Drew Robinson's Blog

Azure, Powershell and Security things

Azure Antimalware Powershell examples

Powershell code to deploy Azure Antimalware (ASM)

$JSONString="{
'AntimalwareEnabled': true,
'RealtimeProtectionEnabled': true,
'ScheduledScanSettings':
{
'isEnabled': true,
'day': 0,
'time': 120,
'scanType': 'quick'
},
'Exclusions':
{
'Extensions': 'mdb;ldb;ndb;dbx',
'Paths': 'C:\\Program Files\\DB Bin:\\;F:\\DB;G:\\DBs;S:\\LOGS;',
'Processes': 'DBServr.exe;customprocess.exe'
}
}"
Get-AzureVM -ServiceName drewcloudv1 -Name vm1 | Set-AzureVMExtension -ExtensionName IaaSAntimalware -Publisher Microsoft.Azure.Security -Version 1.* -PublicConfiguration $JSONString | Update-Azurevm

Powershell code to deploy Azure Antimalware (ARM)

$JSONString="{
'AntimalwareEnabled': true,
'RealtimeProtectionEnabled': true,

‘UILockdown’: false,
‘ScheduledScanSettings’:
{
‘isEnabled’: true,
‘day’: 0,
‘time’: 120,
‘scanType’: ‘quick’
},
‘Exclusions’:
{
‘Extensions’: ‘mdb;ldb;ndb;dbx’,
‘Paths’: ‘C:\\Program Files\\DB Bin:\\;F:\\DB;G:\\DBs;S:\\LOGS;’,
‘Processes’: ‘DBServr.exe;customprocess.exe’

}”

Set-AzureRmVMExtension -ResourceGroup ‘drewresourcegroup’ -VMNAme ‘vm1’ -Location ‘CanadaCentral’ -Name ‘IaaSAntimalware’ -Publisher ‘Microsoft.Azure.Security’ -ExtensionType ‘IaaSAntimalware’ -TypeHandler ‘1.4’ -SettingString $JsonString