Does Microsoft Antimalware delete any files or data that are stored on an Azure virtual machine?

Mahavir Saroj 201 Reputation points
2024-07-08T14:53:14.04+00:00

Microsoft Antimalware for Azure is a free real-time protection that helps identify and remove viruses, spyware, and other malicious software.

I am wondering, does Microsoft Antimalware delete any files or data stored on an Azure virtual machine?

Where can we view the generated logs from Microsoft Anti-Malware?

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,421 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 36,891 Reputation points Microsoft Employee
    2024-07-09T23:34:21.69+00:00

    Hi @Mahavir Saroj ,

    Yes, Microsoft Anti-Malware deletes malicious files stored on Virtual Machines, as documented here:

    "Malware remediation - automatically takes action on detected malware, such as deleting or quarantining malicious files and cleaning up malicious registry entries."

    https://learn.microsoft.com/en-us/azure/security/fundamentals/antimalware

    You can view the logs in your Storage Account once they are configured. As mentioned in the document, the antimalware events are collected from the Windows event system logs to your Azure Storage account. You can configure the Storage Account for your Virtual Machine to collect Antimalware events by selecting the appropriate storage account.

    If you want to leverage these features, you need to enable antimalware event collection for a virtual machine using the Azure Preview Portal:

    1. Click any part of the Monitoring lens in the Virtual Machine blade
    2. Click the Diagnostics command on Metric blade
    3. Select Status ON and check the option for Windows event system
    4. . You can choose to uncheck all other options in the list, or leave them enabled per your application service needs.
    5. The Antimalware event categories "Error", "Warning", "Informational", etc., are captured in your Azure Storage account.

    Note that the Antimalware client isn't installed by default for Virtual Machines and is available as an optional feature through the Azure portal and Visual Studio Virtual Machine configuration under Security Extensions.

    https://learn.microsoft.com/en-us/azure/security/fundamentals/antimalware

    Let me know if this helps and if you have further questions.

    If the information helped you, please Accept the answer. This will help us and improve searchability for others in the community who may be researching similar questions.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.