Suspicious activity

Defender for Cloud: Antimalware file exclusion and code execution in your virtual machine

Risk Level

Informational (4)



File excluded from your antimalware scanner at the same time as code was executed via a custom script extension on your virtual machine. This was detected by analyzing Azure Resource Manager operations in your subscription. Attackers might exclude files from the antimalware scan on your virtual machine to prevent detection while running unauthorized tools or infecting the machine with malware.
  • Recommend icon

    Recommended Mitigation

    It is recommended to review the permissions which were used to make this operation.