Antimalware for Azure Virtual Machines using PowerShell cmdlets.

To enable and configure Microsoft Antimalware using PowerShell cmdlets:

  1. Set up your PowerShell environment - Refer to the documentation at https://github.com/Azure/azure-powershell
  2. Use the Set-AzureVMMicrosoftAntimalwareExtension cmdlet to enable and configure Microsoft Antimalware for your Virtual Machine.

Note

The Azure Virtual Machines configuration for Antimalware supports only JSON format configuration. The Antimalware JSON configuration settings template is included in the Microsoft Antimalware For Azure - Code Samples, showing the supported Antimalware configuration settings.

Enable and Configure Antimalware Using PowerShell cmdlets

An Azure application or service can enable and configure Microsoft Antimalware for Azure Cloud Services using PowerShell cmdlets. Note that Microsoft Antimalware is installed in a disabled state in the Cloud Services platform and requires an action by an Azure application to enable it.

To enable and configure Microsoft Antimalware using PowerShell cmdlets:

  1. Set up your PowerShell environment - Refer to the documentation at https://github.com/Azure/azure-powershell
  2. Use the Set-AzureServiceExtension cmdlet to enable and configure Microsoft Antimalware for your Cloud Service.

The Antimalware XML configuration settings template is included in the Microsoft Antimalware For Azure - Code Samples, showing the supported Antimalware configuration settings.

Cloud Services and Virtual Machines - Configuration Using PowerShell cmdlets

Free mcafee malware protection

An Azure application or service can retrieve the Microsoft Antimalware configuration for Cloud Services and Virtual Machines using PowerShell cmdlets.

To retrieve the Microsoft Antimalware configuration using PowerShell cmdlets:

Malwarebytes Anti-malware Mcafee

  1. Set up your PowerShell environment - Refer to the documentation at https://github.com/Azure/azure-powershell
  2. For Virtual Machines: Use the Get-AzureVMMicrosoftAntimalwareExtension cmdlet to get the antimalware configuration.
  3. For Cloud Services: Use the Get-AzureServiceExtension cmdlet to get the Antimalware configuration.

Remove Antimalware Configuration Using PowerShell cmdlets

An Azure application or service can remove the Antimalware configuration and any associated Antimalware monitoring configuration from the relevant Azure Antimalware and diagnostics service extensions associated with the Cloud Service or Virtual Machine.

To remove Microsoft Antimalware using PowerShell cmdlets:

  1. Set up your PowerShell environment - Refer to the documentation at https://github.com/Azure/azure-powershell
  2. For Virtual Machines: Use the Remove-AzureVMMicrosoftAntimalwareExtension cmdlet.
  3. For Cloud Services: Use the Remove-AzureServiceExtension cmdlet.

To enable antimalware event collection for a virtual machine using the Azure Preview Portal:

  1. Click any part of the Monitoring lens in the Virtual Machine blade
  2. Click the Diagnostics command on Metric blade
  3. Select Status ON and check the option for Windows event system
  4. . You can choose to uncheck all other options in the list, or leave them enabled per your application service needs.
  5. The Antimalware event categories “Error”, “Warning”, “Informational”, etc., are captured in your Azure Storage account.

Antimalware events are collected from the Windows event system logs to your Azure Storage account. You can configure the Storage Account for your Virtual Machine to collect Antimalware events by selecting the appropriate storage account.

Enable and configure antimalware using PowerShell cmdlets for Azure Resource Manager VMs

You can enable and configure Microsoft Antimalware for Azure Resource Manager VMs using PowerShell cmdlets.

To enable and configure Microsoft antimalware using antimalware PowerShell cmdlets:

Free Mcafee Scan And Repair

  1. Set up your PowerShell environment using this documentation on GitHub.
  2. Use the Set-AzureRmVMExtension cmdlet to enable and configure Microsoft Antimalware for your VM.

The following code samples are available:

Enable and configure Antimalware to Azure Cloud Service Extended Support (CS-ES) using PowerShell cmdlets

To enable and configure Microsoft Antimalware using PowerShell cmdlets:

  1. Set up your PowerShell environment - Refer to the documentation at https://github.com/Azure/azure-powershell
  2. Use the New-AzCloudServiceExtensionObject cmdlet to enable and configure Microsoft Antimalware for your Cloud Service VM.

The following code sample is available:

Next steps

See code samples to enable and configure Microsoft Antimalware for Azure Resource Manager (ARM) virtual machines.