• 3 min read

New Antimalware Options for Protecting Azure Virtual Machines

In this post, let’s take a look at the new antimalware Extension from Intel Security, McAfee Endpoint Protection announced as part of TechEd Europe.

In my previous post, we talked about the new extension from CloudLink enabling encryption.  In this post, let’s take a look at the new antimalware extension from Intel Security, McAfee Endpoint Protection announced during TechEd Europe.  McAfee Endpoint Protection can be installed either through Portal or through PowerShell and is available as a 30-day trial license.  Both options are detailed below.  Additionally, Microsoft Antimalware is out of preview and is now generally available.  We’ll take a quick look at the new configuration options for Microsoft Antimalware which makes it easier to install and configure.

McAfee Endpoint Protection by Intel Security Overview

McAfee Endpoint Protection provides protection for your data, network, and system. It includes antimalware, antispyware, firewall, and browser protection. The agent is part of McAfee’s Security Software-as-a-Service solutions. You can use an existing account or register for a 30-day trial subscription.

Installing McAfee Endpoint Protection through PowerShell

  1. To install McAfee Endpoint Protection with a trial license, first create a config JSON file.  The following fields are available: “featureVS” allows you to specify whether or not to install virus and spyware protection, “featureBP” specifies whether or not to install browser protection, “featureFW” specifies whether or not to install the firewall, and lastly “relayServer” specifies whether or not other computers on the same network should use this computer to install updates from.  Here is a sample of what it will look like:
    {
        "featureVS": "true",
        "featureBP": "true",
        "featureFW": "true",
        "relayServer": "false"
    }
  2. Alternatively, if you already have a McAfee subscription, you can add the “entitlementKey” parameter.  Another advanced option for administrators is the optional “policyID” parameter which can be used to specify a particular policy for your deployment.  Here is a sample:
    {
        "entitlementKey": "",
        "featureVS": "true",
        "featureBP": "true",
        "featureFW": "true",
        "relayServer": "false",
        "policyID": "1"
    }
  3. Save the above to a file on your local disk such as “c:mcafee.config”
  4. Run the following in PowerShell:
    # Get the VM
    $vm = Get-AzureVM –ServiceName $servicename –Name $name
    
    # Add McAfee Endpoint Protection to the Virtual Machine
    Set-AzureVMExtension -Publisher McAfee.EndpointSecurity -ExtensionName McAfeeEndpointSecurity -Version 6.* -VM $vm.VM -PublicConfigPath c:mcafee.config
    
    # Update the VM which will install the McAfee Endpoint Protection Agent
    Update-AzureVM -Name $servicename -ServiceName $name -VM $vm.VM

Installing McAfee Endpoint Protection through Portal

McAfee Endpoint Protection is available in the Azure Preview Portal but not the current portal.

To add McAfee Endpoint Protection to your Azure Virtual Machine, select an existing virtual machine or create a new one and wait for it to start running.  In the Add Extensions blade, select the McAfee Endpoint Protection resource (for a refresher on how to get to the Add Extensions blade, please take a look back to our first blog post of the series.

In the extensions configuration blade, you can now input your Entitlement Key and specify which features you want installed and also whether or not this computer should act like a Relay Server (determines whether or not other computers should connect to this computer to install updates from). By leaving the Entitlement Key field blank, McAfee Endpoint Protection will be installed in trial mode.

new-antimalware-options-for-protecting-azure-virtual-machines

Activate your McAfee Endpoint Protection Trial

After the extension has finished installing, if you had installed McAfee Endpoint Protection in trial mode you can now log into your VM and through the McAfee console activate your software by signing up for a free 30-day trial.

new-antimalware-options-for-protecting-azure-virtual-machines

Microsoft Antimalware

Microsoft Antimalware is officially generally available now and as part of this release, we have provided more configuration options at install time to allow easy setup of the scanning engine.  You can now configure file exclusions, scan settings, schedules for scans, and settings for monitoring the agent. These new configurations are available through PowerShell and the Preview Portal but not the current management portal. To learn more, please see the following blog: Microsoft Antimalware for Azure Cloud Services and Virtual Machines.  Here is a quick look at the new configuration options supported.

new-antimalware-options-for-protecting-azure-virtual-machines

These new extensions provide new options to help secure and manage Azure Virtual Machines. As always, if you have any feedback please let us know your comments and suggestions here.