EmSQandA17 on Tue, 29 May 2018 19:03:58
Hi Security Center Forum,
I've recently onboarded our IAAS ARM installation onto the security center portal.
The majority had the antimalware extension installed.
After I have removed Symantec Endpoint protection, the portal says that the VMs still have Symantec Endpoint protection installed. That's a couple of hours after the uninstallation. Any ideas how I can fix this?
In addition, the majority of VMs are not indicating that the msmpeng.exe isn't running, which means SCEP isn't running, which means, no antimalware protection.
Thanks for any advice or articles that I can look at. I logged a call yesterday with support.
MohitGarg_MSFT on Tue, 29 May 2018 23:05:25
As per Azure Security Center FAQ on Virtual Machine, Azure Security Center has visibility into antimalware installed through Azure extensions. For example, Security Center is not able to detect antimalware that was pre-installed on an image you provided or if you installed antimalware on your virtual machines using your own processes (such as configuration management systems). Also Endpoint Protection issues – data is updated within 8 hours.
Refer to this document which talks about Manage endpoint protection issues with Azure Security Center.