Set-AzureVMMicrosoftAntimalwareExtension
Configures the Microsoft Antimalware extension for a virtual machine.
Note
The cmdlets referenced in this documentation are for managing legacy Azure resources that use Azure Service Manager (ASM) APIs. This legacy PowerShell module isn't recommended when creating new resources since ASM is scheduled for retirement. For more information, see Azure Service Manager retirement.
The Az PowerShell module is the recommended PowerShell module for managing Azure Resource Manager (ARM) resources with PowerShell.
Syntax
EnableMicrosoftAntimalwareExtensionJsonConfigFilePath (Default)
Set-AzureVMMicrosoftAntimalwareExtension
[-AntimalwareConfigFile] <String>
[[-Version] <String>]
[[-Monitoring] <String>]
[[-StorageContext] <AzureStorageContext>]
-VM <IPersistentVM>
[-Profile <AzureSMProfile>]
[-InformationAction <ActionPreference>]
[-InformationVariable <String>]
[<CommonParameters>]
EnableMicrosoftAntimalwareExtensionJsonConfig
Set-AzureVMMicrosoftAntimalwareExtension
[-AntimalwareConfiguration] <String>
[[-Version] <String>]
[[-Monitoring] <String>]
[[-StorageContext] <AzureStorageContext>]
-VM <IPersistentVM>
[-Profile <AzureSMProfile>]
[-InformationAction <ActionPreference>]
[-InformationVariable <String>]
[<CommonParameters>]
DisableMicrosoftAntimalwareExtension
Set-AzureVMMicrosoftAntimalwareExtension
[[-Version] <String>]
-VM <IPersistentVM>
[-Disable]
[-Profile <AzureSMProfile>]
[-InformationAction <ActionPreference>]
[-InformationVariable <String>]
[<CommonParameters>]
UninstallMicrosoftAntimalwareExtension
Set-AzureVMMicrosoftAntimalwareExtension
-VM <IPersistentVM>
[-Uninstall]
[-Profile <AzureSMProfile>]
[-InformationAction <ActionPreference>]
[-InformationVariable <String>]
[<CommonParameters>]
ConfigureMicrosoftAntimalwareMonitoring
Set-AzureVMMicrosoftAntimalwareExtension
[-Monitoring] <String>
[[-StorageContext] <AzureStorageContext>]
-VM <IPersistentVM>
[-NoConfig]
[-Profile <AzureSMProfile>]
[-InformationAction <ActionPreference>]
[-InformationVariable <String>]
[<CommonParameters>]
Description
The Set-AzureVMMicrosoftAntimalwareExtension cmdlet configures the Microsoft Antimalware extension for a virtual machine. You can enable, disable, or uninstall the extension.
Examples
Example 1: Enable the extension by using a configuration file
PS C:\> Get-AzureVM -ServiceName "ContosoService03" -Name "ContosoVM22" | Set-AzureVMMicrosoftAntimalwareExtension -AntimalwareConfigFile 'C:\configuration\contosoVM.json' | Update-AzureVM
This command enables the Microsoft Antimalware extension by using a configuration file. The command uses the Get-AzureVM cmdlet to get the specified virtual machine object, and then passes the object to the current cmdlet by using the pipeline operator.
Example 2: Enable the extension and enable monitoring
PS C:\> $StorageContext = New-AzureStorageContext -StorageAccountName "contosostoragemain" -StorageAccountKey (Get-AzureStorageKey -StorageAccountName "Contosostoragemain").PrimaryP
S C:\> Get-AzureVM -ServiceName "ContosoService03" -Name"ContosoVM22" | Set-AzureVMMicrosoftAntimalwareExtension -AntimalwareConfigFile 'C:\configuration\contosoVM.json" -Monitoring ON -StorageContext $StorageContext | Update-AzureVM
The first command creates an AzureStorageContext object by using the New-AzureStorageContext cmdlet, and then stores it in the $StorageContext variable.
Example 3: Enable the extension by specifying a configuration object
PS C:\> $Config_String = [IO.File]::ReadAllText('C:\configuration\contosoVM.json')
PS C:\> Get-AzureVM -ServiceName "ContosoService03" -Name "ContosoVM22" | Set-AzureVMMicrosoftAntimalwareExtension -AntimalwareConfiguration $Config_String | Update-AzureVM
The first command creates a string object by reading a JSON configuration for the Microsoft Antimalware extension, and then storing it in the $config_string variable.
Example 4: Disable the extension
PS C:\> Get-AzureVM -ServiceName "ContosoService03" -Name "ContosoVM22" | Set-AzureVMMicrosoftAntimalwareExtension -Disable | Update-AzureVM
This command disables the extension without removing it. The command uses Get-AzureVM to get the specified virtual machine object, and then passes the object to the current cmdlet.
