Malware Antivirus Protection

broken image


-->

Microsoft Antimalware for Azure is a free real-time protection that helps identify and remove viruses, spyware, and other malicious software. It generates alerts when known malicious or unwanted software tries to install itself or run on your Azure systems.

The solution is built on the same antimalware platform as Microsoft Security Essentials [MSE], Microsoft Forefront Endpoint Protection, Microsoft System Center Endpoint Protection, Microsoft Intune, and Microsoft Defender. Microsoft Antimalware for Azure is a single-agent solution for applications and tenant environments, designed to run in the background without human intervention. Protection may be deployed based on the needs of application workloads, with either basic secure-by-default or advanced custom configuration, including antimalware monitoring.

When you deploy and enable Microsoft Antimalware for Azure for your applications, the following core features are available:

  • Real-time protection - monitors activity in Cloud Services and on Virtual Machines to detect and block malware execution.
  • Scheduled scanning - Scans periodically to detect malware, including actively running programs.
  • Malware remediation - automatically takes action on detected malware, such as deleting or quarantining malicious files and cleaning up malicious registry entries.
  • Signature updates - automatically installs the latest protection signatures (virus definitions) to ensure protection is up-to-date on a pre-determined frequency.
  • Antimalware Engine updates – automatically updates the Microsoft Antimalware engine.
  • Antimalware Platform updates – automatically updates the Microsoft Antimalware platform.
  • Active protection - reports telemetry metadata about detected threats and suspicious resources to Microsoft Azure to ensure rapid response to the evolving threat landscape, as well as enabling real-time synchronous signature delivery through the Microsoft Active Protection System (MAPS).
  • Samples reporting - provides and reports samples to the Microsoft Antimalware service to help refine the service and enable troubleshooting.
  • Exclusions – allows application and service administrators to configure exclusions for files, processes, and drives.
  • Antimalware event collection - records the antimalware service health, suspicious activities, and remediation actions taken in the operating system event log and collects them into the customer's Azure Storage account.

Note

Microsoft Antimalware can also be deployed using Azure Security Center. Read Install Endpoint Protection in Azure Security Center for more information.

Should your device become infected by a virus, Norton Experts are on-call to help. ∆ We're so confident in our antivirus and malware protection that if they can't remove the virus, you get your money back. Learn more about our 100% Virus Protection Promise. Antivirus products distinguish themselves by going beyond the basics of on-demand scanning and real-time malware protection. Some rate URLs that you visit or that show up in search results, using.

Architecture

Microsoft Antimalware for Azure includes the Microsoft Antimalware Client and Service, Antimalware classic deployment model, Antimalware PowerShell cmdlets, and Azure Diagnostics Extension. Microsoft Antimalware is supported on Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 operating system families. It is not supported on the Windows Server 2008 operating system, and also is not supported in Linux.

The Microsoft Antimalware Client and Service is installed by default in a disabled state in all supported Azure guest operating system families in the Cloud Services platform. The Microsoft Antimalware Client and Service is not installed by default in the Virtual Machines platform and is available as an optional feature through the Azure portal and Visual Studio Virtual Machine configuration under Security Extensions.

When using Azure App Service on Windows, the underlying service that hosts the web app has Microsoft Antimalware enabled on it. This is used to protect Azure App Service infrastructure and does not run on customer content.

Note

Microsoft Defender is the built-in Antimalware enabled in Windows Server 2016. The Microsoft Defender Interface is also enabled by default on some Windows Server 2016 SKU's see here for more information.The Azure VM Antimalware extension can still be added to a Windows Server 2016 Azure VM with Microsoft Defender, but in this scenario the extension will apply any optional configuration policies to be used by Microsoft Defender, the extension will not deploy any additional antimalware services.You can read more about this update here.

Microsoft antimalware workflow

The Azure service administrator can enable Antimalware for Azure with a default or custom configuration for your Virtual Machines and Cloud Services using the following options:

  • Virtual Machines – In the Azure portal, under Security Extensions
  • Virtual Machines – Using the Visual Studio virtual machines configuration in Server Explorer
  • Virtual Machines and Cloud Services – Using the Antimalware classic deployment model
  • Virtual Machines and Cloud Services – Using Antimalware PowerShell cmdlets

The Azure portal or PowerShell cmdlets push the Antimalware extension package file to the Azure system at a pre-determined fixed location. The Azure Guest Agent (or the Fabric Agent) launches the Antimalware Extension, applying the Antimalware configuration settings supplied as input. This step enables the Antimalware service with either default or custom configuration settings. If no custom configuration is provided, then the antimalware service is enabled with the default configuration settings. Refer to the Antimalware configuration section in the Microsoft Antimalware for Azure – Code Samples for more details.

