Home / server / Questions / 914604
Accepted
Ashish Gupta
Asked: 2018-06-01 04:27:01 +0800 CST

Ensuring anti-malware agent on azure VMs

  • 772

I want to make sure an anti-malware agent on any new VMs we create and there is no VM extension available for that agent vendor, should I create an “managed image” from a base VM which has the anti-malware agent on it and create VM from that managed image?

It works very well but Is this the right thing to do or there a better way of doing this?

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/capture-image-resource

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/create-vm-generalized-managed

azure

1 Answers

  1. Best Answer

    If there is no VM extension then you really have two options:

    1. Use a custom image as you mentioned to have the agent pre-installed
    2. Use either the DSC or Custom Script extension with your VM to run some PowerShell DSC or a custom script to install the agent

    Both these options will work, your choice will depend on a couple of things:

    1. If you want to manage custom images, this is a lot of work to create new images when updates come out etc, if the only reason you are doing this is for the AV agent then it may not be worth it
    2. Deployment time, if you need your VM to be running as quickly as possible, then using a custom image is the way to go. Using DSC/Script will install the agent at deployment time, which obviously adds to the startup time
    • 2