FSLogix Antivirus Exclusions

Matt Canning 1 Reputation point
2022-10-26T19:26:36.507+00:00

Hello,

The antivirus exclusions section of the FSLogix for the enterprise article states that the following Defender exclusions should be created to avoid performance bottlenecks.

  • %Windir%\TEMP*.VHD
  • %Windir%\TEMP*.VHDX
  • \storageaccount.file.core.windows.net\share*.VHD
  • \storageaccount.file.core.windows.net\share*.VHDX

Does Defender scan the individual files contained within the VHD(X) files when the profile is mounted? It seems like a security concern to not scan user profiles. Surely, I'm missing something?

Thanks in advance!

Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,050 questions
FSLogix
FSLogix
A set of solutions that enhance, enable, and simplify non-persistent Windows computing environments and may also be used to create more portable computing sessions when using physical devices.
410 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. vipullag-MSFT 19,161 Reputation points Microsoft Employee
    2022-10-27T11:13:22.333+00:00

    @Matt Canning

    Welcome to Microsoft Q&A Platform, thanks for posting your query here.

    I checked with internal team on this. It is documented that way to mitigate performance issues or delayed file locks when mounting/unmounting VHD(x) files.
    Yes, files inside will be checked by the on-access scanner when used (the files accessed when the profile is mounted will still be scanned during on-access scan).

    Hope this helps.
    If you need further help on this, tag me in a comment.
    If the suggested response helped you resolve your issue, please 'Accept as answer', so that it can help others in the community looking for help on similar topics.

    0 comments