Remove Microsoft Antimalware Service from a VM

Microsoft offers for free it’s antimalware service. When you create a new VM you have the option to enable it. This will install the System Center Endpoint Protection client to the VM. If you have added this but now you want to remove it and add some other antivirus/antimalware solution you cannot do it by just uninstalling the client from the VM. You will see at the Azure Portal under the “Extensions” that the Antimalware Service is listed there. To completely uninstall the program and remove it from Azure you will need PowerShell.
First connect PowerShell to your Azure subscription, as described to previous posts and then run:

# First check the Antimalware Service Status, you need to select the Azure VM and then get the status:
$servicename = "myVMservice"
$vmname = "myVMname"
$vm = Get-AzureVM –ServiceName $servicename –Name $vmname
Get-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -Version 1.* -VM $vm

#To remove the service
Remove-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -VM $vm

# To uninstall the System Center Endpoint Protection
Get-AzureVM -ServiceName $servicename -Name $vmname | Set-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -Version 1.* -Uninstall | Update-AzureVM

 

For this post I used resources from : http://wasita.net/2014/08/31/secure-azure-vm-from-day-zero-with-azure-security-extension-azure-security-part-1/

Share

Leave a Reply