Drew Robinson's Blog

Azure, Powershell and Security things

Azure ARM Templates, Azure Antimalware

For deploying Azure Antimalware in Azure Virtual Machine ARM templates, I recommend you use one of the following json settings to ensure you’re deploying the latest version of our Antimalware client.

“autoUpgradeMinorVersion”: true

or hardcode the version using

“typeHandlerVersion”: “1.5”

Otherwise extension autoupdate is disabled, and your deployment will be stuck with Azure Antimalware 1.1.0.0 (Microsoft Antivirus version 4.6 from 2014).

Reference: compute schema 2015-08-01

“iaaSAntimalware”: {
“type”: “object”,
“properties”: {
“publisher”: {
“enum”: [
“Microsoft.Azure.Security”
]
},
“type”: {
“enum”: [
“IaaSAntimalware”
]
},
“typeHandlerVersion”: {
“type”: “string”,
“minLength”: 1
},
“autoUpgradeMinorVersion”: {
“type”: “boolean”
},
“settings”: {
“type”: “object”,
“properties”: {
“AntimalwareEnabled”: {
“type”: “boolean”
},
“Exclusions”: {
“type”: “object”,
“properties”: {
“Paths”: {
“type”: “string”
},
“Extensions”: {
“type”: “string”
},
“Processes”: {
“type”: “string”
}
},
“required”: [
“Paths”,
“Extensions”,
“Processes”
]
},
“RealtimeProtectionEnabled”: {
“enum”: [
“true”,
“false”
]
},
“ScheduledScanSettings”: {
“type”: “object”,
“properties”: {
“isEnabled”: {
“enum”: [
“true”,
“false”
]
},
“scanType”: {
“type”: “string”
},
“day”: {
“type”: “string”
},
“time”: {
“type”: “string”
}
},
“required”: [
“isEnabled”,
“scanType”,
“day”,
“time”
]
}
},
“required”: [
“AntimalwareEnabled”,
“Exclusions”,
“RealtimeProtectionEnabled”,
“ScheduledScanSettings”
]
}
},
“required”: [
“publisher”,
“type”,
“typeHandlerVersion”,
“autoUpgradeMinorVersion”,
“settings”
]
}