Share via

Azure Local Antivirus

Handian Sudianto 7,026 Reputation points
2026-04-22T04:02:04.6466667+00:00

Can we install 3rd party antivirus tools under Azure Local Node?

Azure Local
0 comments

Answer accepted by question author

  1. Jilakara Hemalatha 12,915 Reputation points Microsoft External Staff Moderator
    2026-04-22T05:26:27.4466667+00:00

    Hi Handian,

    Thank you for your query.

    While third-party antivirus solutions can technically be installed on Azure Local nodes (such as Azure Stack HCI), Microsoft recommends using Microsoft Defender Antivirus as the preferred solution. Defender is natively integrated with the platform and validated to work seamlessly with system updates and cluster operations.

    Using third-party antivirus or malware protection tools may introduce risks such as performance impact or interference with OS updates and critical services, especially if not configured with the appropriate exclusions.

    If you choose to proceed with a third-party solution, it is important to follow Microsoft’s guidance on antivirus exclusions and best practices to avoid any disruption to workloads or cluster stability.

    User's image For more details, please refer to the following documentation:

    Hope this helps! If it helpful! Could you please accept the answer and upvote it. Please let me know if you have any queries in comments.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-04-22T04:02:17.4733333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Yes, third-party antivirus tools can be installed on Azure Local nodes, but Microsoft strongly recommends using Microsoft Defender Antivirus, which is enabled and configured by default on Azure Local.

    Key points from the guidance:

    1. Microsoft Defender Antivirus is the default and recommended solution
      • It provides real-time protection, cloud-delivered protection, automatic sample submission, and always-on content scanning and behavior monitoring.
      • It is enabled by default on Azure Local and is used to protect both the platform and workloads.
    2. If choosing a non-Microsoft antivirus
      • It is advised to select a product that the Independent Software Vendor (ISV) has validated for Azure Local to minimize potential functionality issues.
      • Microsoft explicitly recommends using Microsoft Defender Antivirus rather than third-party antivirus and malware detection software because third-party tools may impact the operating system’s ability to receive updates on Azure Local.
    3. Exclusions if functionality issues occur
      • If non-Microsoft antivirus causes issues with Azure Local, the following paths can be excluded from scanning:
        • C:\Agents\*
        • C:\CloudContent\*
        • C:\CloudDeployment\*
        • C:\ClusterStorage\*
        • C:\EceStore\*
        • C:\MASLogs\*
        • C:\NugetStore\*
        • C:\deploymentpackage\*
        • C:\ProgramData\GuestConfig\extension\_logs\*
    4. Defender-related features integrated with Azure Local
      • Microsoft Defender Antivirus (Windows Defender Antivirus) is referenced repeatedly as the built-in malware protection for Azure Local and is part of the platform’s security posture and compliance story (PCI DSS, ISO/IEC 27001, HIPAA).

    In summary: third-party antivirus is technically possible on Azure Local nodes, but the supported and recommended configuration is to keep Microsoft Defender Antivirus enabled and, if a third-party product is used, ensure it is ISV-validated for Azure Local and configured with the recommended exclusions.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.