How to disable the built-in vulnerability assessment solution on virtual machines (powered by Qualys)

Sakaldeep Yadav 161 Reputation points MVP
2020-07-22T10:46:17.25+00:00

Hi,

How to disable the built-in vulnerability assessment solution on virtual machines (powered by Qualys) from Azure security center recommendation?

Already tried to disable using Azure Policy "Vulnerability Assessment should be enabled on Virtual Machines" but no luck.

thanks

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,250 questions
0 comments
Accepted answer
  1. Sakaldeep Yadav 161 Reputation points MVP
    2020-07-22T13:56:04.073+00:00

    1. Security center->Security policy->View effective policy

    2. Click on “ ASC Default (xxxxxx)”
    13366-image.png

    3. While editing the policy you have to look for below instead of “Enable the built-in vulnerability assessment solution on virtual machines (powered by Qualys)” and select disabled.
    13128-image.png

    4. The recommendation will be gone. You will also see something like below in Security policy.
    13314-image.png
    I hope this helps.

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ken Golitin 21 Reputation points
    2020-07-22T11:52:02.883+00:00

    Hi,

    Here you have a recommendation table:
    https://video2.skills-academy.com/en-us/azure/security-center/recommendations-reference

    Check out "Enable the built-in vulnerability assessment solution on virtual machines"

    However, why not to deploy it ?
    Deploying the Qualys built-in vulnerability scanner
    Open Azure Security Center and go to the Recommendations page for a subscription on the standard pricing tier.

    Select the recommendation named "Enable the built-in vulnerability assessment solution on virtual machines (powered by Qualys)".

    From the Unhealthy resources tab, select the VMs on which you want to deploy the Qualys scanner and click Remediate.

    The scanner extension will be installed on all of the selected VMs.

    If the deployment fails on one or more VMs, ensure the target VMs can communicate with Qualys's cloud service on the following two IP addresses (via port 443 - the default for HTTPS):

    64.39.104.113
    154.59.121.74

    https://video2.skills-academy.com/en-us/azure/security-center/built-in-vulnerability-assessment

    Please make this as answered if it solves your issue.
    Thank you.
    KEN