Once running, the Microsoft Antimalware client downloads the latest protection engine and signature definitions from the Internet and loads them on the Azure system. The Microsoft Antimalware service writes service-related events to the system OS events log under the 'Microsoft Antimalware' event source. Events include the Antimalware client health state, protection and remediation status, new and old configuration settings, engine updates and signature definitions, and others.

You can enable Antimalware monitoring for your Cloud Service or Virtual Machine to have the Antimalware event log events written as they are produced to your Azure storage account. The Antimalware Service uses the Azure Diagnostics extension to collect Antimalware events from the Azure system into tables in the customer's Azure Storage account.

The deployment workflow including configuration steps and options supported for the above scenarios are documented in Antimalware deployment scenarios section of this document.

Malware antivirus protection

Note

You can however use Powershell/APIs and Azure Resource Manager templates to deploy Virtual Machine Scale Sets with the Microsoft Anti-Malware extension. For installing an extension on an already running Virtual Machine, you can use the sample python script vmssextn.py. This script gets the existing extension config on the Scale Set and adds an extension to the list of existing extensions on the VM Scale Sets.

Default and Custom Antimalware Configuration

The default configuration settings are applied to enable Antimalware for Azure Cloud Services or Virtual Machines when you do not provide custom configuration settings. The default configuration settings have been pre-optimized for running in the Azure environment. Optionally, you can customize these default configuration settings as required for your Azure application or service deployment and apply them for other deployment scenarios.

The following table summarizes the configuration settings available for the Antimalware service. The default configuration settings are marked under the column labeled 'Default' below.

Antimalware Deployment Scenarios

The scenarios to enable and configure antimalware, including monitoring for Azure Cloud Services and Virtual Machines, are discussed in this section.

Virtual machines - enable and configure antimalware

Deployment While creating a VM using the Azure portal

To enable and configure Microsoft Antimalware for Azure Virtual Machines using the Azure portal while provisioning a Virtual Machine, follow the steps below:

  1. Sign in to the Azure portal at https://portal.azure.com.
  2. To create a new virtual machine, navigate to Virtual machines, select Add, and choose Windows Server.
  3. Select the version of Windows server that you would like to use.
  4. Select Create.
  5. Provide a Name, Username, Password, and create a new resource group or choose an existing resource group.
  6. Select Ok.
  7. Choose a vm size.
  8. In the next section, make the appropriate choices for your needs select the Extensions section.
  9. Select Add extension
  10. Under New resource, choose Microsoft Antimalware.
  11. Select Create
  12. In the Install extension section file, locations, and process exclusions can be configured as well as other scan options. Choose Ok.
  13. Choose Ok.
  14. Back in the Settings section, choose Ok.
  15. In the Create screen, choose Ok.

See this Azure Resource Manager template for deployment of Antimalware VM extension for Windows.

Deployment using the Visual Studio virtual machine configuration

To enable and configure the Microsoft Antimalware service using Visual Studio:

  1. Connect to Microsoft Azure in Visual Studio.

  2. Choose your Virtual Machine in the Virtual Machines node in Server Explorer

  3. Right-click configure to view the Virtual Machine configuration page

  4. Select Microsoft Antimalware extension from the dropdown list under Installed Extensions and click Add to configure with default antimalware configuration.

  5. To customize the default Antimalware configuration, select (highlight) the Antimalware extension in the installed extensions list and click Configure.

  6. Replace the default Antimalware configuration with your custom configuration in supported JSON format in the public configuration textbox and click OK.

  7. Click the Update button to push the configuration updates to your Virtual Machine.

Note

The Visual Studio Virtual Machines configuration for Antimalware supports only JSON format configuration. The Antimalware JSON configuration settings template is included in the Microsoft Antimalware For Azure - Code Samples, showing the supported Antimalware configuration settings.

Deployment Using PowerShell cmdlets

Free Antivirus & Malware Protection

An Azure application or service can enable and configure Microsoft Antimalware for Azure Virtual Machines using PowerShell cmdlets.

To enable and configure Microsoft Antimalware using PowerShell cmdlets: Postcard printing mailing.

  1. Set up your PowerShell environment - Refer to the documentation at https://github.com/Azure/azure-powershell
  2. Use the Set-AzureVMMicrosoftAntimalwareExtension cmdlet to enable and configure Microsoft Antimalware for your Virtual Machine.

Note

The Azure Virtual Machines configuration for Antimalware supports only JSON format configuration. The Antimalware JSON configuration settings template is included in the Microsoft Antimalware For Azure - Code Samples, showing the supported Antimalware configuration settings.

Enable and Configure Antimalware Using PowerShell cmdlets

An Azure application or service can enable and configure Microsoft Antimalware for Azure Cloud Services using PowerShell cmdlets. Note that Microsoft Antimalware is installed in a disabled state in the Cloud Services platform and requires an action by an Azure application to enable it.

