IaaSAntimalware Extension Status NotReady if Installed with no Configuration

  • Article

The Microsoft Antimalware extension (IaaSAntimalware) requires a minimum configuration when installed, otherwise its status will be NotReady. When you add the IaaSAntimalware extension using the Azure management portal, that minimum configuration is included by default, but when you add the extension using PowerShell, you must remember to include it.

You can view extension status in the Azure management portal or with Azure PowerShell.

Get-AzureVM example for checking extension status of a classic (a.k.a. V1) VM:

(Get-AzureVM -ServiceName mycloudservice -Name myvm).ResourceExtensionStatusList

Get-AzureRmVM example for checking status of a resource manager (a.k.a. V2) VM:

Get-AzureRmVM -ResourceGroupName myresourcegroup -VMName myvm -Status

For V1 VMs, you can use either the Set-AzureVMMicrosoftAntimalwareExtension cmdlet or the Set-AzureVMExtension cmdlet to install the IaaSAntimalware extension in the VM.

Set-AzureVMMicrosoftAntimalwareExtension example:

Get-AzureVM -ServiceName mycloudservice -Name myvm | Set-AzureVMMicrosoftAntimalwareExtension -AntimalwareConfiguration '{"AntimalwareEnabled": true}' -Version * | Update-AzureVM

Set-AzureVMExtension example:

Get-AzureVM -ServiceName mycloudservice -Name myvm | Set-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -PublicConfiguration '{"AntimalwareEnabled": true}' -Version * | Update-AzureVM

For V2 VMs, you can use the Set-AzureRmVMExtension cmdlet:

Set-AzureRmVMExtension -ResourceGroupName myresourcegroup -VMName myvm -Name IaaSAntimalware -Publisher Microsoft.Azure.Security -ExtensionType IaaSAntimalware -TypeHandlerVersion 1.3 -SettingString '{"AntimalwareEnabled":true}' -Location westus

Both of the V1 cmdlets above let you specify an asterisk as a wildcard, e.g. -Version * to install the latest version of the extension, or you can specify an explicit version, e.g. -Version 1.3.

The V2 cmdlet requires an explicit version, e.g. -TypeHandlerVersion 1.3.

The above example uses IaaSAntimalware for both -Name and -ExtensionType, but you could use any string for -Name since that is a friendly name/display name you are giving that instance of the extension in the VM.

You can use the Get-AzureVMAvailableExtension V1 cmdlet to determine the latest version of an extension, because extension versions are the same for V1 and V2 VMs.

For example, to find out what is the latest version of the IaaSAntimalware extension:

PS C:\> Get-AzureVMAvailableExtension | where ExtensionName -eq IaaSAntimalware

Publisher : Microsoft.Azure.Security
ExtensionName : IaaSAntimalware
Version : 1.3
Label : Microsoft Antimalware
Description : Microsoft Antimalware
PublicConfigurationSchema :
PrivateConfigurationSchema :
IsInternalExtension : False
SampleConfig : {"PublicConfig":"{\"AntimalwareEnabled\":true}","PrivateConfig":null}
ReplicationCompleted : True
Eula : https://azure.microsoft.com/en-us/support/legal/subscription-agreement/
PrivacyUri : https://azure.microsoft.com/en-us/support/legal/privacy-statement/
HomepageUri : https://go.microsoft.com/fwlink/?LinkId=398023
IsJsonExtension : True
DisallowMajorVersionUpgrade : False
SupportedOS :
PublishedDate : 10/26/2015 2:48:58 PM
CompanyName : Microsoft Corporation
Regions :

The IaaSAntimalware configuration is documented in the following locations:

  1. Set-AzureVMMicrosoftAntimalwareExtension - has examples for installing it on V1 VMs, including configuration examples.
     
  2. Azure Windows VM Extension Configuration Samples - useful page with config samples for not just IaaSAntimalware, but also CustomScriptExtension, VMAccessAgent, DSC, IaaSDiagnostics, MicrosoftMonitoringAgent, SymantecEndpointProtection, TrendMicroDSA, VormetricTransparentEncryptionAgent, PuppetEnterpriseAgent, McAfeeEndpointSecurity, ESET, DatadogWindowsAgent, ConferForAzure, CloudLinkSecureVMWindowsAgent, BarracudaConnectivityAgent, AlertLogicLM, and ChefClient.
     
  3. Create a Windows VM with Anti-Malware extension enabled - JSON template for creating V2 VM with IaaSAntimalware installed.
     
  4. Microsoft Antimalware Whitepaper - not yet updated with V2 VM examples, but the config hasn't changed and that is documented in Appendix A.