Azure Arc
A Microsoft cloud service that enables deployment of Azure services across hybrid and multicloud environments.
435 questions
Has anyone experienced logs being cleared when Azure Arc is updated?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 57.00000000000001%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDA%3C/text%3E%3C/svg%3E)
Deimling, Alex
0
Reputation points
Hello All,
Coinciding with an Azure Arc update we had received an alert that logs were cleared as well. Our client security team explained they have seen this case in other clients as well. But, I cannot find documentation to be 100%, as log clearing can also be an IOC.
I am sure this is a false positive of any malicious intent, but thought id share if anyone else has experienced this?
C:\Program Files\WindowsAdminCenter\PowerShellModules\Microsoft.WindowsAdminCenter.Configuration\Microsoft.WindowsAdminCenter.Configuration.psm1 is the script that was ran which was around same time as Arc update.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 47%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Rahul Podila 110 Reputation points Microsoft Vendor2024-10-03T09:00:08.4933333+00:00 Hi @Deimling, Alex
Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.Check the logs before and after the update for any suspicious activity or patterns. This can help determine if log clearing was a routine task or something more nuisance.
Check any official guidance or notes about Azure Arc updates and log management. Understanding expected behavior today can clarify whether log clearing was normal.
Share your findings with your security team for a joint investigation. Their expertise can help assess whether any project is worthy of further investigation.
Check for future updates and their impact on the logging process. This will help you identify any recurring themes or patterns that may need your attention.
Set alerts for any log-clearing events to ensure early detection in the future. This proactive approach can help catch any potential issues early.
If you have any further queries, do let us know
---------------------------------------------------------------------------------------------------------
If the answer is helpful, please click "Accept Answer" and "Upvote it".
-
Rahul Podila 110 Reputation points Microsoft Vendor
2024-10-04T11:05:26.0933333+00:00 Hi @Deimling, Alex
If you had a chance to see my comment to your question. If it was helpful, please click "Upvote" on my post let us know Thank you...! -
Rahul Podila 110 Reputation points Microsoft Vendor
2024-10-07T14:41:28.04+00:00 Hi @Deimling, Alex
If you had a chance to see my comment to your question. If it was helpful, please click "Upvote" on my post let us know Thank you...!
Sign in to comment
Sign in to answer