Skip to main content

🛡️ Azure Virtual Machine Endpoint Protection is not installed🟢⚪

Similar Policies

Description

Open File

Description

Install endpoint protection for all virtual machines.

Rationale

Installing endpoint protection systems (like anti-malware for Azure) provides real-time protection that helps identify and remove viruses, spyware, and other malicious software. These also offer configurable alerts when known-malicious or unwanted software attempts to install itself or run on Azure systems.

Impact

Endpoint protection may incur additional costs.

Audit

From Azure Portal
  1. Go to Security Center.
  2. Click the Recommendations blade.
  3. Ensure that there are no recommendations for Endpoint Protection not installed on Azure VMs.
From Azure CLI
az vm show -g {{resource-group-name}} -n {{vm-name}} -d --query "resources[?type=='Microsoft.Compute/virtualMachines/extensions'].{ExtensionName:name}" -o table

If extensions are installed, it will list the installed extensions:

EndpointSecurity || TrendMicroDSA* || Antimalware || EndpointProtection || SCWPAgent || PortalProtectExtension* || FileSecurity*

Alternatively, you can employ your own endpoint protection tool for your OS.

... see more

Remediation

Open File

Remediation

Follow Microsoft Azure documentation to install endpoint protection from the security center. Alternatively, you can employ your own endpoint protection tool for your OS.

policy.yaml

Open File

Linked Framework Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 CIS Azure v2.1.0 → 💼 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed - Level 2 (Manual)1no data
💼 CIS Azure v3.0.0 → 💼 8.8 Ensure that Endpoint Protection for all Virtual Machines is installed (Manual)1no data
💼 Cloudaware Framework → 💼 Threat Protection31no data