Antimalware Exclusion Path is not getting updated in Azure VM ( plugin/extension used --> Microsoft.Azure.Security.AntimalwareSignature.AntimalwareConfiguration

Question

Antimalware Exclusion Path is not getting updated in Azure VMSS instances
I have installed the below Antimalware extension in Azure VMSS Cluster --> Microsoft.Azure.Security.AntimalwareSignature.AntimalwareConfig

in ARM Template we have its publicsettings as JSONString see below, used powershell cmdlet ( hashtable to json string in order to prevent escaped characters )

{
  "AntimalwareEnabled": true,
  "RealtimeProtectionEnabled": true,
  "ScheduledScanSettings": {
    "isEnabled": true,
    "day": 7,
    "time": 120,
    "scanType": "Quick"
  },
  "Exclusions": {
    "Paths": "F:\\data;C:\\AVM"
  }
}

The exclusion path formatted below is according to the latest microsoft documentation --> https://learn.microsoft.com/en-us/azure/security/fundamentals/antimalware

In Azure VMSS instance registry this exclusion file path is empty ( checked in all possible "hkey_local_machine" paths )

We have Plugin Runtime Settings in correct format as ARM template see below.

Any idea what is going wrong ? Any suggestions on the Exclusion Path correct format?

{"runtimeSettings":[{"handlerSettings":{"publicSettings":{"AntimalwareEnabled":true,"RealtimeProtectionEnabled":true,"ScheduledScanSettings":{"isEnabled":true,"day":7,"time":120,"scanType":"Quick"},"Exclusions":{"Paths":"F:\\data;C:\\AVM"}}}}]}

Answer 1

Hello there,

If the antimalware exclusion path is not getting updated in an Azure VM, there are a few steps you can take to troubleshoot and resolve the issue:

Check Azure Security Center configuration: Confirm that Azure Security Center is correctly configured and enabled for the VM. Antimalware exclusions can be managed through Azure Security Center's security policy. Make sure the appropriate policy is assigned to the VM and that exclusions are defined correctly.

Verify antimalware software: Ensure that the antimalware software installed on the VM is compatible with Azure and supports exclusion path configuration. Some antimalware solutions have specific requirements or limitations when running in a cloud environment.

Update antimalware software: Ensure that you are using the latest version of the antimalware software on the VM. Older versions may have limitations or compatibility issues with Azure VMs. Check the vendor's website or documentation for any updates or patches.

Review exclusion path configuration: Double-check the exclusion path configuration on the VM. Ensure that the exclusion paths are entered correctly and match the intended paths you want to exclude from antimalware scanning. Pay attention to any syntax requirements or limitations specified by the antimalware software.

I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.

Hope this resolves your Query !!

--If the reply is helpful, please Upvote and Accept it as an answer–