Endpoint Protection Solutions with Virtual Machines VMs

  1. Home
  2. Endpoint Protection Solutions with Virtual Machines VMs

Go back to AZ-500 Tutorials

In this tutorial, we will learn and understand about the endpoint protection solutions Security Center and the endpoint protection assessment and recommendations in Azure Security Center.

endpoint protection solutions
Image Source: Microsoft

However, Azure Security Center gives health assessments of supported versions of Endpoint protection solutions. This scenarios leads Security Center for generating two recommendations:

  • Firstly, installing endpoint protection solutions on your virtual machine
  • Secondly, resolving endpoint protection health issues on your machines

Windows Defender

  • In this, firstly, security Center gives recommendation for “Installing endpoint protection solutions on virtual machine” when Get-MpComputerStatus runs and the result is AMServiceEnabled: False
  • Secondly, security Center  gives recommendation for “Resolving endpoint protection health issues on your machines” when Get-MpComputerStatus runs and any of the following properties are false:
  1. AMServiceEnable
  2. AntispywareEnabled
  3. RealTimeProtectionEnabled
  4. BehaviorMonitorEnabled
  5. IoavProtectionEnabled
  6. OnAccessProtectionEnabled

And, if one or both of the following properties are 7 or more.

  1. AntispywareSignatureAge
  2. AntivirusSignatureAge
AZ-500 practice tests

Microsoft System Center endpoint protection

  • In this, firstly, security Center  gives recommendation for “Installing endpoint protection solutions on virtual machine” when importing SCEPMpModule (“$env:ProgramFiles\Microsoft Security Client\MpProvider\MpProvider.psd1”) and running Get-MProtComputerStatus results with AMServiceEnabled = false
  • Secondly, security Center gives recommendation for “Resolving endpoint protection health issues on your machines” when Get-MprotComputerStatus runs and any of the following occurs:

If at least one of the following properties is false:

  1. AMServiceEnabled
  2. AntispywareEnabled
  3. RealTimeProtectionEnabled
  4. BehaviorMonitorEnabled
  5. IoavProtectionEnabled
  6. OnAccessProtectionEnabled

And, if one or both of the following Signature Updates is greater or equal to 7.

  1. AntispywareSignatureAge
  2. AntivirusSignatureAge

Trend Micro

  • In this, firstly, security Center recommends you “Install endpoint protection solutions on virtual machine” when any of the following checks aren’t met:
  1. HKLM:\SOFTWARE\TrendMicro\Deep Security Agent exists
  2. HKLM:\SOFTWARE\TrendMicro\Deep Security Agent\InstallationFolder exists
  3. The dsa_query.cmd file is located in the Installation Folder
  4. Running dsa_query.cmd results with Component.AM.mode: on – Trend Micro Deep Security Agent identified.

Symantec endpoint protection

In this, firstly, security Center recommends you “Install endpoint protection solutions on virtual machine” when any of the following checks aren’t met:

  • HKLM:\Software\Symantec\Symantec Endpoint Protection\CurrentVersion\PRODUCTNAME = “Symantec Endpoint Protection”
  • HKLM:\Software\Symantec\Symantec Endpoint Protection\CurrentVersion\public-opstate\ASRunningStatus = 1
Or
  • HKLM:\Software\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion\PRODUCTNAME = “Symantec Endpoint Protection”
  • HKLM:\Software\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion\public-opstate\ASRunningStatus = 1

Then, security Center recommends you “Resolve endpoint protection health issues on your machines” when any of the following checks aren’t met:

  • Firstly, check Symantec Version >= 12: Registry location: HKLM:\Software\Symantec\Symantec Endpoint Protection\CurrentVersion” -Value “PRODUCTVERSION”
  • Secondly, check Real Time Protection status: HKLM:\Software\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan\OnOff == 1
  • Thirdly, review Signature Update status: HKLM\Software\Symantec\Symantec Endpoint Protection\CurrentVersion\public-opstate\LatestVirusDefsDate <= 7 days
  • Then, review Full Scan status: HKLM:\Software\Symantec\Symantec Endpoint Protection\CurrentVersion\public-opstate\LastSuccessfulScanDateTime <= 7 days
  • After that, find signature version number Path to signature version for Symantec 12: Registry Paths+ “CurrentVersion\SharedDefs” -Value “SRTSP”
  • Lastly, path to signature version for Symantec 14: Registry Paths+ “CurrentVersion\SharedDefs\SDSDefs” -Value “SRTSP”

McAfee endpoint protection for Windows

In this, security Center recommends you “Install endpoint protection solutions on virtual machine” when any of the following checks aren’t met:

  • HKLM:\SOFTWARE\McAfee\Endpoint\AV\ProductVersion exists
  • HKLM:\SOFTWARE\McAfee\AVSolution\MCSHIELDGLOBAL\GLOBAL\enableoas = 1

Then, security Center recommends you “Resolve endpoint protection health issues on your machines” when any of the following checks aren’t met:

  • McAfee Version: HKLM:\SOFTWARE\McAfee\Endpoint\AV\ProductVersion >= 10
  • Find Signature Version: HKLM:\Software\McAfee\AVSolution\DS\DS -Value “dwContentMajorVersion”
  • Find Signature date: HKLM:\Software\McAfee\AVSolution\DS\DS -Value “szContentCreationDate” >= 7 days
  • Search for Scan date: HKLM:\Software\McAfee\Endpoint\AV\ODS -Value “LastFullScanOdsRunTime” >= 7 days
Az-500 Online Course

Reference: Microsoft Documentation

Go back to AZ-500 Tutorials

Menu