Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,160 questions
Got this working by my self
Microsoft Antimalware Extension
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 56.00000000000001%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Bombbe
1,611
Reputation points
Hi, since Windows Defender is not supported on Server 2012 R2 I'm looking for endpoint protection solutions to vms in Azure. I came a cross Microsoft Antimalware Extension for Windows which could solve my issues but have few questions about this service still.
Refering to this:
https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/iaas-antimalware-windows#internet-connectivity
"The Microsoft Antimalware for Windows requires that the target virtual machine is connected to the internet to receive regular engine and signature updates."
- Does anybody know if is possible to get updates to Signature, Antimalware Engine and Antimalware Platform from WSUS? Most of our vms don't have internet access and they are getting their normal Windows updates from WSUS so it would be easy to configure servers to get those updates from WSUS.
- Where or how I can see reports if Microsoft Antimalware has detected antimalware or if it has done something to it (like put in quarantine)? Logs are available from "System logs" but are Extension giving more than just logs?
- When installing that extension, it installs System Center Endpoint Protection to my server, but when I try to open the software it just prompts " Your System admistator has restricted access to this app"
So Do I need to have SCCM licences to use that software which means that Microsoft Antimalware is not free even tho Microsoft is saying that. Or does Microsoft Antimalware protect vms in background but I don't have "access" to it and when I need to update e.g exclusions I need to install extension newly, because Portal is only place where I have access to it?
Accepted answer
-
Bombbe 1,611 Reputation points
2020-08-04T09:40:33.433+00:00 -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT 34,121 Reputation points Microsoft Employee2020-08-04T20:04:46.123+00:00 Thanks for following up, @bommbe. Would you mind sharing what you did to resolve the issue?
-
Bombbe 1,611 Reputation points
2020-08-05T10:00:40.34+00:00 - it is possible to get updates from wsus server. From Products and Classifications select System Center Endpoint Protection so it will update the client.
- Logs are displaying in event view and log analytics. Alerts are showing up Azure security center and MDATP Portal if servers has been onboarded to atp.
- I had to change HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware\UX Configuration\UILockdown reg value to 0. UI was only disabled
Sign in to comment -
1 additional answer
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 48%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Sudhakar Penki 96 Reputation points2020-11-06T11:31:31.84+00:00 Please use the below command for the below error: Same worked for me.
"Your System admistator has restricted access to this app".==================================================================== Execute the below command in elevated admin command prompt.
C:\Packages\Plugins\Microsoft.Azure.Security.IaaSAntimalware\Version(Eg:1.5.5.49)>SCEPINSTALL /forceclean