Microsoft offers for free it’s antimalware service. When you create a new VM you have the option to enable it. This will install the System Center Endpoint Protection client to the VM managed by Azure. If you have added this but now you want to remove it and add some other antivirus/antimalware solution you cannot do it by just uninstalling the client from the VM. The client will auto re-insalled by Azure. There are two ways to completely uninstall the program and remove it from Azure. One is using the new Portal and one using PowerShell.
Using the Portal
- Go to https://portal.azure.com/
- Browse the VM
- Go to the Configuration section and click on Extensions
- Click the Microsoft.Azure.Security extension
- You can delete it using he Delete button
- At any time you can re-add it, by clicking the Add button at the Extensions window
First connect PowerShell to your Azure subscription, as described to this post and then:
# First check the Antimalware Service Status, you need to select the Azure VM and then get the status:
$servicename = "myVMservice"
$vmname = "myVMname"
$vm = Get-AzureVM –ServiceName $servicename –Name $vmname
Get-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -Version 1.* -VM $vm
#First remove the service from Azure
Remove-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -VM $vm
# Then uninstall the Antimalware Client from the VM
Get-AzureVM -ServiceName $servicename -Name $vmname | Set-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -Version 1.* -Uninstall | Update-AzureVM