question

bombbe avatar image
1 Vote"
bombbe asked ·

Microsoft Antimalware Extension

Hi, since Windows Defender is not supported on Server 2012 R2 I'm looking for endpoint protection solutions to vms in Azure. I came a cross Microsoft Antimalware Extension for Windows which could solve my issues but have few questions about this service still.

Refering to this:
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/iaas-antimalware-windows#internet-connectivity
"The Microsoft Antimalware for Windows requires that the target virtual machine is connected to the internet to receive regular engine and signature updates."

  1. Does anybody know if is possible to get updates to Signature, Antimalware Engine and Antimalware Platform from WSUS? Most of our vms don't have internet access and they are getting their normal Windows updates from WSUS so it would be easy to configure servers to get those updates from WSUS.

  2. Where or how I can see reports if Microsoft Antimalware has detected antimalware or if it has done something to it (like put in quarantine)? Logs are available from "System logs" but are Extension giving more than just logs?

  3. When installing that extension, it installs System Center Endpoint Protection to my server, but when I try to open the software it just prompts " Your System admistator has restricted access to this app"

14521-scep.png



So Do I need to have SCCM licences to use that software which means that Microsoft Antimalware is not free even tho Microsoft is saying that. Or does Microsoft Antimalware protect vms in background but I don't have "access" to it and when I need to update e.g exclusions I need to install extension newly, because Portal is only place where I have access to it?

azure-virtual-machinesazure-security-centerazure-virtual-machines-extension
scep.png (7.8 KiB)
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

bombbe avatar image
1 Vote"
bombbe answered ·

Got this working by my self

· 2 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for following up, @bommbe. Would you mind sharing what you did to resolve the issue?

0 Votes 0 ·
  1. it is possible to get updates from wsus server. From Products and Classifications select System Center Endpoint Protection so it will update the client.

  2. Logs are displaying in event view and log analytics. Alerts are showing up Azure security center and MDATP Portal if servers has been onboarded to atp.

  3. I had to change HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware\UX Configuration\UILockdown reg value to 0. UI was only disabled


0 Votes 0 ·
Penki avatar image
0 Votes"
Penki answered ·

Please use the below command for the below error: Same worked for me.
"Your System admistator has restricted access to this app".


==================================================================== Execute the below command in elevated admin command prompt.
C:\Packages\Plugins\Microsoft.Azure.Security.IaaSAntimalware\Version(Eg:1.5.5.49)>SCEPINSTALL /forceclean
====================================================================

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.