< Back
Set-AzureVMMicrosoftAntimalwareExtension
Post
NAME Set-AzureVMMicrosoftAntimalwareExtension
SYNOPSIS
Configures the Microsoft Antimalware extension for a virtual machine.
SYNTAX
Set-AzureVMMicrosoftAntimalwareExtension [-AntimalwareConfigFile] <String> [[-Version] <String>] [[-Monitoring] <String>] [[-StorageContext]
<AzureStorageContext>] -VM <IPersistentVM> [-Profile <AzureSMProfile>] [-InformationAction <ActionPreference>] [-InformationVariable <String>]
[<CommonParameters>]
Set-AzureVMMicrosoftAntimalwareExtension [-AntimalwareConfiguration] <String> [[-Version] <String>] [[-Monitoring] <String>] [[-StorageContext]
<AzureStorageContext>] -VM <IPersistentVM> [-Profile <AzureSMProfile>] [-InformationAction <ActionPreference>] [-InformationVariable <String>]
[<CommonParameters>]
Set-AzureVMMicrosoftAntimalwareExtension [[-Version] <String>] [[-Disable]] -VM <IPersistentVM> [-Profile <AzureSMProfile>] [-InformationAction
<ActionPreference>] [-InformationVariable <String>] [<CommonParameters>]
Set-AzureVMMicrosoftAntimalwareExtension [[-Monitoring] <String>] [-NoConfig] [[-StorageContext] <AzureStorageContext>] -VM <IPersistentVM> [-Profile
<AzureSMProfile>] [-InformationAction <ActionPreference>] [-InformationVariable <String>] [<CommonParameters>]
Set-AzureVMMicrosoftAntimalwareExtension [-Uninstall] -VM <IPersistentVM> [-Profile <AzureSMProfile>] [-InformationAction <ActionPreference>]
[-InformationVariable <String>] [<CommonParameters>]
DESCRIPTION
The Set-AzureVMMicrosoftAntimalwareExtension cmdlet configures the Microsoft Antimalware extension for a virtual machine. You can enable, disable, or
uninstall the extension.
PARAMETERS
-AntimalwareConfigFile <String>
Specifies the absolute path of the Microsoft Antimalware configuration file. Do not specify this parameter if you specify the
AntimalwareConfiguration parameter. The configuration file must include, at a minimum, the following content to enable the Microsoft Antimalware
extension:
{ "AntimalwareEnabled": true }
Required? true
Position? 1
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Version <String>
Specifies the extension version as a string.
Required? false
Position? 2
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Monitoring <String>
Specifies whether to collect Microsoft Antimalware events.
The acceptable values for this parameter are:
-- ON. Collect Microsoft Antimalware events to storage context.
-- OFF. Do not collect Microsoft Antimalware events.
Required? false
Position? 3
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-StorageContext <AzureStorageContext>
Specifies an Azure storage context for Microsoft Antimalware monitoring.
Required? false
Position? 4
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-VM <IPersistentVM>
Specifies the virtual machine as an IPersistentVM object.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByValue, ByPropertyName)
Accept wildcard characters? false
-Profile <AzureSMProfile>
Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-InformationAction <ActionPreference>
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-InformationVariable <String>
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-AntimalwareConfiguration <String>
Specifies a string object that contains the Microsoft Antimalware configuration. This object must not be $Null or empty. Do not specify this
parameter if you specify the AntimalwareConfigFile parameter. The configuration object must include, at a minimum, the following content to enable
the Microsoft Antimalware extension: { "AntimalwareEnabled": true }
Microsoft Antimalware JSON configuration sample:
{ "AntimalwareEnabled": true, "RealtimeProtectionEnabled": true, "ScheduledScanSettings": { "isEnabled": true, "day": 1,
"time": 120, "scanType": "Full" },
"Exclusions": { "Extensions": ".ext1;.ext2", "Paths": "c:\\excluded-path-1;c:\\excluded-path-2", "Processes": "excludedproc1.exe;excludedproc2.exe" }
}
Notes: AntimalwareEnabled is a required parameter. Values: true= Enable. false= Error out as false is not a supported value
RealtimeProtectionEnabled: true/false. true = Enable. false = Disable. Default is true
ScheduledScanSettings:
isEnabled=true/false day=0-8 (0-daily, 1-Sunday, 2-Monday, ...., 7-Saturday, 8-Disabled) time=0-1440 (measured in minutes after midnight -
60->1AM, 120 -> 2AM, ... ) scanType="Quick" or "Full" (Default is Quick) Note: If isEnabled=true is the only setting provided, the following
defaults are set: day=7 (Saturday), time=120 (2 AM), scanType="Quick" Exclusions: Multiple exclusions in the same list are specified by using
semicolon delimiters.
