Azure Virtual Machine Does Not Have Endpoint Protection Installed

This policy identifies Azure Virtual Machines (VMs) that do not have endpoint protection installed. Installing endpoint protection systems (like Antimalware for Azure) provides for real-time protection capability that helps identify and remove viruses, spyware, and other malicious software. As a best practice, install endpoint protection on all VMs and computers to help identify and remove viruses, spyware, and other malicious software.

Policy Details

Policy Subtype
Run, Build
Severity
Medium
Template Type
Terraform

Build Rules

Azure Virtual Machine does not have endpoint protection installed.
JSON Query:
$.resource.*.azurerm_virtual_machine size greater than 0 and $.resource.*.azurerm_virtual_machine_extension[*].*[*].type does not contain EndpointSecurity and $.resource.*.azurerm_virtual_machine_extension[*].*[*].type does not contain TrendMicroDSA and $.resource.*.azurerm_virtual_machine_extension[*].*[*].type does not contain Antimalware and $.resource.*.azurerm_virtual_machine_extension[*].*[*].type does not contain EndpointProtection and $.resource.*.azurerm_virtual_machine_extension[*].*[*].type does not contain SCWPAgent and $.resource.*.azurerm_virtual_machine_extension[*].*[*].type does not contain PortalProtectExtension and $.resource.*.azurerm_virtual_machine_extension[*].*[*].type does not contain FileSecurity
Recommendation:
Recommended solution to ensure Azure virtual machine has endpoint protection installed.
Ensure that Azure Virtual Machine has endpoint protection installed. Please make sure the template have "type" set as one of the endpoint security.
For example:
"azurerm_virtual_machine_extension": [ { "<virtual_machine_extension_name>": [ { "location": "${azurerm_resource_group.example.location}", "name": "hostname", "publisher": "McAfee.EndpointSecurity", "resource_group_name": "${azurerm_resource_group.example.name}", "type": "McAfeeEndpointSecurity", "type_handler_version": "2.0", "virtual_machine_name": "${azurerm_virtual_machine.example.name}" } ] } ]

Run Rule Recommendation

  1. Log in to the Azure portal.
  2. Select 'Virtual machines', and select the VM you need to modify.
  3. Select 'Extensions', and '+Add'.
  4. Select the endpoint protection you want to enable on the VM.
  5. Select 'Create', and enter the details for the endpoint vendor you choose.
  6. Select 'OK'.

Compliance

There are 3 standards that are applicable to this policy:
  • CIS v1.1 (Azure)
  • PIPEDA
  • CCPA 2018

Recommended For You