Remove Microsoft Antimalware Service from a VM

Azure, Microsoft, Servers Leave a comment

Microsoft offers for free it’s antimalware service. When you create a new VM you have the option to enable it. This will install the System Center Endpoint Protection client to the VM. If you have added this but now you want to remove it and add some other antivirus/antimalware solution you cannot do it by just uninstalling the client from the VM. You will see at the Azure Portal under the “Extensions” that the Antimalware Service is listed there. To completely uninstall the program and remove it from Azure you will need PowerShell.
First connect PowerShell to your Azure subscription, as described to previous posts and then run:

# First check the Antimalware Service Status, you need to select the Azure VM and then get the status:
$servicename = "myVMservice"
$vmname = "myVMname"
$vm = Get-AzureVM –ServiceName $servicename –Name $vmname
Get-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -Version 1.* -VM $vm

#To remove the service
Remove-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -VM $vm

# To uninstall the System Center Endpoint Protection
Get-AzureVM -ServiceName $servicename -Name $vmname | Set-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -Version 1.* -Uninstall | Update-AzureVM

 

For this post I used resources from : http://wasita.net/2014/08/31/secure-azure-vm-from-day-zero-with-azure-security-extension-azure-security-part-1/

Share

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.