If no exclusions are specified, then the existing exclusions, if any, are overwritten by blank on the system.
Required? true
Position? 1
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Disable [<SwitchParameter>]
Indicates that the cmdlet disables the Microsoft Antimalware extension. To re-enable the extension on the same virtual machine, run
Set-AzureVMMicrosoftAntimalwareExtension without the Disable parameter.
Required? false
Position? 2
Default value False
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Uninstall [<SwitchParameter>]
Indicates that this cmdlet uninstalls the Microsoft Antimalware extension from the virtual machine. If monitoring was turned on, the cmdlet also
removes the collection of Microsoft Antimalware events.
Required? true
Position? 1
Default value False
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-NoConfig [<SwitchParameter>]
Required? true
Position? 3
Default value False
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
NOTES
-------------------------- Example 1: Enable the extension by using a configuration file --------------------------
PS C:\\>Get-AzureVM -ServiceName "ContosoService03" -Name "ContosoVM22" | Set-AzureVMMicrosoftAntimalwareExtension -AntimalwareConfigFile
'C:\\configuration\\contosoVM.json' | Update-AzureVM
This command enables the Microsoft Antimalware extension by using a configuration file. The command uses the Get-AzureVM cmdlet to get the specified
virtual machine object, and then passes the object to the current cmdlet by using the pipeline operator.
-------------------------- Example 2: Enable the extension and enable monitoring --------------------------
PS C:\\>$StorageContext = New-AzureStorageContext -StorageAccountName "contosostoragemain" -StorageAccountKey (Get-AzureStorageKey -StorageAccountName
"Contosostoragemain").PrimaryP
S C:\\> Get-AzureVM -ServiceName "ContosoService03" -Name"ContosoVM22" | Set-AzureVMMicrosoftAntimalwareExtension -AntimalwareConfigFile
'C:\\configuration\\contosoVM.json" -Monitoring ON -StorageContext $StorageContext | Update-AzureVM
The first command creates an AzureStorageContext object by using the New-AzureStorageContext cmdlet, and then stores it in the $StorageContext variable.
-------------------------- Example 3: Enable the extension by specifying a configuration object --------------------------
PS C:\\>$Config_String = [IO.File]::ReadAllText('C:\\configuration\\contosoVM.json')
PS C:\\> Get-AzureVM -ServiceName "ContosoService03" -Name "ContosoVM22" | Set-AzureVMMicrosoftAntimalwareExtension -AntimalwareConfiguration
$Config_String | Update-AzureVM
The first command creates a string object by reading a JSON configuration for the Microsoft Antimalware extension, and then storing it in the
$config_string variable.
-------------------------- Example 4: Disable the extension --------------------------
PS C:\\>Get-AzureVM -ServiceName "ContosoService03" -Name "ContosoVM22" | Set-AzureVMMicrosoftAntimalwareExtension -Disable | Update-AzureVM
This command disables the extension without removing it. The command uses Get-AzureVM to get the specified virtual machine object, and then passes the
object to the current cmdlet.
-------------------------- Example 5: Remove the extension --------------------------
PS C:\\>Get-AzureVM -ServiceName "ContosoService03" -Name"ContosoVM22" | Set-AzureVMMicrosoftAntimalwareExtension -Uninstall | Update-AzureVM
This command removes the Microsoft Antimalware extension from the virtual machine. The command uses Get-AzureVM to get the specified virtual machine
object, and then passes the object to the current cmdlet.
RELATED LINKS
Online Version: http://go.microsoft.com/fwlink/?LinkID=402844
Get-AzureVMMicrosoftAntimalwareExtension
Remove-AzureVMMicrosoftAntimalwareExtension
Get-AzureVM
SYNOPSIS
Configures the Microsoft Antimalware extension for a virtual machine.
