Antimalware support on UWF-protected devices
Learn how to enable antimalware support on your USB Filter-enabled Windows 10 Enterprise device.
When using antimalware software on your Unified Write Filter (UWF)-protected device, you must add the required file and registry exclusions that enable the software to apply updates to signature files and persist changes to the device after a system restart.
Add support for Microsoft Defender on UWF-protected devices
Add these exclusions to UWF:
- File exclusions
- C:\Program Files\Microsoft Defender
- C:\ProgramData\Microsoft\Microsoft Defender
- C:\Windows\WindowsUpdate.log
- C:\Windows\Temp\MpCmdRun.log
- Registry exclusions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Defender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdBoot
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter
Note
If a Windows IoT Enterprise computer stops responding during Windows startup, see Windows doesn't start after you exclude UWF from Microsoft Defender for a workaround. This issue impacts:
- Windows 10 IoT Enterprise, version 21H1
- Windows 10 IoT Enterprise, version 21H2
- Windows 10 IoT Enterprise, version 22H1
- Windows 10 IoT Enterprise LTSC 2021
- Windows 11 IoT Enterprise
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisDrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend
Add support for System Center Endpoint Protection on UWF-protected devices
Add these exclusions to UWF:
- File exclusions
- C:\Program Files\Microsoft Security Client
- C:\Windows\Windowsupdate.log
- C:\Windows\Temp\Mpcmdrun.log
- C:\ProgramData\Microsoft\Microsoft Antimalware
- Registry exclusions
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware
Note
Windows 10 Enterprise does not include System Center Endpoint Protection. You can purchase licenses and install System Center Endpoint Protection independently.