Example 5: Remove the extension
PS C:\> Get-AzureVM -ServiceName "ContosoService03" -Name"ContosoVM22" | Set-AzureVMMicrosoftAntimalwareExtension -Uninstall | Update-AzureVM
This command removes the Microsoft Antimalware extension from the virtual machine. The command uses Get-AzureVM to get the specified virtual machine object, and then passes the object to the current cmdlet.
Parameters
-AntimalwareConfigFile
Specifies the absolute path of the Microsoft Antimalware configuration file. Do not specify this parameter if you specify the AntimalwareConfiguration parameter. The configuration file must include, at a minimum, the following content to enable the Microsoft Antimalware extension:
{ "AntimalwareEnabled": true }
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
EnableMicrosoftAntimalwareExtensionJsonConfigFilePath
| Position: | 1 |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-AntimalwareConfiguration
Specifies a string object that contains the Microsoft Antimalware configuration. This object must not be $Null or empty. Do not specify this parameter if you specify the AntimalwareConfigFile parameter. The configuration object must include, at a minimum, the following content to enable the Microsoft Antimalware extension: ****{ "AntimalwareEnabled": true }
Microsoft Antimalware JSON configuration sample:
{ "AntimalwareEnabled": true, "RealtimeProtectionEnabled": true, "ScheduledScanSettings": { "isEnabled": true, "day": 1, "time": 120, "scanType": "Full" },
"Exclusions": { "Extensions": ".ext1;.ext2", "Paths": "c:\excluded-path-1;c:\excluded-path-2", "Processes": "excludedproc1.exe;excludedproc2.exe" }
}
Notes: AntimalwareEnabled is a required parameter. Values: true= Enable. false= Error out as false is not a supported value
RealtimeProtectionEnabled: true/false. true = Enable. false = Disable. Default is true
ScheduledScanSettings: isEnabled=true/false day=0-8 (0-daily, 1-Sunday, 2-Monday, ...., 7-Saturday, 8-Disabled) time=0-1440 (measured in minutes after midnight - 60->1AM, 120 -> 2AM, ... ) scanType="Quick" or "Full" (Default is Quick) Note: If isEnabled=true is the only setting provided, the following defaults are set: day=7 (Saturday), time=120 (2 AM), scanType="Quick" Exclusions: Multiple exclusions in the same list are specified by using semicolon delimiters.
If no exclusions are specified, then the existing exclusions, if any, are overwritten by blank on the system.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
EnableMicrosoftAntimalwareExtensionJsonConfig
| Position: | 1 |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-Disable
Indicates that the cmdlet disables the Microsoft Antimalware extension. To re-enable the extension on the same virtual machine, run Set-AzureVMMicrosoftAntimalwareExtension without the Disable parameter.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
DisableMicrosoftAntimalwareExtension
| Position: | 2 |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-InformationAction
Specifies how this cmdlet responds to an information event.
The acceptable values for this parameter are:
- Continue
- Ignore
- Inquire
- SilentlyContinue
- Stop
- Suspend
Parameter properties
| Type: | ActionPreference |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | infa |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-InformationVariable
Specifies an information variable.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | iv |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Monitoring
Specifies whether to collect Microsoft Antimalware events.
The acceptable values for this parameter are:
- ON. Collect Microsoft Antimalware events to storage context.
- OFF. Do not collect Microsoft Antimalware events.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
EnableMicrosoftAntimalwareExtensionJsonConfigFilePath
| Position: | 3 |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
EnableMicrosoftAntimalwareExtensionJsonConfig
| Position: | 3 |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-NoConfig
Indicates that this cmdlet specifies the NoConfig option.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
ConfigureMicrosoftAntimalwareMonitoring
| Position: | 3 |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-Profile
Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
Parameter properties
| Type: | AzureSMProfile |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-StorageContext
Specifies an Azure storage context for Microsoft Antimalware monitoring.
Parameter properties
| Type: | AzureStorageContext |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
EnableMicrosoftAntimalwareExtensionJsonConfigFilePath
| Position: | 4 |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
EnableMicrosoftAntimalwareExtensionJsonConfig
| Position: | 4 |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
ConfigureMicrosoftAntimalwareMonitoring
| Position: | 4 |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-Uninstall
Indicates that this cmdlet uninstalls the Microsoft Antimalware extension from the virtual machine. If monitoring was turned on, the cmdlet also removes the collection of Microsoft Antimalware events.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
UninstallMicrosoftAntimalwareExtension
| Position: | 1 |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-Version
Specifies the extension version as a string. Note: The supported version is 1.5. The older versions are not supported by Microsoft.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
EnableMicrosoftAntimalwareExtensionJsonConfigFilePath
| Position: | 2 |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
EnableMicrosoftAntimalwareExtensionJsonConfig
| Position: | 2 |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
DisableMicrosoftAntimalwareExtension
| Position: | 2 |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-VM
Specifies the virtual machine as an IPersistentVM object.
Parameter properties
| Type: | IPersistentVM |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | InputObject |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.