SYNTAX
Set-AzureVMMicrosoftAntimalwareExtension [-AntimalwareConfigFile] <String> [[-Version] <String>] [[-Monitoring] <String>] [[-StorageContext]
<AzureStorageContext>] -VM <IPersistentVM> [-Profile <AzureSMProfile>] [-InformationAction <ActionPreference>] [-InformationVariable <String>]
[<CommonParameters>]
Set-AzureVMMicrosoftAntimalwareExtension [-AntimalwareConfiguration] <String> [[-Version] <String>] [[-Monitoring] <String>] [[-StorageContext]
<AzureStorageContext>] -VM <IPersistentVM> [-Profile <AzureSMProfile>] [-InformationAction <ActionPreference>] [-InformationVariable <String>]
[<CommonParameters>]
Set-AzureVMMicrosoftAntimalwareExtension [[-Version] <String>] [[-Disable]] -VM <IPersistentVM> [-Profile <AzureSMProfile>] [-InformationAction
<ActionPreference>] [-InformationVariable <String>] [<CommonParameters>]
Set-AzureVMMicrosoftAntimalwareExtension [[-Monitoring] <String>] [-NoConfig] [[-StorageContext] <AzureStorageContext>] -VM <IPersistentVM> [-Profile
<AzureSMProfile>] [-InformationAction <ActionPreference>] [-InformationVariable <String>] [<CommonParameters>]
Set-AzureVMMicrosoftAntimalwareExtension [-Uninstall] -VM <IPersistentVM> [-Profile <AzureSMProfile>] [-InformationAction <ActionPreference>]
[-InformationVariable <String>] [<CommonParameters>]
DESCRIPTION
The Set-AzureVMMicrosoftAntimalwareExtension cmdlet configures the Microsoft Antimalware extension for a virtual machine. You can enable, disable, or
uninstall the extension.
PARAMETERS
-AntimalwareConfigFile <String>
Specifies the absolute path of the Microsoft Antimalware configuration file. Do not specify this parameter if you specify the
AntimalwareConfiguration parameter. The configuration file must include, at a minimum, the following content to enable the Microsoft Antimalware
extension:
{ "AntimalwareEnabled": true }
Required? true
Position? 1
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Version <String>
Specifies the extension version as a string.
Required? false
Position? 2
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Monitoring <String>
Specifies whether to collect Microsoft Antimalware events.
The acceptable values for this parameter are:
-- ON. Collect Microsoft Antimalware events to storage context.
-- OFF. Do not collect Microsoft Antimalware events.
Required? false
Position? 3
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-StorageContext <AzureStorageContext>
Specifies an Azure storage context for Microsoft Antimalware monitoring.
Required? false
Position? 4
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-VM <IPersistentVM>
Specifies the virtual machine as an IPersistentVM object.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByValue, ByPropertyName)
Accept wildcard characters? false
-Profile <AzureSMProfile>
Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-InformationAction <ActionPreference>
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-InformationVariable <String>
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-AntimalwareConfiguration <String>
Specifies a string object that contains the Microsoft Antimalware configuration. This object must not be $Null or empty. Do not specify this
parameter if you specify the AntimalwareConfigFile parameter. The configuration object must include, at a minimum, the following content to enable
the Microsoft Antimalware extension: { "AntimalwareEnabled": true }
Microsoft Antimalware JSON configuration sample:
{ "AntimalwareEnabled": true, "RealtimeProtectionEnabled": true, "ScheduledScanSettings": { "isEnabled": true, "day": 1,
"time": 120, "scanType": "Full" },
"Exclusions": { "Extensions": ".ext1;.ext2", "Paths": "c:\\excluded-path-1;c:\\excluded-path-2", "Processes": "excludedproc1.exe;excludedproc2.exe" }
}
Notes: AntimalwareEnabled is a required parameter. Values: true= Enable. false= Error out as false is not a supported value
RealtimeProtectionEnabled: true/false. true = Enable. false = Disable. Default is true
ScheduledScanSettings:
isEnabled=true/false day=0-8 (0-daily, 1-Sunday, 2-Monday, ...., 7-Saturday, 8-Disabled) time=0-1440 (measured in minutes after midnight -
60->1AM, 120 -> 2AM, ... ) scanType="Quick" or "Full" (Default is Quick) Note: If isEnabled=true is the only setting provided, the following
defaults are set: day=7 (Saturday), time=120 (2 AM), scanType="Quick" Exclusions: Multiple exclusions in the same list are specified by using
semicolon delimiters.
