FSLogix Antivirus Exclusions

Matt Canning 1 Reputation point


The antivirus exclusions section of the FSLogix for the enterprise article states that the following Defender exclusions should be created to avoid performance bottlenecks.

  • %Windir%\TEMP*.VHD
  • %Windir%\TEMP*.VHDX
  • \storageaccount.file.core.windows.net\share*.VHD
  • \storageaccount.file.core.windows.net\share*.VHDX

Does Defender scan the individual files contained within the VHD(X) files when the profile is mounted? It seems like a security concern to not scan user profiles. Surely, I'm missing something?

Thanks in advance!

Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,448 questions
{count} votes

1 answer

Sort by: Most helpful
  1. vipullag-MSFT 25,941 Reputation points

    @Matt Canning

    Welcome to Microsoft Q&A Platform, thanks for posting your query here.

    I checked with internal team on this. It is documented that way to mitigate performance issues or delayed file locks when mounting/unmounting VHD(x) files.
    Yes, files inside will be checked by the on-access scanner when used (the files accessed when the profile is mounted will still be scanned during on-access scan).

    Hope this helps.
    If you need further help on this, tag me in a comment.
    If the suggested response helped you resolve your issue, please 'Accept as answer', so that it can help others in the community looking for help on similar topics.

    0 comments No comments