mssence.svc is referenced in Exclusions, but Windows Defender Threat Protection is MsSense.exe

[cutecycle]

https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/iaas-antimalware-windows#template-deployment

When adopting the virtualmachine Antimalware extension verbatim and running in parallel with powershell-based Custom Script Extensions, Azure Security Center raises a high severity alert.

We noticed that the arm template set we inherited used the code from here, though we don't have an IIS Server or SQL database on our VM.

We also noticed mssence.svc, which we're assuming to mean "Exclude Windows Defender from the antimalware scan", but Windows Defender is MsSense.exe:

[Enter feedback here]

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 08b1a2dc-7fa3-20d8-d6d9-990bf1cfe34d
• Version Independent ID: 98c9a0f0-35bc-eacd-9aaf-acfd4b968fee
• Content: Microsoft Antimalware Extension for Windows VMs on Azure - Azure Virtual Machines
• Content Source: articles/virtual-machines/extensions/iaas-antimalware-windows.md
• Service: virtual-machines
• Sub-service: extensions
• GitHub Login: @TerryLanfear
• Microsoft Alias: terrylan

[cutecycle]

Proposal: https://github.com/MicrosoftDocs/azure-docs/pull/75926

[Karishma-Tiwari-MSFT]

Thanks for the feedback! I have assigned the issue to the content author to investigate further and review your pull request.

[TerryLanfear]

@cutecycle - Thank you for your feedback. You are correct that the sample code needed an update. The sample code is updated to align with similar documentation on this subject.

please-close