Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sessionHostsAntimalwareExtension - Deployment on Windows 10/11 Desktop OS #677

Closed
OrionWithrow-OHIT opened this issue Oct 4, 2024 · 4 comments
Closed

sessionHostsAntimalwareExtension - Deployment on Windows 10/11 Desktop OS #677

OrionWithrow-OHIT opened this issue Oct 4, 2024 · 4 comments
Labels
bug Something isn't working

Comments

@OrionWithrow-OHIT
Copy link

What happened? Provide a clear and concise description of the bug, including deployment details.

Microsoft support advised that the Session Hosts Antimalware Extension should not be deployed on Windows 11

The message from support is as follows:
"I would suggest you check the Image configurations and compatibility of IaaSAntimalware extensions with OS which you are using inside VM. Because, as per the collab case support engineer, the Antimalware extension is typically deployed on server 2008 r2 and server 2012 r2 to install Windows Defender. Server 2016 and up already have Defender pre-installed, so it is expected for the extension to fail on those server and desktop OSes"

Please provide the correlation id associated with your error or bug.

xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

What was the expected outcome?

sessionHostsAntimalwareExtension shouldn't be included, and should be removed from the template

Relevant log output

Randomly receiving the below error, but not consistently:

{
  "code": "BadRequest",
  "message": "Multiple VMExtensions per handler not supported for OS type 'Windows'. VMExtension 'IaaSAntimalware' with handler 'Microsoft.Azure.Security.IaaSAntimalware' already added or specified in input."
}
@OrionWithrow-OHIT OrionWithrow-OHIT added the bug Something isn't working label Oct 4, 2024
@d875167
Copy link

d875167 commented Oct 5, 2024

For me the extension works fine on W11 but it seems to interfere with other tools that manage defender like intune.
So I think there should be at least a parameter to disable the extension for both greenfield and brownfield deployments.

https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/iaas-antimalware-windows#operating-system

@OrionWithrow-OHIT
Copy link
Author

From the link:

The Microsoft Antimalware for Azure solution includes the Microsoft Antimalware Client, and Service, Antimalware classic deployment model, Antimalware PowerShell cmdlets, and Azure Diagnostics Extension. The Microsoft Antimalware solution is supported on Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 operating system families. It isn't supported on the Windows Server 2008 operating system, and also isn't supported in Linux.

Windows Defender is the built-in Antimalware enabled in Windows Server 2016. The Windows Defender Interface is also enabled by default on some Windows Server 2016 SKUs. The Azure VM Antimalware extension can still be added to a Windows Server 2016 and above Azure VM with Windows Defender.

I would suggest we add a toggle to remove this extension, at a minimum

@danycontre
Copy link
Collaborator

@d875167 @OrionWithrow-OHIT thanks for your feedback, we are reviewing it.

@swathibhat1

@danycontre
Copy link
Collaborator

@d875167 @OrionWithrow-OHIT Bicep/ARM/Portl Ui updated to provide an option to enable or not VM antimalware extension (PR #681).

Image

Image

@jamasten @swathibhat1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@d875167 @danycontre @OrionWithrow-OHIT