scep

One thing i have noticed recently with all the current VM deployments using JSON & ARM Templates, yes that is such an efficient & clever way of deploying resources, but where is my Malware protection? Whether your creating a VM through the Portal manually or deploying a whole bunch of VM’s in an ARM template, adding an extension for Anti-Malware really does get overlooked, and it only takes a few minutes. The Microsoft Antimalware for Azure is a single-agent solution designed to run in the background without human intervention.

I have a JSON file here which will deploy System Center Endpoint Protection to a single VM in a Resource Group

Simply copy and paste this .json file into your azuredeploy.json template in Visual Studio

{
 "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
 "contentVersion": "1.0.0.0",
 "parameters": {
 "vmName": {
 "type": "string"
 },
 "location": {
 "type": "string"
 },
 "ExclusionsPaths": {
 "type": "string",
 "defaultValue": "",
 "metadata": {
 "description": "Semicolon delimited list of file paths or locations to exclude from scanning"
 }
 },
 "ExclusionsExtensions": {
 "type": "string",
 "defaultValue": "",
 "metadata": {
 "description": "Semicolon delimited list of file extensions to exclude from scanning"
 }
 },
 "ExclusionsProcesses": {
 "type": "string",
 "defaultValue": "",
 "metadata": {
 "description": "Semicolon delimited list of process names to exclude from scanning"
 }
 },
 "RealtimeProtectionEnabled": {
 "type": "string",
 "defaultValue": "true",
 "metadata": {
 "description": "Indicates whether or not real time protection is enabled (default is true)"
 }
 },
 "ScheduledScanSettingsIsEnabled": {
 "type": "string",
 "defaultValue": "false",
 "metadata": {
 "description": "Indicates whether or not custom scheduled scan settings are enabled (default is false)"
 }
 },
 "ScheduledScanSettingsScanType": {
 "type": "string",
 "defaultValue": "Quick",
 "metadata": {
 "description": "Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)"
 }
 },
 "ScheduledScanSettingsDay": {
 "type": "string",
 "defaultValue": "7",
 "metadata": {
 "description": "Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)"
 }
 },
 "ScheduledScanSettingsTime": {
 "type": "string",
 "defaultValue": "120",
 "metadata": {
 "description": "When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM."
 }
 }
 },
 "resources": [
 {
 "name": "[concat(parameters('vmName'),'/IaaSAntimalware')]",
 "type": "Microsoft.Compute/virtualMachines/extensions",
 "location": "[parameters('location')]",
 "apiVersion": "2015-06-15",
 "properties": {
 "publisher": "Microsoft.Azure.Security",
 "type": "IaaSAntimalware",
 "typeHandlerVersion": "1.3",
 "autoUpgradeMinorVersion": true,
 "settings": {
 "AntimalwareEnabled": true,
 "RealtimeProtectionEnabled": "[parameters('RealtimeProtectionEnabled')]",
 "ScheduledScanSettings": {
 "isEnabled": "[parameters('ScheduledScanSettingsIsEnabled')]",
 "day": "[parameters('ScheduledScanSettingsDay')]",
 "time": "[parameters('ScheduledScanSettingsTime')]",
 "scanType": "[parameters('ScheduledScanSettingsScanType')]"
 },
 "Exclusions": {
 "Extensions": "[parameters('ExclusionsExtensions')]",
 "Paths": "[parameters('ExclusionsPaths')]",
 "Processes": "[parameters('ExclusionsProcesses')]"
 }
 }
 }
 }
 ]
}

Select the Resource Group which contains the VM
antimalpic2
In the Parameters section, enter the VM Name and location
antimalpic
Click Save, and hit Deploy 🙂

It shouldn’t take no more than 2 minutes to install the anti malware

Login to your VM, and you’ll see the installation has successfully completed

antimalpic3

 

Advertisements