Suspicious activity

Defender for Cloud: Antimalware disabled and code execution in your virtual machine

Risk Level

Informational (4)



Antimalware disabled at the same time as code execution on your virtual machine. This was detected by analyzing Azure Resource Manager operations in your subscription. Attackers disable antimalware scanners to prevent detection while running unauthorized tools or infecting the machine with malware.
  • Recommended Mitigation

    It is recommended to review the permissions which were used to make this operation.