I recently had a malware alert on my Azure VM running Windows 10. The malware has been removed, but I would like help completing a forensic analysis of the file path that had the malware alert

Question

I recently had a malware alert on my Azure VM running Windows 10. The malware has been removed, but I would like help completing a forensic analysis of the file path that had the malware alert. My company would like more information on how this malware made it way to our VM, when we are on a VPN with limited access. We wish to find out more information, in order to remediate and prevent any more alerts in the future.

How do I go about getting Microsoft assistance with this process?

Answer 1

You'd need to enroll for CWPP (and CSPM) of Microsoft Defender for Cloud (in particular, Defender for Servers)

More at https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-cloud-introduction

and

https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-servers-overview

---

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin

Answer 2

Hello @Matt Riddle ,

In addition to the information provided by @Marcin Policht , please refer to the below documents related to the Overview of Agentless malware scanning for Virtual Machines in Microsoft Defender for Cloud which will be helpful.

Agentless malware scanning for machines in Microsoft Defender for Cloud - Microsoft Defender for Cloud | Microsoft Learn

Enable agentless scanning for VMs - Microsoft Defender for Cloud | Microsoft Learn

I hope this above information provided is helpful. Please feel free to reach out if you have any further questions.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".