To enable and configure Microsoft Antimalware using PowerShell cmdlets:

  1. Set up your PowerShell environment - Refer to the documentation at https://github.com/Azure/azure-powershell
  2. Use the Set-AzureServiceExtension cmdlet to enable and configure Microsoft Antimalware for your Cloud Service.

The Antimalware XML configuration settings template is included in the Microsoft Antimalware For Azure - Code Samples, showing the supported Antimalware configuration settings.

Cloud Services and Virtual Machines - Configuration Using PowerShell cmdlets

An Azure application or service can retrieve the Microsoft Antimalware configuration for Cloud Services and Virtual Machines using PowerShell cmdlets.

To retrieve the Microsoft Antimalware configuration using PowerShell cmdlets:

Malware Antivirus Protection Download

  1. Set up your PowerShell environment - Refer to the documentation at https://github.com/Azure/azure-powershell
  2. For Virtual Machines: Use the Get-AzureVMMicrosoftAntimalwareExtension cmdlet to get the antimalware configuration.
  3. For Cloud Services: Use the Get-AzureServiceExtension cmdlet to get the Antimalware configuration.

Remove Antimalware Configuration Using PowerShell cmdlets

An Azure application or service can remove the Antimalware configuration and any associated Antimalware monitoring configuration from the relevant Azure Antimalware and diagnostics service extensions associated with the Cloud Service or Virtual Machine.

To remove Microsoft Antimalware using PowerShell cmdlets:

  1. Set up your PowerShell environment - Refer to the documentation at https://github.com/Azure/azure-powershell
  2. For Virtual Machines: Use the Remove-AzureVMMicrosoftAntimalwareExtension cmdlet.
  3. For Cloud Services: Use the Remove-AzureServiceExtension cmdlet.

To enable antimalware event collection for a virtual machine using the Azure Preview Portal:

  1. Click any part of the Monitoring lens in the Virtual Machine blade
  2. Click the Diagnostics command on Metric blade
  3. Select Status ON and check the option for Windows event system
  4. . You can choose to uncheck all other options in the list, or leave them enabled per your application service needs.
  5. The Antimalware event categories 'Error', 'Warning', 'Informational', etc., are captured in your Azure Storage account.

Antimalware events are collected from the Windows event system logs to your Azure Storage account. You can configure the Storage Account for your Virtual Machine to collect Antimalware events by selecting the appropriate storage account.

Enable and configure antimalware using PowerShell cmdlets for Azure Resource Manager VMs

You can enable and configure Microsoft Antimalware for Azure Resource Manager VMs using PowerShell cmdlets.

To enable and configure Microsoft antimalware using antimalware PowerShell cmdlets:

  1. Set up your PowerShell environment using this documentation on GitHub.
  2. Use the Set-AzureRmVMExtension cmdlet to enable and configure Microsoft Antimalware for your VM.

The following code samples are available:

Enable and configure Antimalware to Azure Cloud Service Extended Support (CS-ES) using PowerShell cmdlets

To enable and configure Microsoft Antimalware using PowerShell cmdlets:

  1. Set up your PowerShell environment - Refer to the documentation at https://github.com/Azure/azure-powershell
  2. Use the New-AzCloudServiceExtensionObject cmdlet to enable and configure Microsoft Antimalware for your Cloud Service VM.

The following code sample is available:

Next steps

See code samples to enable and configure Microsoft Antimalware for Azure Resource Manager (ARM) virtual machines.

Antimalware and antivirus solutions

Because so many types of malware and viruses are in the wild—and cybercriminals are creating more every day—most antimalware and antivirus solutions rely on multiple methods to detect and block suspicious files. The four main types of malware detection are:

  • Signature-based scanning. This is a basic approach that all antimalware programs use, including free ones. Signature-based scanners rely on a database of known virus signatures. The success of the scanner depends on the freshness of the signatures in the database.
  • Heuristic analysis. This detects viruses by their similarity to related viruses. It examines samples of core code in the malware rather than the entire signature. Heuristic scanning can detect a virus even if it is hidden under additional junk code.
  • Real-time behavioral monitoring solutions. These seek unexpected actions, such as an application sending gigabytes of data over the network. It blocks the activity and hunts the malware behind it. This approach is helpful in detecting fileless malware.
  • Sandbox analysis. This moves suspect files to a sandbox or secured environment in order to activate and analyze the file without exposing the rest of the network to potential risk.

IT security professionals can augment their organization's malware and virus defenses by updating and patching applications and platforms. Patches and updates are especially critical for preventing fileless malware, which targets application vulnerabilities and cannot be easily detected with antimalware solutions. Shopify landing page template.

Likewise, implementing and encouraging data security best practices can be valuable in preventing data breaches. Basic best practices for password management and role-based access to data and applications, for example, can minimize the odds of a hacker gaining access to a system and limit a hacker's ability to do damage if they gain access. Regular security updates for employees can also help them spot potential threats and remind employees to practice good security hygiene.





broken image
PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save