Microsoft offers for free it’s antimalware service. When you create a new VM you have the option to enable it. This will install the System Center Endpoint Protection client to the VM. If you have added this but now you want to remove it and add some other antivirus/antimalware solution you cannot do it by just uninstalling the client from the VM. You will see at the Azure Portal under the “Extensions” that the Antimalware Service is listed there. To completely uninstall the program and remove it from Azure you will need PowerShell.
First connect PowerShell to your Azure subscription, as described to previous posts and then run:
# First check the Antimalware Service Status, you need to select the Azure VM and then get the status: $servicename = "myVMservice" $vmname = "myVMname" $vm = Get-AzureVM –ServiceName $servicename –Name $vmname Get-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -Version 1.* -VM $vm #To remove the service Remove-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -VM $vm # To uninstall the System Center Endpoint Protection Get-AzureVM -ServiceName $servicename -Name $vmname | Set-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -Version 1.* -Uninstall | Update-AzureVM
For this post I used resources from : http://wasita.net/2014/08/31/secure-azure-vm-from-day-zero-with-azure-security-extension-azure-security-part-1/
Pantelis Apostolidis is a Solutions Architect professional at Office Line SA and a recognized Microsoft Azure MVP. For the last 10 years, Pantelis has been involved to major cloud projects in Greece and abroad, helping companies to adopt and deploy cloud technologies, driving business value. He is entitled to a lot of Microsoft Expert Certifications, demonstrating his proven experience in delivering high quality solutions. He is an author, blogger and he is acting as a spokesperson for conferences, workshops and webinars. He is also an active member of several communities as a moderator in azureheads.gr and autoexec.gr. Follow him on Twitter @papostolidis.