If no exclusions are specified, then the existing exclusions, if any, are overwritten by blank on the system.
Required? true
Position? 1
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Disable [<SwitchParameter>]
Indicates that the cmdlet disables the Microsoft Antimalware extension. To re-enable the extension on the same virtual machine, run
Set-AzureVMMicrosoftAntimalwareExtension without the Disable parameter.
Required? false
Position? 2
Default value False
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Uninstall [<SwitchParameter>]
Indicates that this cmdlet uninstalls the Microsoft Antimalware extension from the virtual machine. If monitoring was turned on, the cmdlet also
removes the collection of Microsoft Antimalware events.
Required? true
Position? 1
Default value False
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-NoConfig [<SwitchParameter>]
Required? true
Position? 3
Default value False
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
NOTES
-------------------------- Example 1: Enable the extension by using a configuration file --------------------------
PS C:\\>Get-AzureVM -ServiceName "ContosoService03" -Name "ContosoVM22" | Set-AzureVMMicrosoftAntimalwareExtension -AntimalwareConfigFile
'C:\\configuration\\contosoVM.json' | Update-AzureVM
This command enables the Microsoft Antimalware extension by using a configuration file. The command uses the Get-AzureVM cmdlet to get the specified
virtual machine object, and then passes the object to the current cmdlet by using the pipeline operator.
-------------------------- Example 2: Enable the extension and enable monitoring --------------------------
PS C:\\>$StorageContext = New-AzureStorageContext -StorageAccountName "contosostoragemain" -StorageAccountKey (Get-AzureStorageKey -StorageAccountName
"Contosostoragemain").PrimaryP
S C:\\> Get-AzureVM -ServiceName "ContosoService03" -Name"ContosoVM22" | Set-AzureVMMicrosoftAntimalwareExtension -AntimalwareConfigFile
'C:\\configuration\\contosoVM.json" -Monitoring ON -StorageContext $StorageContext | Update-AzureVM
The first command creates an AzureStorageContext object by using the New-AzureStorageContext cmdlet, and then stores it in the $StorageContext variable.
-------------------------- Example 3: Enable the extension by specifying a configuration object --------------------------
PS C:\\>$Config_String = [IO.File]::ReadAllText('C:\\configuration\\contosoVM.json')
PS C:\\> Get-AzureVM -ServiceName "ContosoService03" -Name "ContosoVM22" | Set-AzureVMMicrosoftAntimalwareExtension -AntimalwareConfiguration
$Config_String | Update-AzureVM
The first command creates a string object by reading a JSON configuration for the Microsoft Antimalware extension, and then storing it in the
$config_string variable.
-------------------------- Example 4: Disable the extension --------------------------
PS C:\\>Get-AzureVM -ServiceName "ContosoService03" -Name "ContosoVM22" | Set-AzureVMMicrosoftAntimalwareExtension -Disable | Update-AzureVM
This command disables the extension without removing it. The command uses Get-AzureVM to get the specified virtual machine object, and then passes the
object to the current cmdlet.
-------------------------- Example 5: Remove the extension --------------------------
PS C:\\>Get-AzureVM -ServiceName "ContosoService03" -Name"ContosoVM22" | Set-AzureVMMicrosoftAntimalwareExtension -Uninstall | Update-AzureVM
This command removes the Microsoft Antimalware extension from the virtual machine. The command uses Get-AzureVM to get the specified virtual machine
object, and then passes the object to the current cmdlet.
RELATED LINKS
Online Version: http://go.microsoft.com/fwlink/?LinkID=402844
Get-AzureVMMicrosoftAntimalwareExtension
Remove-AzureVMMicrosoftAntimalwareExtension
Get-AzureVM