Azure Security Center monitors the status of antimalware protection and reports this on the Endpoint protection issues blade. Security Center notes issues, such as detected threats and insufficient protection, that might make your VMs and computers vulnerable to malware threats. By using the information on Endpoint protection issues, you can make a plan to address any identified issues.
Security Center reports the following endpoint protection issues:
- Endpoint protection not installed on Azure VMs. A supported antimalware solution isn't installed on these Azure VMs.
- Endpoint protection not installed on non-Azure computers. A supported antimalware solution isn't installed on these non-Azure computers.
- Endpoint protection health issues:
- Signature out of date. An antimalware solution is installed on these VMs and computers, but the solution doesn't have the latest antimalware signatures. No real time protection. An antimalware solution is installed on these VMs and computers, but it isn't configured for real-time protection. The service might be disabled, or Security Center might be unable to obtain the status because the solution isn't supported.
- Not reporting. An antimalware solution is installed but not reporting data. *Unknown. An antimalware solution is installed, but either its status is unknown or it's reporting an unknown error.
Create an Azure Virtual Machine with the Antimalware extension
Enable and configure antimalware for VMs To enable and configure Microsoft Antimalware for Azure VMs by using the Azure portal while provisioning a VM, complete the following steps:
- Sign in to the Azure portal at https://portal.azure.com
- To create a new VM, navigate to Virtual machines, select Add, and then select Windows Server under the image dropdown.
- Enter the following details for the VM:
|Resource Group||Create new > myResourceGroup|
|Image||Windows Server 2019 Datacenter|
- Click the Management Tab and ensure all the radio buttons are set to Off.
- Click the Advanmced Tab and click Select an extension to install.
- Select the Microsoft Antimalware extension. You may need to click Load More at the bottom of the list to see the extension.
- On the Microsoft Antimalware blade click Create.
- In the Install extension section, you can configure files, locations, process exclusions, and other scan options.
- In the Excluded file types enter .mdf;.log
- In the Excluded processes enter SQLServr.exe
- Select OK.
- Back in the Settings section, select Review + create.
- Click Create on the validation screen.
- Once the VM has created log onto the VM via RDP and open Microsoft Antimalware > Exclusions to verify the deployment was successful.