external help file | ms.assetid | online version | schema |
---|---|---|---|
Microsoft.WindowsAzure.Commands.ServiceManagement.dll-Help.xml |
FDA81DCB-04A4-44E5-89CD-3C36F9BB6FA9 |
2.0.0 |
Configures the Microsoft Antimalware extension for a virtual machine.
[!INCLUDE rdfe-banner]
Set-AzureVMMicrosoftAntimalwareExtension [-AntimalwareConfigFile] <String> [[-Version] <String>]
[[-Monitoring] <String>] [[-StorageContext] <AzureStorageContext>] -VM <IPersistentVM>
[-Profile <AzureSMProfile>] [-InformationAction <ActionPreference>] [-InformationVariable <String>]
[<CommonParameters>]
Set-AzureVMMicrosoftAntimalwareExtension [-AntimalwareConfiguration] <String> [[-Version] <String>]
[[-Monitoring] <String>] [[-StorageContext] <AzureStorageContext>] -VM <IPersistentVM>
[-Profile <AzureSMProfile>] [-InformationAction <ActionPreference>] [-InformationVariable <String>]
[<CommonParameters>]
Set-AzureVMMicrosoftAntimalwareExtension [[-Version] <String>] [-Disable] -VM <IPersistentVM>
[-Profile <AzureSMProfile>] [-InformationAction <ActionPreference>] [-InformationVariable <String>]
[<CommonParameters>]
Set-AzureVMMicrosoftAntimalwareExtension [-Uninstall] -VM <IPersistentVM> [-Profile <AzureSMProfile>]
[-InformationAction <ActionPreference>] [-InformationVariable <String>] [<CommonParameters>]
Set-AzureVMMicrosoftAntimalwareExtension [-Monitoring] <String> [[-StorageContext] <AzureStorageContext>]
[-NoConfig] -VM <IPersistentVM> [-Profile <AzureSMProfile>] [-InformationAction <ActionPreference>]
[-InformationVariable <String>] [<CommonParameters>]
The Set-AzureVMMicrosoftAntimalwareExtension cmdlet configures the Microsoft Antimalware extension for a virtual machine. You can enable, disable, or uninstall the extension.
PS C:\> Get-AzureVM -ServiceName "ContosoService03" -Name "ContosoVM22" | Set-AzureVMMicrosoftAntimalwareExtension -AntimalwareConfigFile 'C:\configuration\contosoVM.json' | Update-AzureVM
This command enables the Microsoft Antimalware extension by using a configuration file. The command uses the Get-AzureVM cmdlet to get the specified virtual machine object, and then passes the object to the current cmdlet by using the pipeline operator.
PS C:\> $StorageContext = New-AzureStorageContext -StorageAccountName "contosostoragemain" -StorageAccountKey (Get-AzureStorageKey -StorageAccountName "Contosostoragemain").PrimaryP
S C:\> Get-AzureVM -ServiceName "ContosoService03" -Name"ContosoVM22" | Set-AzureVMMicrosoftAntimalwareExtension -AntimalwareConfigFile 'C:\configuration\contosoVM.json" -Monitoring ON -StorageContext $StorageContext | Update-AzureVM
The first command creates an AzureStorageContext object by using the New-AzureStorageContext cmdlet, and then stores it in the $StorageContext variable.
PS C:\> $Config_String = [IO.File]::ReadAllText('C:\configuration\contosoVM.json')
PS C:\> Get-AzureVM -ServiceName "ContosoService03" -Name "ContosoVM22" | Set-AzureVMMicrosoftAntimalwareExtension -AntimalwareConfiguration $Config_String | Update-AzureVM
The first command creates a string object by reading a JSON configuration for the Microsoft Antimalware extension, and then storing it in the $config_string variable.
PS C:\> Get-AzureVM -ServiceName "ContosoService03" -Name "ContosoVM22" | Set-AzureVMMicrosoftAntimalwareExtension -Disable | Update-AzureVM
This command disables the extension without removing it. The command uses Get-AzureVM to get the specified virtual machine object, and then passes the object to the current cmdlet.
PS C:\> Get-AzureVM -ServiceName "ContosoService03" -Name"ContosoVM22" | Set-AzureVMMicrosoftAntimalwareExtension -Uninstall | Update-AzureVM
This command removes the Microsoft Antimalware extension from the virtual machine. The command uses Get-AzureVM to get the specified virtual machine object, and then passes the object to the current cmdlet.
