none
How to view anti malware scan results in storage account

    General discussion

  • Hi ,

    Can anyone tell me how to view anti malware scan results in azure storage account after enable anti malware for cloud services or Virtual machine

    Is there any option for viewing scan results in portal?

    I am searching for it but unable to find

    It is very urgent that i need to view my scan result for my VM


    • Edited by vijaykantu Monday, October 31, 2016 5:42 AM
    Monday, October 31, 2016 5:41 AM

All replies

  • See To enable antimalware event collection for a virtual machine using the Azure Preview Portal: in https://azure.microsoft.com/en-us/documentation/articles/azure-security-antimalware/

    Monday, October 31, 2016 8:44 AM
  • Thanks for the reply.

    But in the above mentioned link, there is nothing related to viewing the anti malware scan results for cloud services in storage account


    • Edited by vijaykantu Monday, October 31, 2016 9:31 AM
    Monday, October 31, 2016 9:14 AM
  • Vijaykantu,

    pls refer to https://blogs.msdn.microsoft.com/azuresecurity/2016/04/19/enabling-diagnostics-logging-for-azure-antimalware/

    In short, you need to enable diagnostics logging and search entries in WADWindowsEventLogsTable 

    hth
    Marcin



    Monday, October 31, 2016 11:34 AM
  • Is there any solution to store the anti malware information in blob storage instead of WADWindowsEventLogsTable ?
    Tuesday, November 1, 2016 11:56 AM
  • If this is really important to you, you might want to try tinkering with the diagnostics schema to determine whether this is a possibility - more at https://msdn.microsoft.com/en-us/library/azure/dn782207.aspx

    hth
    Marcin


    Tuesday, November 1, 2016 12:17 PM
  • Actually, i was strucked in a problem that i need to show anti malware scan results in blob storage or portal to my higher authorities after enable to the cloud service\virtual machine

    I have enabled the anti malware for cloud services using power shell. Now i want to see the scan results in blob storage or portal

    since many days i am searching for that but couldn't find any solution

    Please help me


    Wednesday, November 2, 2016 4:25 AM
  • Hi vijaykantu,

    You could enable antimalware event collection for a virtual machine using the Azure Preview Portal:

    1.Click any part of the Monitoring lens in the Virtual Machine blade

    2.Click the Diagnostics command on Metric blade

    3.Select Status ON and check the option for Windows event system

    4. You can choose to uncheck all other options in the list, or leave them enabled per your application service needs.

    5.The Antimalware event categories “Error”, “Warning”, “Informational”, etc., are captured in your Azure Storage account.

    Antimalware events are collected from the Windows event system logs to your Azure Storage account. You can configure the Storage Account for your Virtual Machine to collect Antimalware events by selecting the appropriate storage account.

    You could see the events by using Azure Storage Explorer.

    If you still have questions, welcome to post back here. Thanks.

    Regards,

    Walter


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.



    Wednesday, November 2, 2016 7:14 AM
  • Thanks for your information.

    But i want to see the anti malware information in Blob storage

    Actually, WADWindowsEventLogsTable is in Table storage


    Wednesday, November 2, 2016 9:40 AM
  • Set up a job (e.g. Azure Automation) that would copy the content of the table into blob

    hth
    Marcin

    Wednesday, November 2, 2016 10:37 AM
  • So if antimalware quarantines something you have to scour through events in Azure Storage Explorer to find out if that happened. I know this is freeware but that seems pretty ridiculous.
    Monday, January 22, 2018 8:07 PM