Control: 7.5 Ensure that the endpoint protection for all Virtual Machines is installed
Description
Install endpoint protection for all virtual machines.
Installing endpoint protection systems (like anti-malware for Azure) provides for realtime protection capability that helps identify and remove viruses, spyware, and other malicious software. These also offer configurable alerts when known-malicious or unwanted software attempts to install itself or run on Azure systems.
Remediation
Follow Microsoft Azure documentation to install endpoint protection from the security center. Alternatively, you can employ your own endpoint protection tool for your OS.
From Azure Portal
- Go to
Security Center - Click the
Recommendationsblade - Ensure that there are no recommendations for
Endpoint Protection not installed on Azure VMs
From Azure CLI
az vm show -g MyResourceGroup -n MyVm -dIt should list below or any other endpoint extensions as one of the installed extensions.
EndpointSecurity || TrendMicroDSA* || Antimalware || EndpointProtection ||SCWPAgent || PortalProtectExtension* || FileSecurity*Alternatively, you can employ your own endpoint protection tool for your OS.
Default Value
By default Endpoint Protection is disabled.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.cis_v150_7_5Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.cis_v150_7_5 --shareSQL
This control uses a named query:
manual_control