Specifies the absolute path of the Microsoft Antimalware configuration file. Do not specify this parameter if you specify the AntimalwareConfiguration parameter. The configuration file must include, at a minimum, the following content to enable the Microsoft Antimalware extension:
{ "AntimalwareEnabled": true }
Type: String
Parameter Sets: EnableMicrosoftAntimalwareExtensionJsonConfigFilePath
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies a string object that contains the Microsoft Antimalware configuration. This object must not be $Null or empty. Do not specify this parameter if you specify the AntimalwareConfigFile parameter. The configuration object must include, at a minimum, the following content to enable the Microsoft Antimalware extension: ****{ "AntimalwareEnabled": true }
Microsoft Antimalware JSON configuration sample:
{ "AntimalwareEnabled": true, "RealtimeProtectionEnabled": true, "ScheduledScanSettings": { "isEnabled": true, "day": 1, "time": 120, "scanType": "Full" },
"Exclusions": { "Extensions": ".ext1;.ext2", "Paths": "c:\excluded-path-1;c:\excluded-path-2", "Processes": "excludedproc1.exe;excludedproc2.exe" }
}
Notes: AntimalwareEnabled is a required parameter. Values: true= Enable. false= Error out as false is not a supported value
RealtimeProtectionEnabled: true/false. true = Enable. false = Disable. Default is true
ScheduledScanSettings:
isEnabled=true/false
day=0-8 (0-daily, 1-Sunday, 2-Monday, ...., 7-Saturday, 8-Disabled)
time=0-1440 (measured in minutes after midnight - 60->1AM, 120 -> 2AM, ...
)
scanType="Quick" or "Full" (Default is Quick)
Note: If isEnabled=true is the only setting provided, the following defaults are set: day=7 (Saturday), time=120 (2 AM), scanType="Quick"
Exclusions:
Multiple exclusions in the same list are specified by using semicolon delimiters.
If no exclusions are specified, then the existing exclusions, if any, are overwritten by blank on the system.
Type: String
Parameter Sets: EnableMicrosoftAntimalwareExtensionJsonConfig
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Indicates that the cmdlet disables the Microsoft Antimalware extension. To re-enable the extension on the same virtual machine, run Set-AzureVMMicrosoftAntimalwareExtension without the Disable parameter.
Type: SwitchParameter
Parameter Sets: DisableMicrosoftAntimalwareExtension
Aliases:
Required: False
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies how this cmdlet responds to an information event.
The acceptable values for this parameter are:
- Continue
- Ignore
- Inquire
- SilentlyContinue
- Stop
- Suspend
Type: ActionPreference
Parameter Sets: (All)
Aliases: infa
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specifies an information variable.
Type: String
Parameter Sets: (All)
Aliases: iv
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specifies whether to collect Microsoft Antimalware events.
The acceptable values for this parameter are:
- ON. Collect Microsoft Antimalware events to storage context.
- OFF. Do not collect Microsoft Antimalware events.
Type: String
Parameter Sets: EnableMicrosoftAntimalwareExtensionJsonConfigFilePath, EnableMicrosoftAntimalwareExtensionJsonConfig
Aliases:
Required: False
Position: 3
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Type: String
Parameter Sets: ConfigureMicrosoftAntimalwareMonitoring
Aliases:
Required: True
Position: 3
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Indicates that this cmdlet specifies the NoConfig option.
Type: SwitchParameter
Parameter Sets: ConfigureMicrosoftAntimalwareMonitoring
Aliases:
Required: True
Position: 3
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies the Azure profile from which this cmdlet reads. If you do not specify a profile, this cmdlet reads from the local default profile.
Type: AzureSMProfile
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specifies an Azure storage context for Microsoft Antimalware monitoring.
Type: AzureStorageContext
Parameter Sets: EnableMicrosoftAntimalwareExtensionJsonConfigFilePath, EnableMicrosoftAntimalwareExtensionJsonConfig, ConfigureMicrosoftAntimalwareMonitoring
Aliases:
Required: False
Position: 4
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Indicates that this cmdlet uninstalls the Microsoft Antimalware extension from the virtual machine. If monitoring was turned on, the cmdlet also removes the collection of Microsoft Antimalware events.
Type: SwitchParameter
Parameter Sets: UninstallMicrosoftAntimalwareExtension
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies the extension version as a string. Note: The supported version is 1.5. The older versions are not supported by Microsoft.
Type: String
Parameter Sets: EnableMicrosoftAntimalwareExtensionJsonConfigFilePath, EnableMicrosoftAntimalwareExtensionJsonConfig, DisableMicrosoftAntimalwareExtension
Aliases:
Required: False
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies the virtual machine as an IPersistentVM object.
Type: IPersistentVM
Parameter Sets: (All)
Aliases: InputObject
Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
Get-AzureVMMicrosoftAntimalwareExtension